Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

PC has become slow and mouse pointer stalls and freezes... pointer has


  • Please log in to reply

#1
jimxx7

jimxx7

    Member

  • Member
  • PipPip
  • 79 posts

PC has become slow and mouse pointer stalls and freezes... pointer has changed in appearance after 'upgrading' adobe reader. L am thinking of upgrade to WIN 10 but it was suggested that I clean up first

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-03-2017
Ran by Jim (administrator) on OWNER-PC (05-03-2017 12:16:28)
Running from C:\Users\Jim\Desktop
Loaded Profiles: UpdatusUser & Jim (Available Profiles: Owner & UpdatusUser & Jim)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
() C:\Program Files (x86)\Samsung\Digimax Viewer 2.0\STImgBrowser.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(CyberLink Corporation.) C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(WinZip) C:\Program Files\WinZip\WZUpdateNotifier.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-07-04] (NVIDIA Corporation)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-25] (CANON INC.)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2489456 2010-12-17] (VIA)
HKLM-x32\...\Run: [InstantBurn] => C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe [681256 2008-10-17] (CyberLink Corporation.)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [MDS_Menu] => C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-04-30] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl8] => C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-16] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-16] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2009-04-29] (cyberlink)
HKLM-x32\...\Run: [UpdatePPShortCut] => C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe [210216 2009-05-25] (CyberLink Corp.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-3716940813-2614047019-3014684930-1006\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2387968 2009-01-27] (Hewlett-Packard Company)
HKU\S-1-5-21-3716940813-2614047019-3014684930-1006\...\RunOnce: [Application Restart #1] => C:\Users\Jim\AppData\Local\Google\Chrome\Application\chrome.exe  --flag-switches-begin --flag-switches-end --restore-last-session -- hxxp://msg.edit.yahoo.com/config/reset_cookies?&.y=Y%3dv%3d1%26n%3d (the data entry has 650 more characters).
HKU\S-1-5-21-3716940813-2614047019-3014684930-1006\...\MountPoints2: {ea9ab89e-12a9-11e3-a6bd-6c626d1c8a0d} - L:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digimax Viewer 2.0.lnk [2013-03-31]
ShortcutTarget: Digimax Viewer 2.0.lnk -> C:\Program Files (x86)\Samsung\Digimax Viewer 2.0\STImgBrowser.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update Notifier.lnk [2017-02-23]
ShortcutTarget: Update Notifier.lnk -> C:\Program Files\WinZip\WZUpdateNotifier.exe (WinZip)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2017-02-23]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 61.9.195.193 61.9.194.49
Tcpip\..\Interfaces\{76815806-ADC5-4682-A3BF-DA909BCDA368}: [DhcpNameServer] 127.0.0.1
Tcpip\..\Interfaces\{BE7DBD9A-8CF5-45EE-BB99-67C2A1D540BB}: [DhcpNameServer] 61.9.195.193 61.9.194.49
 
Internet Explorer:
==================
HKU\S-1-5-21-3716940813-2614047019-3014684930-1006\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ninemsn.com.au/?ocid=iehp
SearchScopes: HKU\S-1-5-21-3716940813-2614047019-3014684930-1006 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKU\S-1-5-21-3716940813-2614047019-3014684930-1006 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYAU&apn_uid=8C5BCB5D-5324-48D8-9F63-47771BF8B5D8&apn_sauid=A39BE3C8-04E8-4499-B053-C91BE84780A0
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll => No File
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08] (CANON INC.)
BHO-x32: ReboundAlert -> {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} -> C:\Program Files (x86)\ReboundAlert\IE\common.dll [2013-02-22] (WebAppTech Coding, LLC)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-18] (Oracle Corporation)
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-18] (Oracle Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08] (CANON INC.)
Toolbar: HKU\S-1-5-21-3716940813-2614047019-3014684930-1006 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
 
FireFox:
========
FF HKU\S-1-5-21-3716940813-2614047019-3014684930-1003\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\ReboundAlert\Firefox
FF Extension: (ReboundAlert) - C:\Program Files (x86)\ReboundAlert\Firefox [2013-03-11] [not signed]
FF HKU\S-1-5-21-3716940813-2614047019-3014684930-1006\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\ReboundAlert\Firefox
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-04-15] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-18] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-06-21] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-06-21] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-09] (Google Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.search.ask.com/?gct=hp
CHR StartupUrls: Default -> "hxxp://isearch.avg.com?cid={420897B4-3090-4DA6-99C7-C4E35DF91734}&mid=cc1113bef9de47d091f4bd2b2bf863fe-10f8a1089b69b7ac31401cb1135c3307a3e569fa&lang=&ds=&coid=&cmpid=&pr=&d=&v=18.1.9.799&pid=avg&sg=&sap=hp"
CHR DefaultSearchURL: Default -> hxxp://www.search.ask.com/web?q={searchTerms}
CHR DefaultSearchKeyword: Default -> search.ask.com
CHR DefaultSuggestURL: Default -> hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\gcswf32.dll => No File
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll => No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Google Update) - C:\Users\Jim\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Profile: C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default [2017-03-05]
CHR Extension: (YouTube) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-08]
CHR Extension: (Google Search) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-08]
CHR Extension: (Gmail) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR Extension: (Chrome Media Router) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-08]
CHR HKLM\...\Chrome\Extension: [aaaaahlfahldnilidgnlikdckbfehhca] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3716940813-2614047019-3014684930-1006\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [afbcibndhffhhbokgpbpecjmejjcgcej] - C:\Users\Jim\AppData\Local\CRE\afbcibndhffhhbokgpbpecjmejjcgcej.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [aaaaahlfahldnilidgnlikdckbfehhca] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [afbcibndhffhhbokgpbpecjmejjcgcej] - C:\Users\Jim\AppData\Local\CRE\afbcibndhffhhbokgpbpecjmejjcgcej.crx <not found>
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [971160 2017-01-09] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5337600 2017-01-09] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1146128 2016-12-06] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [725976 2017-01-09] (AVG Technologies CZ, s.r.o.)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-06] ()
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-01-27] (Hewlett-Packard Company) [File not signed]
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [479840 2012-11-27] (Sony Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-07-17] () [File not signed]
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2010-12-14] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe /launchService [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 3xHybr64; C:\Windows\System32\DRIVERS\3xHybr64.sys [1345536 2010-01-19] (NXP Semiconductors Germany GmbH)
S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [31744 2012-07-20] (Google Inc)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [312576 2016-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [267008 2016-10-05] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [298240 2016-11-30] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [254208 2016-09-26] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [299264 2016-07-27] (AVG Technologies CZ, s.r.o.)
R0 avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.)
S3 BTHPORT; C:\Windows\System32\Drivers\BTHport.sys [552960 2012-02-17] (Microsoft Corporation) [File not signed]
R1 CLBStor; C:\Windows\System32\DRIVERS\CLBStor.sys [24560 2008-10-14] (Cyberlink Co.,Ltd.)
R2 CLBUDF; C:\Windows\System32\Drivers\CLBUDF.sys [371696 2008-10-14] (CyberLink Corporation.)
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-17] ()
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [146928 2009-04-16] (CyberLink Corp.)
S2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-05 11:58 - 2017-03-05 12:16 - 00019662 ____C C:\Users\Jim\Desktop\FRST.txt
2017-03-05 11:58 - 2017-03-05 11:58 - 00034158 ____C C:\Users\Jim\Desktop\Addition.txt
2017-03-05 11:57 - 2017-03-05 12:16 - 00000000 ___DC C:\FRST
2017-03-05 11:56 - 2017-03-05 11:53 - 02423296 ____C (Farbar) C:\Users\Jim\Desktop\FRST64.exe
2017-03-05 07:48 - 2017-03-05 07:48 - 00000000 __RDC C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures - Shortcut
2017-03-05 07:35 - 2017-03-05 07:57 - 00000000 ___DC C:\Program Files (x86)\Adobe
2017-03-01 23:26 - 2017-03-01 23:26 - 00000000 ___DC C:\Windows\pss
2017-02-23 21:59 - 2017-02-23 22:17 - 00001941 ___HC C:\Windows\EPMBatch.ept
2017-02-23 21:35 - 2017-02-23 21:35 - 00003508 ____C C:\Windows\System32\Tasks\WinZipBackGroundToolsTask
2017-02-23 21:35 - 2017-02-23 21:35 - 00003396 ____C C:\Windows\System32\Tasks\WinZip Update Notifier
2017-02-23 21:35 - 2017-02-23 21:35 - 00002347 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Update Notifier.lnk
2017-02-23 21:35 - 2017-02-23 21:35 - 00002324 ____C C:\ProgramData\Microsoft\Windows\Start Menu\WinZip Background Tools.lnk
2017-02-23 21:35 - 2017-02-23 21:35 - 00002294 ____C C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2017-02-23 21:35 - 2017-02-23 21:35 - 00002288 ____C C:\Users\Public\Desktop\WinZip.lnk
2017-02-23 21:35 - 2017-02-23 21:35 - 00000000 ___DC C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinZip 21.0
2017-02-23 21:35 - 2017-02-23 21:35 - 00000000 ___DC C:\Users\Jim\AppData\Local\WinZip
2017-02-23 21:35 - 2017-02-23 21:35 - 00000000 ___DC C:\ProgramData\WinZip
2017-02-23 21:35 - 2017-02-23 21:35 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip 21.0
2017-02-23 21:35 - 2017-02-23 21:35 - 00000000 ___DC C:\Program Files\WinZip
2017-02-23 21:33 - 2017-02-23 21:33 - 00000000 ___DC C:\Program Files (x86)\EaseUS
2017-02-23 19:53 - 2017-02-23 19:53 - 00000000 ___DC C:\Users\Jim\AppData\Roaming\Acronis
2017-02-23 14:48 - 2017-02-23 21:44 - 00007627 ____C C:\Users\Jim\AppData\Local\Resmon.ResmonCfg
2017-02-22 13:39 - 2017-02-22 13:39 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2017-02-11 21:31 - 2017-02-11 21:31 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2017-02-11 21:31 - 2017-02-11 21:31 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-02-11 13:12 - 2017-02-11 21:32 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2017-02-11 13:12 - 2017-02-11 21:32 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2017-02-11 13:12 - 2017-02-11 21:32 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2017-02-11 13:12 - 2017-02-11 21:31 - 02084864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-02-11 13:12 - 2017-02-11 21:31 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2017-02-11 13:12 - 2017-02-11 21:31 - 01414144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-02-11 13:12 - 2017-02-11 21:30 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2017-02-11 13:12 - 2017-02-11 21:30 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2017-02-11 13:12 - 2017-02-11 21:30 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2017-02-11 13:12 - 2017-02-11 21:30 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2017-02-11 13:12 - 2017-02-11 21:30 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2017-02-11 13:12 - 2017-02-11 21:30 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2017-02-11 13:12 - 2017-02-11 21:30 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2017-02-11 13:12 - 2017-02-11 21:30 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2017-02-11 13:12 - 2017-02-11 21:30 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2017-02-11 13:12 - 2017-02-11 21:30 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2017-02-11 13:12 - 2017-02-11 21:30 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2017-02-11 13:12 - 2017-02-11 21:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2017-02-11 13:12 - 2017-02-11 21:30 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2017-02-11 13:12 - 2017-02-11 21:30 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2017-02-11 13:12 - 2017-02-11 21:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2017-02-11 13:12 - 2017-02-11 21:30 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2017-02-11 13:12 - 2017-02-11 21:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2017-02-11 13:11 - 2017-02-11 21:29 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2017-02-11 13:11 - 2017-02-11 21:28 - 20302848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-02-11 13:11 - 2017-02-11 21:28 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-02-11 13:11 - 2017-02-11 21:28 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-02-11 13:11 - 2017-02-11 21:28 - 02287616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-02-11 13:11 - 2017-02-11 21:28 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-02-11 13:11 - 2017-02-11 21:28 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-02-11 13:11 - 2017-02-11 21:28 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2017-02-11 13:11 - 2017-02-11 21:28 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-02-11 13:11 - 2017-02-11 21:28 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-02-11 13:11 - 2017-02-11 21:28 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-02-11 13:11 - 2017-02-11 21:28 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-02-11 13:11 - 2017-02-11 21:28 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-02-11 13:11 - 2017-02-11 21:28 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-02-11 13:11 - 2017-02-11 21:28 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-02-11 13:11 - 2017-02-11 21:28 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-02-11 13:11 - 2017-02-11 21:28 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-02-11 13:11 - 2017-02-11 21:28 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-02-11 13:11 - 2017-02-11 21:28 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-02-11 13:11 - 2017-02-11 21:28 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-02-11 13:11 - 2017-02-11 21:28 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-02-11 13:11 - 2017-02-11 21:28 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-02-11 13:11 - 2017-02-11 21:28 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-02-11 13:11 - 2017-02-11 21:28 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-02-11 13:11 - 2017-02-11 21:28 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-02-11 13:11 - 2017-02-11 21:28 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-02-11 13:11 - 2017-02-11 21:28 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-02-11 13:11 - 2017-02-11 21:28 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-02-11 13:11 - 2017-02-11 21:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-02-11 13:11 - 2017-02-11 21:28 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-02-11 13:11 - 2017-02-11 21:28 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-02-11 13:11 - 2017-02-11 21:28 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-02-11 13:11 - 2017-02-11 21:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-02-11 13:11 - 2017-02-11 21:28 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-02-11 13:11 - 2017-02-11 21:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-02-11 13:11 - 2017-02-11 21:28 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-02-11 13:11 - 2017-02-11 21:28 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2017-02-11 13:11 - 2017-02-11 21:28 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-02-11 13:11 - 2017-02-11 21:28 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-02-11 13:11 - 2017-02-11 21:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-02-11 13:11 - 2017-02-11 21:25 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2017-02-11 13:11 - 2017-02-11 21:25 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 25759744 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 12574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2017-02-11 13:10 - 2017-02-11 21:28 - 12574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2017-02-11 13:10 - 2017-02-11 21:28 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 06049280 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-02-11 13:10 - 2017-02-11 21:28 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-02-11 13:10 - 2017-02-11 21:28 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-02-11 13:10 - 2017-02-11 21:28 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 03244032 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 03219456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-02-11 13:10 - 2017-02-11 21:28 - 03209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-02-11 13:10 - 2017-02-11 21:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-02-11 13:10 - 2017-02-11 21:28 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-02-11 13:10 - 2017-02-11 21:28 - 02023424 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 01178112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
2017-02-11 13:10 - 2017-02-11 21:28 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 01027584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10.IME
2017-02-11 13:10 - 2017-02-11 21:28 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2017-02-11 13:10 - 2017-02-11 21:28 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-02-11 13:10 - 2017-02-11 21:28 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2017-02-11 13:10 - 2017-02-11 21:28 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00680448 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2017-02-11 13:10 - 2017-02-11 21:28 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00633296 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2017-02-11 13:10 - 2017-02-11 21:28 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-02-11 13:10 - 2017-02-11 21:28 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00467392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2017-02-11 13:10 - 2017-02-11 21:28 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00457216 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
2017-02-11 13:10 - 2017-02-11 21:28 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00430080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imkr80.ime
2017-02-11 13:10 - 2017-02-11 21:28 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00419648 _____ C:\Windows\SysWOW64\locale.nls
2017-02-11 13:10 - 2017-02-11 21:28 - 00419648 _____ C:\Windows\system32\locale.nls
2017-02-11 13:10 - 2017-02-11 21:28 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-02-11 13:10 - 2017-02-11 21:28 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2017-02-11 13:10 - 2017-02-11 21:28 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe
2017-02-11 13:10 - 2017-02-11 21:28 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-02-11 13:10 - 2017-02-11 21:28 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-02-11 13:10 - 2017-02-11 21:28 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-02-11 13:10 - 2017-02-11 21:28 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-02-11 13:10 - 2017-02-11 21:28 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2017-02-11 13:10 - 2017-02-11 21:28 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00249344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2017-02-11 13:10 - 2017-02-11 21:28 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime
2017-02-11 13:10 - 2017-02-11 21:28 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime
2017-02-11 13:10 - 2017-02-11 21:28 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime
2017-02-11 13:10 - 2017-02-11 21:28 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime
2017-02-11 13:10 - 2017-02-11 21:28 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime
2017-02-11 13:10 - 2017-02-11 21:28 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime
2017-02-11 13:10 - 2017-02-11 21:28 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-02-11 13:10 - 2017-02-11 21:28 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-02-11 13:10 - 2017-02-11 21:28 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-02-11 13:10 - 2017-02-11 21:28 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-02-11 13:10 - 2017-02-11 21:28 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2017-02-11 13:10 - 2017-02-11 21:28 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime
2017-02-11 13:10 - 2017-02-11 21:28 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-02-11 13:10 - 2017-02-11 21:28 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2017-02-11 13:10 - 2017-02-11 21:28 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tintlgnt.ime
2017-02-11 13:10 - 2017-02-11 21:28 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quick.ime
2017-02-11 13:10 - 2017-02-11 21:28 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qintlgnt.ime
2017-02-11 13:10 - 2017-02-11 21:28 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\phon.ime
2017-02-11 13:10 - 2017-02-11 21:28 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cintlgnt.ime
2017-02-11 13:10 - 2017-02-11 21:28 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chajei.ime
2017-02-11 13:10 - 2017-02-11 21:28 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2017-02-11 13:10 - 2017-02-11 21:28 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2017-02-11 13:10 - 2017-02-11 21:28 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-02-11 13:10 - 2017-02-11 21:28 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2017-02-11 13:10 - 2017-02-11 21:28 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-02-11 13:10 - 2017-02-11 21:28 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2017-02-11 13:10 - 2017-02-11 21:28 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pintlgnt.ime
2017-02-11 13:10 - 2017-02-11 21:28 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2017-02-11 13:10 - 2017-02-11 21:28 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2017-02-11 13:10 - 2017-02-11 21:28 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-02-11 13:10 - 2017-02-11 21:28 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-02-11 13:10 - 2017-02-11 21:28 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2017-02-11 13:10 - 2017-02-11 21:28 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2017-02-11 13:10 - 2017-02-11 21:28 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-02-11 13:10 - 2017-02-11 21:28 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-02-11 13:10 - 2017-02-11 21:28 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-02-11 13:10 - 2017-02-11 21:28 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2017-02-11 13:10 - 2017-02-11 21:28 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2017-02-11 13:10 - 2017-02-11 21:28 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-02-11 13:10 - 2017-02-11 21:28 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
2017-02-11 13:10 - 2017-02-11 21:28 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe
2017-02-11 13:10 - 2017-02-11 21:28 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2017-02-11 13:10 - 2017-02-11 21:28 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2017-02-11 13:10 - 2017-02-11 21:28 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-02-11 13:10 - 2017-02-11 21:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2017-02-11 13:10 - 2017-02-11 21:28 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2017-02-11 13:10 - 2017-02-11 21:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-02-11 13:10 - 2017-02-11 21:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2017-02-11 13:10 - 2017-02-11 21:25 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2017-02-11 13:10 - 2017-02-11 21:25 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2017-02-11 13:09 - 2017-02-11 21:28 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-02-11 13:09 - 2017-02-11 21:28 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-02-11 13:09 - 2017-02-11 21:28 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-02-11 13:09 - 2017-02-11 21:28 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-02-11 13:09 - 2017-02-11 21:28 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-02-11 13:09 - 2017-02-11 21:28 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-02-11 13:09 - 2017-02-11 21:28 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-02-11 13:09 - 2017-02-11 21:28 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-02-11 13:09 - 2017-02-11 21:28 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-02-11 13:09 - 2017-02-11 21:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2017-02-11 13:09 - 2017-02-11 21:28 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2017-02-11 13:09 - 2017-02-11 21:28 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-02-11 13:09 - 2017-02-11 21:28 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-02-11 13:09 - 2017-02-11 21:28 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-02-11 13:09 - 2017-02-11 21:28 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-02-11 13:09 - 2017-02-11 21:28 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2017-02-11 13:09 - 2017-02-11 21:28 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2017-02-11 13:09 - 2017-02-11 21:25 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2017-02-11 13:09 - 2017-02-11 21:25 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2017-02-11 13:09 - 2017-02-11 21:25 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2017-02-11 13:09 - 2017-02-11 21:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2017-02-11 13:09 - 2017-02-11 21:25 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2017-02-11 13:09 - 2017-02-11 21:25 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2017-02-11 13:09 - 2017-02-11 21:25 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2017-02-11 13:09 - 2017-02-11 21:25 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2017-02-11 13:09 - 2017-02-11 21:25 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2017-02-11 13:09 - 2017-02-11 21:25 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2017-02-11 13:09 - 2017-02-11 21:25 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2017-02-11 13:09 - 2017-02-11 21:25 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2017-02-11 13:09 - 2017-02-11 21:25 - 01026048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2017-02-11 13:09 - 2017-02-11 21:25 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2017-02-11 13:09 - 2017-02-11 21:25 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2017-02-11 13:09 - 2017-02-11 21:25 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2017-02-11 13:09 - 2017-02-11 21:25 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2017-02-11 13:09 - 2017-02-11 21:25 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2017-02-11 13:09 - 2017-02-11 21:25 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2017-02-11 13:09 - 2017-02-11 21:25 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2017-02-11 13:09 - 2017-02-11 21:25 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2017-02-11 13:09 - 2017-02-11 21:25 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2017-02-11 13:09 - 2017-02-11 21:25 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2017-02-11 13:09 - 2017-02-11 21:25 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2017-02-11 13:09 - 2017-02-11 21:25 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2017-02-11 13:09 - 2017-02-11 21:25 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2017-02-11 13:09 - 2017-02-11 21:25 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2017-02-11 13:09 - 2017-02-11 21:25 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2017-02-11 13:09 - 2017-02-11 21:25 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2017-02-11 13:09 - 2017-02-11 21:25 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2017-02-11 13:09 - 2017-02-11 21:25 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2017-02-11 13:09 - 2017-02-11 21:25 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2017-02-11 13:09 - 2017-02-11 21:25 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2017-02-11 13:09 - 2017-02-11 21:25 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2017-02-11 13:09 - 2017-02-11 21:25 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2017-02-11 13:09 - 2017-02-11 21:25 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2017-02-11 13:09 - 2017-02-11 21:25 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2017-02-11 13:09 - 2017-02-11 21:25 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2017-02-11 13:09 - 2017-02-11 21:25 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2017-02-11 13:09 - 2017-02-11 21:25 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2017-02-11 13:09 - 2017-02-11 21:25 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2017-02-11 13:09 - 2017-02-11 21:25 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2017-02-11 13:09 - 2017-02-11 21:25 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2017-02-11 13:09 - 2017-02-11 21:25 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2017-02-11 13:09 - 2017-02-11 21:25 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2017-02-11 13:09 - 2017-02-11 21:25 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2017-02-11 13:09 - 2017-02-11 21:25 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2017-02-11 13:09 - 2017-02-11 21:25 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2017-02-11 13:09 - 2017-02-11 21:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2017-02-11 13:09 - 2017-02-11 21:25 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2017-02-11 13:09 - 2017-02-11 21:25 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll
2017-02-11 13:09 - 2017-02-11 21:24 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2017-02-11 13:09 - 2017-02-11 21:24 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2017-02-11 13:09 - 2017-02-11 21:24 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2017-02-11 13:09 - 2017-02-11 21:24 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2017-02-11 13:09 - 2015-12-09 06:07 - 01393152 ____C (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll
2017-02-11 13:09 - 2015-12-09 06:07 - 00378880 ____C (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2017-02-11 13:09 - 2015-12-09 05:54 - 00116736 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2017-02-11 13:09 - 2015-12-09 05:12 - 00230400 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2017-02-11 13:09 - 2015-12-09 05:11 - 00005632 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2017-02-11 11:22 - 2017-02-11 21:25 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2017-02-11 11:22 - 2017-02-11 21:25 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2017-02-11 11:22 - 2017-02-11 21:25 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2017-02-10 18:07 - 2017-02-11 01:12 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-02-10 18:07 - 2017-02-11 01:05 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2017-02-10 18:07 - 2017-02-11 01:05 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2017-02-10 18:07 - 2017-02-11 01:03 - 00483840 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2017-02-10 18:07 - 2017-02-11 01:03 - 00363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2017-02-10 18:07 - 2017-02-11 01:02 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2017-02-10 18:07 - 2017-02-11 01:02 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2017-02-10 18:02 - 2017-02-11 01:12 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2017-02-10 18:02 - 2017-02-11 01:12 - 00344576 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2017-02-10 18:02 - 2017-02-11 01:12 - 00297472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2017-02-10 18:02 - 2017-02-11 01:12 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2017-02-10 18:02 - 2017-02-11 01:12 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
2017-02-10 18:02 - 2017-02-11 01:12 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2017-02-10 18:02 - 2017-02-11 01:12 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
2017-02-10 18:02 - 2017-02-11 01:12 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
2017-02-10 18:02 - 2017-02-11 01:04 - 01896168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-02-10 18:02 - 2017-02-11 01:04 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2017-02-10 18:02 - 2017-02-11 01:04 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2017-02-10 18:02 - 2017-02-11 01:04 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2017-02-10 18:02 - 2017-02-11 01:04 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2017-02-10 18:02 - 2017-02-11 01:04 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2017-02-10 18:02 - 2017-02-11 01:04 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-02-10 18:02 - 2017-02-11 01:04 - 00296448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2017-02-10 18:02 - 2017-02-11 01:04 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2017-02-10 18:02 - 2017-02-11 01:04 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2017-02-10 18:02 - 2017-02-11 01:03 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2017-02-10 18:02 - 2017-02-11 01:03 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2017-02-10 18:02 - 2017-02-11 01:03 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2017-02-10 18:02 - 2017-02-11 01:03 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2017-02-10 18:02 - 2017-02-11 01:03 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2017-02-10 18:02 - 2017-02-11 01:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2017-02-10 18:02 - 2017-02-11 01:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2017-02-10 18:02 - 2017-02-11 01:02 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2017-02-10 18:02 - 2017-02-11 01:02 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2017-02-10 18:02 - 2017-02-11 01:02 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2017-02-10 18:02 - 2017-02-11 01:02 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2017-02-10 18:02 - 2017-02-11 01:02 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2017-02-10 18:02 - 2017-02-11 01:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2017-02-10 18:02 - 2016-08-17 07:40 - 00343552 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2017-02-10 18:02 - 2016-08-17 07:40 - 00327168 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2017-02-10 18:02 - 2016-08-17 07:40 - 00099840 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2017-02-10 18:02 - 2016-08-17 07:40 - 00030720 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2017-02-10 18:02 - 2016-08-17 07:40 - 00025600 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2017-02-10 18:02 - 2016-08-17 07:40 - 00007808 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2017-02-10 18:02 - 2016-01-21 11:51 - 00073664 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2017-02-10 18:01 - 2017-02-11 01:01 - 02004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2017-02-10 18:01 - 2017-02-11 01:01 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2017-02-10 18:01 - 2017-02-11 01:01 - 00794624 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2017-02-10 18:01 - 2017-02-11 01:01 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2017-02-10 18:01 - 2017-02-11 01:01 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2017-02-10 18:01 - 2017-02-11 01:01 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2017-02-10 18:01 - 2017-02-11 01:01 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2017-02-10 18:01 - 2017-02-11 01:01 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2017-02-10 18:01 - 2017-02-11 01:01 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2017-02-10 18:01 - 2017-02-11 01:01 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2017-02-10 18:01 - 2017-02-11 01:01 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2017-02-10 18:01 - 2017-02-11 01:01 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2017-02-10 18:01 - 2017-02-11 01:01 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2017-02-10 18:01 - 2017-02-11 01:01 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
2017-02-10 18:01 - 2017-02-11 01:01 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2017-02-10 18:01 - 2017-02-11 01:01 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2017-02-10 18:01 - 2017-02-11 01:01 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2017-02-10 18:01 - 2017-02-11 01:01 - 00070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipsec.dll
2017-02-10 18:01 - 2017-02-11 01:01 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2017-02-10 18:01 - 2017-02-11 01:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2017-02-10 18:01 - 2017-02-11 01:01 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2017-02-10 18:01 - 2017-02-11 01:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2017-02-10 18:01 - 2017-02-11 01:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2017-02-09 20:27 - 2017-02-09 20:49 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2017-02-09 20:27 - 2017-02-09 20:49 - 00511488 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2017-02-09 20:25 - 2017-02-11 01:01 - 14183424 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-02-09 20:25 - 2017-02-11 01:01 - 12880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-02-09 20:25 - 2017-02-11 01:01 - 03229696 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2017-02-09 20:25 - 2017-02-11 01:01 - 02972672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2017-02-09 20:25 - 2017-02-11 01:01 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-02-09 20:25 - 2017-02-11 01:01 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-02-09 20:25 - 2017-02-11 01:00 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2017-02-09 20:25 - 2017-02-10 17:55 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2017-02-09 20:25 - 2017-02-10 17:55 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2017-02-09 20:25 - 2017-02-09 20:48 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2017-02-09 20:25 - 2017-02-09 20:48 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2017-02-09 20:25 - 2017-02-09 20:48 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2017-02-09 20:25 - 2017-02-09 20:48 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2017-02-09 20:25 - 2017-02-09 20:48 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2017-02-09 20:25 - 2017-02-09 20:48 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2017-02-09 18:53 - 2017-02-09 20:49 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2017-02-09 18:53 - 2017-02-09 20:49 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2017-02-09 18:53 - 2017-02-09 20:49 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2017-02-09 18:53 - 2017-02-09 20:49 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2017-02-09 18:53 - 2017-02-09 20:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
2017-02-09 18:53 - 2017-02-09 20:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
2017-02-09 18:53 - 2017-02-09 20:49 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2017-02-09 18:53 - 2017-02-09 20:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
2017-02-09 18:52 - 2017-02-11 01:13 - 01885696 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-02-09 18:52 - 2017-02-11 01:13 - 01240576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2017-02-09 18:52 - 2017-02-11 01:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2017-02-09 18:52 - 2017-02-11 01:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2017-02-09 18:52 - 2017-02-11 01:06 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-02-09 18:52 - 2017-02-11 01:06 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2017-02-09 18:52 - 2017-02-11 01:06 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-02-09 18:52 - 2017-02-11 01:06 - 00249352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2017-02-09 18:52 - 2017-02-11 01:06 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-02-09 18:52 - 2017-02-09 20:48 - 01684416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-02-09 18:51 - 2017-02-09 20:48 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2017-02-09 18:51 - 2017-02-09 20:48 - 00316416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2017-02-09 01:18 - 2017-02-11 01:07 - 01632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2017-02-09 01:18 - 2017-02-11 01:07 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2017-02-09 01:18 - 2017-02-11 01:07 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2017-02-09 01:18 - 2017-02-11 01:07 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2017-02-09 01:18 - 2017-02-11 01:06 - 01629184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-02-09 01:18 - 2017-02-11 01:06 - 01226752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-02-09 01:18 - 2017-02-11 01:06 - 00586752 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-02-09 01:18 - 2017-02-11 01:06 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-02-09 01:18 - 2017-02-11 01:06 - 00451080 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2017-02-09 01:18 - 2017-02-11 01:06 - 00314368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-02-09 01:18 - 2017-02-11 01:06 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-02-09 01:18 - 2017-02-11 01:06 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-02-09 01:18 - 2017-02-11 01:06 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-02-09 01:18 - 2017-02-11 01:06 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2017-02-09 01:18 - 2017-02-11 01:06 - 00077032 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-02-09 01:18 - 2017-02-11 01:06 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll
2017-02-09 01:18 - 2017-02-11 01:06 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tbs.dll
2017-02-09 01:18 - 2017-02-09 20:49 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-02-09 01:18 - 2017-02-09 20:49 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-02-09 01:18 - 2017-02-09 20:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-02-09 01:17 - 2017-02-11 21:25 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2017-02-09 01:17 - 2017-02-11 21:25 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2017-02-09 01:17 - 2017-02-11 21:25 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2017-02-09 01:17 - 2017-02-11 01:05 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2017-02-09 01:17 - 2017-02-11 01:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2017-02-09 01:17 - 2017-02-11 01:05 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2017-02-09 01:17 - 2017-02-11 01:04 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2017-02-09 01:17 - 2017-02-11 01:04 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-02-09 00:35 - 2017-02-09 00:35 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2017-02-09 00:35 - 2017-02-08 22:38 - 00001060 ____C C:\Users\Public\Desktop\AVG.lnk
2017-02-09 00:34 - 2017-03-05 11:31 - 00003600 ____C C:\Windows\System32\Tasks\AVG EUpdate Task
2017-02-09 00:34 - 2017-02-09 00:36 - 00000000 ___DC C:\ProgramData\Avg
2017-02-09 00:30 - 2017-03-05 07:35 - 00004476 ____C C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-02-08 23:13 - 2017-02-08 23:13 - 00002278 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-08 23:13 - 2017-02-08 23:13 - 00002266 ____C C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-08 22:40 - 2017-02-08 22:40 - 00000000 ___DC C:\Users\Jim\AppData\Roaming\AVG
2017-02-08 22:40 - 2017-02-08 22:40 - 00000000 ___DC C:\Users\Jim\AppData\Local\GWX
2017-02-08 22:38 - 2017-02-08 23:40 - 00000000 ___DC C:\Users\Jim\AppData\Local\Avg
2017-02-08 22:38 - 2017-02-08 22:38 - 00000000 ___DC C:\Users\Jim\AppData\Local\CEF
2017-02-08 22:36 - 2017-02-08 22:36 - 00000000 ___DC C:\Program Files\Common Files\AV
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-05 11:21 - 2013-07-19 22:57 - 00000000 ___DC C:\ProgramData\CanonIJPLM
2017-03-05 10:38 - 2012-07-07 10:37 - 00000000 ___DC C:\ProgramData\MFAData
2017-03-05 10:36 - 2009-07-14 16:13 - 00006214 ____C C:\Windows\system32\PerfStringBackup.INI
2017-03-05 10:29 - 2009-07-14 15:45 - 00028720 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-05 10:29 - 2009-07-14 15:45 - 00028720 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-05 07:58 - 2012-07-03 14:49 - 00000000 ___DC C:\Windows\SysWOW64\Macromed
2017-03-05 07:58 - 2012-07-03 14:49 - 00000000 ___DC C:\Windows\system32\Macromed
2017-03-05 07:35 - 2012-09-08 21:46 - 00000000 ___DC C:\ProgramData\Adobe
2017-03-05 07:12 - 2012-07-09 19:55 - 00000000 ___DC C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
2017-03-05 07:12 - 2012-07-03 17:18 - 00000000 ___DC C:\ProgramData\NVIDIA
2017-03-05 07:12 - 2009-07-14 16:08 - 00000006 ___HC C:\Windows\Tasks\SA.DAT
2017-03-01 23:31 - 2012-07-07 10:29 - 00000000 ___DC C:\ProgramData\Yahoo!
2017-03-01 23:31 - 2012-07-07 10:28 - 00000000 ___DC C:\Program Files (x86)\Yahoo!
2017-03-01 23:26 - 2012-12-29 21:09 - 00000000 ___DC C:\Users\Jim\AppData\Local\ElevatedDiagnostics
2017-03-01 18:22 - 2009-07-14 14:20 - 00000000 ___DC C:\Windows\inf
2017-02-28 16:27 - 2012-06-01 11:13 - 00000000 ___DC C:\Windows\Panther
2017-02-25 01:49 - 2013-08-16 02:04 - 00000000 ___DC C:\Windows\system32\MRT
2017-02-25 01:48 - 2012-07-10 01:06 - 138020592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-02-23 23:27 - 2012-07-10 20:33 - 00000000 ___DC C:\Users\Jim\AppData\Local\Microsoft Games
2017-02-23 19:53 - 2012-07-08 23:53 - 00001222 ____C C:\Users\Public\Desktop\Acronis True Image Home 2010.lnk
2017-02-22 13:39 - 2014-12-13 20:36 - 00002151 ____C C:\Users\Public\Desktop\Google Earth.lnk
2017-02-22 13:39 - 2014-12-13 20:35 - 00000000 ___DC C:\Program Files (x86)\Google
2017-02-22 07:28 - 2012-07-09 20:04 - 00000000 ___DC C:\Users\Jim\AppData\Local\Google
2017-02-12 08:44 - 2009-07-14 15:57 - 00001547 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-02-12 08:43 - 2009-07-14 15:45 - 00352528 ____C C:\Windows\system32\FNTCACHE.DAT
2017-02-12 08:42 - 2009-07-14 14:20 - 00000000 ___DC C:\Windows\SysWOW64\Dism
2017-02-12 08:42 - 2009-07-14 14:20 - 00000000 ___DC C:\Windows\system32\Dism
2017-02-12 08:42 - 2009-07-14 14:20 - 00000000 ___DC C:\Windows\PolicyDefinitions
2017-02-11 21:28 - 2015-05-15 19:55 - 00546656 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2017-02-11 21:28 - 2015-01-14 19:02 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2017-02-11 11:15 - 2014-12-12 21:44 - 00000000 ___DC C:\Windows\system32\appraiser
2017-02-11 11:15 - 2014-05-07 04:00 - 00000000 __SDC C:\Windows\system32\CompatTel
2017-02-11 11:15 - 2012-08-04 11:28 - 00000000 ___DC C:\Program Files\Microsoft Silverlight
2017-02-11 11:15 - 2012-08-04 11:28 - 00000000 ___DC C:\Program Files (x86)\Microsoft Silverlight
2017-02-11 01:03 - 2012-08-04 11:28 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-02-09 17:24 - 2012-10-27 21:54 - 00000000 ___DC C:\Windows\Minidump
2017-02-09 17:24 - 2009-07-14 14:20 - 00000000 ___DC C:\Windows\system32\Msdtc
2017-02-09 01:13 - 2012-07-03 17:18 - 00000000 ___DC C:\Users\UpdatusUser
2017-02-09 00:32 - 2014-12-13 20:35 - 00003330 ____C C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-02-09 00:32 - 2014-12-13 20:35 - 00003202 ____C C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-02-09 00:30 - 2012-07-09 19:55 - 00000000 __RDC C:\Users\Jim
2017-02-08 22:39 - 2014-10-18 18:15 - 00000000 ___DC C:\ProgramData\AVG2015
2017-02-08 22:39 - 2012-07-07 10:41 - 00000000 ___DC C:\Program Files (x86)\AVG
2017-02-08 22:36 - 2014-04-01 19:37 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-02-08 22:36 - 2012-07-07 10:41 - 00000000 __HDC C:\$AVG
 
==================== Files in the root of some directories =======
 
2012-07-22 15:59 - 2012-07-22 15:59 - 0027520 ____C () C:\Users\Jim\AppData\Local\dt.dat
2017-02-23 14:48 - 2017-02-23 21:44 - 0007627 ____C () C:\Users\Jim\AppData\Local\Resmon.ResmonCfg
2012-05-31 17:33 - 2012-05-31 17:33 - 0000109 ____C () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2012-05-31 17:32 - 2012-05-31 17:33 - 0000106 ____C () C:\ProgramData\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}.log
2012-05-31 17:31 - 2012-05-31 17:32 - 0000105 ____C () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2012-05-31 17:29 - 2012-05-31 17:31 - 0000106 ____C () C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log
2012-05-31 17:33 - 2012-05-31 17:33 - 0000110 ____C () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log
2012-05-31 17:28 - 2012-05-31 17:29 - 0000107 ____C () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
 
Some files in TEMP:
====================
2009-09-12 00:04 - 2009-09-12 00:04 - 0455944 ___RC (Macrovision Corporation) C:\Users\Jim\AppData\Local\Temp\_is4D2B.exe
2012-07-07 10:41 - 2012-07-07 10:41 - 0247808 ____C (AVG Technologies CZ, s.r.o.) C:\Users\Owner\AppData\Local\Temp\avguidx.dll
2012-07-07 10:41 - 2012-07-07 10:41 - 2740320 ____C () C:\Users\Owner\AppData\Local\Temp\CommonInstaller.exe
2012-07-03 14:48 - 2010-02-26 11:45 - 0080896 ____C (Microsoft Corporation) C:\Users\Owner\AppData\Local\Temp\devcon.exe
2012-07-07 10:41 - 2012-07-07 10:41 - 0692224 ____C () C:\Users\Owner\AppData\Local\Temp\iGearedHelper.dll
2012-07-07 10:41 - 2012-07-07 10:41 - 0163936 ____C () C:\Users\Owner\AppData\Local\Temp\MachineIdCreator.exe
2012-07-07 10:41 - 2012-07-07 10:41 - 10249824 ____C () C:\Users\Owner\AppData\Local\Temp\oi_{A21D0A24-CBD5-44CA-9A4A-76DCD9FA8314}.exe
2012-07-07 10:41 - 2012-07-07 10:41 - 7112288 ____C () C:\Users\Owner\AppData\Local\Temp\ToolbarInstaller.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2012-07-03 15:55
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-03-2017
Ran by Jim (05-03-2017 12:16:41)
Running from C:\Users\Jim\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-07-03 03:17:07)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3716940813-2614047019-3014684930-500 - Administrator - Disabled)
Guest (S-1-5-21-3716940813-2614047019-3014684930-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3716940813-2614047019-3014684930-1008 - Limited - Enabled)
Jim (S-1-5-21-3716940813-2614047019-3014684930-1006 - Administrator - Enabled) => C:\Users\Jim
Owner (S-1-5-21-3716940813-2614047019-3014684930-1002 - Administrator - Enabled) => C:\Users\Owner
UpdatusUser (S-1-5-21-3716940813-2614047019-3014684930-1003 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acronis True Image Home (HKLM-x32\...\{67ED38A3-4882-448B-B44D-3428AB00D7D5}) (Version: 13.0.7154 - Acronis)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.10.0.0 - Asmedia Technology)
AVG (HKLM\...\AvgZen) (Version: 1.113.2.50020 - AVG Technologies)
AVG (Version: 16.141.7998 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4756 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.141.7998 - AVG Technologies)
AVG Zen (Version: 1.113.1 - AVG Technologies) Hidden
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Canon MG5100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series) (Version:  - )
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
CyberLink BD Advisor 2.0 (HKLM-x32\...\{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}) (Version:  - )
CyberLink Blu-ray Disc Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2604 - CyberLink Corp.)
CyberLink InstantBurn (HKLM-x32\...\{19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}) (Version: 5.0.4617 - CyberLink Corp.)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1720 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 4.1.3117 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.2918 - CyberLink Corp.)
CyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.2815b - CyberLink Corp.)
CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.1.1111 - CyberLink Corp.)
Digimax V (HKLM-x32\...\{FC483A2D-E281-4282-94F8-A4C2E7CCD687}) (Version:  - )
Digimax Viewer 2.0 (HKLM-x32\...\{9EE54C1F-FC99-44D6-916A-0CA2D45E740F}) (Version:  - )
Etron USB3.0 Host Controller (x32 Version: 0.105 - Etron Technology) Hidden
Flash Player Pro V5.4 (HKLM-x32\...\Flash Player Pro_is1) (Version:  - FlashPlayerPro.com)
FMW 1 (Version: 1.143.3 - AVG Technologies) Hidden
G3 Manager (HKLM-x32\...\{8D9E93D2-049D-4E9D-B263-13216E20EF1F}) (Version: 1.00.0000 - )
G3 Manager (x32 Version: 1.00.0000 - DECA System) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
LightScribe System Software (HKLM-x32\...\{4A9849CA-E11C-4F24-8BB1-97C717A1C898}) (Version: 1.18.1.1 - LightScribe)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NavDesk 2009 (HKLM-x32\...\{F5F1B66A-F117-427C-98C7-D4732F49BEBF}) (Version: 6.20.211 - Navman Technologies NZ Ltd)
NVIDIA 3D Vision Controller Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 320.49 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 320.49 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.5.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.5.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.49 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.24.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.24.2 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0604 - NVIDIA Corporation)
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
PlayMemories Home (HKLM-x32\...\{1E5C7043-09C5-4974-A69F-A5271FD82BBC}) (Version: 7.0.00.11271 - Sony Corporation)
Ralink RT2870 Wireless LAN Card (HKLM-x32\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0E}) (Version: 3.1.4.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.43.321.2011 - Realtek)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6409 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6449 - Realtek Semiconductor Corp.)
ReboundAlert (HKLM-x32\...\ReboundAlert) (Version: 2.5.86 - WebAppTech Coding, LLC)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.28.1 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.28.1 - Renesas Electronics Corporation) Hidden
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.13.2.14 - Client Connect LTD) <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WinFast Multimedia Driver Installation  (HKLM-x32\...\{418EC9DD-25EE-4C3F-8827-B7AA9B26405B}) (Version:  - Multimedia)
WinZip 21.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2410D}) (Version: 21.0.12288 - WinZip Computing, S.L. )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3716940813-2614047019-3014684930-1006_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Jim\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3716940813-2614047019-3014684930-1006_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Jim\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3716940813-2614047019-3014684930-1006_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Jim\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3716940813-2614047019-3014684930-1006_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Jim\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3716940813-2614047019-3014684930-1006_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Jim\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3716940813-2614047019-3014684930-1006_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll ()
CustomCLSID: HKU\S-1-5-21-3716940813-2614047019-3014684930-1006_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Jim\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3716940813-2614047019-3014684930-1006_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Jim\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {05E55333-2A96-4E22-8524-98635A13FD93} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe 
Task: {4B6577FD-6D5A-4A15-BCFB-D14DE25CAE7F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {711EB444-D5AF-41FB-861C-608E26CC732F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-09] (Google Inc.)
Task: {763CBF87-73CE-4B75-AF12-26C10BA5D7E1} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe 
Task: {7951D8AF-6AEB-408C-BBF1-2813805CDD21} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3716940813-2614047019-3014684930-1006
Task: {9BDC1E02-C8CC-4911-AC9B-CAB731431538} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-09] (Google Inc.)
Task: {E12638C1-0E7A-4791-A9E4-C87A251E85BA} - System32\Tasks\WinZip Update Notifier => C:\Program Files\WinZip\WZUpdateNotifier.exe [2017-02-13] (WinZip)
Task: {F6FF76A7-C9C3-4BE0-B6EB-DCF21C2E49DD} - System32\Tasks\WinZipBackGroundToolsTask => C:\Program Files\WinZip\WzBGTools.exe [2017-02-13] (WinZip Computing, S.L.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\Public\Desktop\Windows Recovery Activation.lnk -> C:\Windows\oem\boottore.bat ()
 
==================== Loaded Modules (Whitelisted) ==============
 
2012-07-03 17:18 - 2013-06-21 21:23 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-07-19 23:03 - 2010-04-06 06:55 - 00116104 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2012-05-31 17:31 - 2009-07-17 18:13 - 00244904 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2013-03-31 01:52 - 2003-03-20 11:53 - 00626688 _____ () C:\Program Files (x86)\Samsung\Digimax Viewer 2.0\STImgBrowser.exe
2009-01-27 22:37 - 2009-01-27 22:37 - 02023424 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2009-01-27 22:37 - 2009-01-27 22:37 - 07331840 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2009-01-27 22:37 - 2009-01-27 22:37 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2013-03-31 01:52 - 1998-11-20 18:44 - 00051712 _____ () C:\Program Files (x86)\Samsung\Digimax Viewer 2.0\Stwa.dll
2013-03-31 01:52 - 2003-01-22 21:21 - 00253952 _____ () C:\Program Files (x86)\Samsung\Digimax Viewer 2.0\impexp97.dll
2013-03-31 01:52 - 1999-07-05 19:07 - 00223232 _____ () C:\Program Files (x86)\Samsung\Digimax Viewer 2.0\Stwablt.dll
2013-03-31 01:52 - 1996-11-14 11:26 - 00079872 _____ () C:\Program Files (x86)\Samsung\Digimax Viewer 2.0\STXFORM.dll
2013-03-31 01:52 - 1999-04-27 11:22 - 00107520 _____ () C:\Program Files (x86)\Samsung\Digimax Viewer 2.0\Stfrg.dll
2013-03-31 01:52 - 1999-09-20 21:12 - 00133632 _____ () C:\Program Files (x86)\Samsung\Digimax Viewer 2.0\Stapi.dll
2012-05-31 17:28 - 2007-04-10 16:01 - 08357424 _____ () C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\res.dll
2009-04-30 12:05 - 2009-04-30 12:05 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-04-30 12:08 - 2009-04-30 12:08 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2017-02-09 00:34 - 2017-02-09 00:34 - 48920064 ____C () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 13:34 - 2017-03-01 23:30 - 00000826 ___AC C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3716940813-2614047019-3014684930-1006\Control Panel\Desktop\\Wallpaper -> C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 61.9.195.193 - 61.9.194.49
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: CanonSolutionMenuEx => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
MSCONFIG\startupreg: EaseUS Cleanup => "C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.10\bin\CleanUpUI.exe" 10 300
MSCONFIG\startupreg: EaseUS EPM tray => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.10\bin\EpmNews.exe
MSCONFIG\startupreg: EaseUS EPM Tray Agent => "C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.10\bin\TrayPopupE\TrayTipAgentE.exe"
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
MSCONFIG\startupreg: TrueImageMonitor.exe => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{3FDD206B-70EF-42DC-BF05-FB68BEE467F4}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD8\PowerDVD8.EXE
FirewallRules: [{83AD98D0-C0DC-4526-B4E8-E36788D6C101}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{8C8D588B-631E-406C-9C69-613C726A3280}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [TCP Query User{FFBFFE18-2552-4021-B8E7-C106E254F5D2}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{853F05DD-CB0A-40A9-BB68-9B597D2AC73C}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{0BFC4093-7021-451F-8547-EFB9AD1F072E}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{A209B7FF-CF96-4491-AB6F-9B877B8C41F3}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{1C0DFD0E-26A3-48F0-B7B6-0A3126836062}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{19D29B2A-4450-4591-B92A-BA100A7E6778}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{AAF34BC1-5095-47F0-8BD4-C0DCB3B4A812}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{9CB0DF80-9AB7-4FF6-B7CC-A878B4098F9F}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{0AE3CED2-1BD4-4CD5-8940-B5A265D1D94E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{7B4AD209-9201-4C9E-8035-5BF515C45DF1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{6B8ADDFB-8329-4925-B55D-C7BE94BC5607}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{B878C2F8-4675-4661-94C7-19816DA19034}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{995AB49C-B5EC-4BC8-BEE0-14E6FC800291}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{B1DFFE23-5147-42CF-AA8C-3E640C013FB2}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{4BAE81ED-4DCE-4ADC-AA1C-9A053EAA3D05}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{E8A878EE-6577-48AF-BAF1-37D0F6FE0E8C}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{8760E483-EBE7-433B-8759-C6218D8575D8}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{63CA2404-B5ED-448A-A7F8-9331422BF559}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{3390EE9C-8F76-424A-9C03-19FB867EF1D1}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{6D158F5B-B6D7-4E12-A558-5568EE41AF18}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{538B1B5B-46C8-48A8-AA62-F8EA4D1872DF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
Name: AODDriver4.01
Description: AODDriver4.01
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: AODDriver4.01
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/05/2017 10:36:39 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (03/05/2017 10:36:39 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (03/05/2017 07:56:58 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Removed Adobe Acrobat Reader DC.; Error = 0x80070422).
 
Error: (03/05/2017 07:56:56 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Removed Adobe Acrobat Reader DC.; Error = 0x80070422).
 
Error: (03/05/2017 07:17:04 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (03/05/2017 07:17:04 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (03/05/2017 07:14:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (03/04/2017 07:54:24 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (03/04/2017 07:54:24 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (03/04/2017 07:49:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
 
System errors:
=============
Error: (03/05/2017 07:38:35 AM) (Source: nvlddmkm) (EventID: 14) (User: )
Description: Event-ID 14
 
Error: (03/05/2017 07:12:50 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
Access is denied.
 
Error: (03/05/2017 07:12:45 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
Access is denied.
 
Error: (03/05/2017 07:12:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.01 service failed to start due to the following error: 
The system cannot find the path specified.
 
Error: (03/05/2017 07:12:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AMD FUEL Service service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (03/04/2017 08:01:01 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
Access is denied.
 
Error: (03/04/2017 08:00:56 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.
 
Error: (03/04/2017 07:49:13 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
Access is denied.
 
Error: (03/04/2017 07:49:07 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
Access is denied.
 
Error: (03/04/2017 07:49:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.01 service failed to start due to the following error: 
The system cannot find the path specified.
 
 
CodeIntegrity:
===================================
  Date: 2017-03-05 07:12:44.911
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\bthport.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-03-05 07:12:44.881
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\bthport.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-03-04 19:47:55.474
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\bthport.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-03-04 19:47:55.443
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\bthport.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-03-04 11:03:59.271
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\bthport.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-03-04 11:03:59.224
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\bthport.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-03-02 19:29:07.412
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\bthport.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-03-02 19:29:07.380
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\bthport.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-03-02 17:59:01.702
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\bthport.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-03-02 17:59:01.671
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\bthport.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 16%
Total physical RAM: 16365.25 MB
Available physical RAM: 13679.24 MB
Total Virtual: 32728.68 MB
Available Virtual: 29983.19 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:219.86 GB) (Free:155.22 GB) NTFS
Drive d: () (Fixed) (Total:1863.01 GB) (Free:1370.32 GB) NTFS
Drive e: (WinRE) (Fixed) (Total:7.81 GB) (Free:3.05 GB) NTFS
Drive l: (Elements) (Fixed) (Total:931.48 GB) (Free:188.3 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 15415647)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=7.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=219.9 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: B8B5477E)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 6.
 
========================================================
Disk: 7 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 93486964)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-03-2017
Ran by Jim (05-03-2017 12:16:41)
Running from C:\Users\Jim\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-07-03 03:17:07)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3716940813-2614047019-3014684930-500 - Administrator - Disabled)
Guest (S-1-5-21-3716940813-2614047019-3014684930-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3716940813-2614047019-3014684930-1008 - Limited - Enabled)
Jim (S-1-5-21-3716940813-2614047019-3014684930-1006 - Administrator - Enabled) => C:\Users\Jim
Owner (S-1-5-21-3716940813-2614047019-3014684930-1002 - Administrator - Enabled) => C:\Users\Owner
UpdatusUser (S-1-5-21-3716940813-2614047019-3014684930-1003 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acronis True Image Home (HKLM-x32\...\{67ED38A3-4882-448B-B44D-3428AB00D7D5}) (Version: 13.0.7154 - Acronis)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.10.0.0 - Asmedia Technology)
AVG (HKLM\...\AvgZen) (Version: 1.113.2.50020 - AVG Technologies)
AVG (Version: 16.141.7998 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4756 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.141.7998 - AVG Technologies)
AVG Zen (Version: 1.113.1 - AVG Technologies) Hidden
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Canon MG5100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series) (Version:  - )
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
CyberLink BD Advisor 2.0 (HKLM-x32\...\{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}) (Version:  - )
CyberLink Blu-ray Disc Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2604 - CyberLink Corp.)
CyberLink InstantBurn (HKLM-x32\...\{19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}) (Version: 5.0.4617 - CyberLink Corp.)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1720 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 4.1.3117 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.2918 - CyberLink Corp.)
CyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.2815b - CyberLink Corp.)
CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.1.1111 - CyberLink Corp.)
Digimax V (HKLM-x32\...\{FC483A2D-E281-4282-94F8-A4C2E7CCD687}) (Version:  - )
Digimax Viewer 2.0 (HKLM-x32\...\{9EE54C1F-FC99-44D6-916A-0CA2D45E740F}) (Version:  - )
Etron USB3.0 Host Controller (x32 Version: 0.105 - Etron Technology) Hidden
Flash Player Pro V5.4 (HKLM-x32\...\Flash Player Pro_is1) (Version:  - FlashPlayerPro.com)
FMW 1 (Version: 1.143.3 - AVG Technologies) Hidden
G3 Manager (HKLM-x32\...\{8D9E93D2-049D-4E9D-B263-13216E20EF1F}) (Version: 1.00.0000 - )
G3 Manager (x32 Version: 1.00.0000 - DECA System) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
LightScribe System Software (HKLM-x32\...\{4A9849CA-E11C-4F24-8BB1-97C717A1C898}) (Version: 1.18.1.1 - LightScribe)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NavDesk 2009 (HKLM-x32\...\{F5F1B66A-F117-427C-98C7-D4732F49BEBF}) (Version: 6.20.211 - Navman Technologies NZ Ltd)
NVIDIA 3D Vision Controller Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 320.49 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 320.49 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.5.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.5.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.49 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.24.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.24.2 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0604 - NVIDIA Corporation)
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
PlayMemories Home (HKLM-x32\...\{1E5C7043-09C5-4974-A69F-A5271FD82BBC}) (Version: 7.0.00.11271 - Sony Corporation)
Ralink RT2870 Wireless LAN Card (HKLM-x32\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0E}) (Version: 3.1.4.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.43.321.2011 - Realtek)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6409 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6449 - Realtek Semiconductor Corp.)
ReboundAlert (HKLM-x32\...\ReboundAlert) (Version: 2.5.86 - WebAppTech Coding, LLC)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.28.1 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.28.1 - Renesas Electronics Corporation) Hidden
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.13.2.14 - Client Connect LTD) <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WinFast Multimedia Driver Installation  (HKLM-x32\...\{418EC9DD-25EE-4C3F-8827-B7AA9B26405B}) (Version:  - Multimedia)
WinZip 21.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2410D}) (Version: 21.0.12288 - WinZip Computing, S.L. )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3716940813-2614047019-3014684930-1006_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Jim\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3716940813-2614047019-3014684930-1006_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Jim\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3716940813-2614047019-3014684930-1006_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Jim\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3716940813-2614047019-3014684930-1006_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Jim\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3716940813-2614047019-3014684930-1006_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Jim\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3716940813-2614047019-3014684930-1006_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll ()
CustomCLSID: HKU\S-1-5-21-3716940813-2614047019-3014684930-1006_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Jim\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3716940813-2614047019-3014684930-1006_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Jim\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {05E55333-2A96-4E22-8524-98635A13FD93} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe 
Task: {4B6577FD-6D5A-4A15-BCFB-D14DE25CAE7F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {711EB444-D5AF-41FB-861C-608E26CC732F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-09] (Google Inc.)
Task: {763CBF87-73CE-4B75-AF12-26C10BA5D7E1} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe 
Task: {7951D8AF-6AEB-408C-BBF1-2813805CDD21} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3716940813-2614047019-3014684930-1006
Task: {9BDC1E02-C8CC-4911-AC9B-CAB731431538} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-09] (Google Inc.)
Task: {E12638C1-0E7A-4791-A9E4-C87A251E85BA} - System32\Tasks\WinZip Update Notifier => C:\Program Files\WinZip\WZUpdateNotifier.exe [2017-02-13] (WinZip)
Task: {F6FF76A7-C9C3-4BE0-B6EB-DCF21C2E49DD} - System32\Tasks\WinZipBackGroundToolsTask => C:\Program Files\WinZip\WzBGTools.exe [2017-02-13] (WinZip Computing, S.L.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\Public\Desktop\Windows Recovery Activation.lnk -> C:\Windows\oem\boottore.bat ()
 
==================== Loaded Modules (Whitelisted) ==============
 
2012-07-03 17:18 - 2013-06-21 21:23 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-07-19 23:03 - 2010-04-06 06:55 - 00116104 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2012-05-31 17:31 - 2009-07-17 18:13 - 00244904 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2013-03-31 01:52 - 2003-03-20 11:53 - 00626688 _____ () C:\Program Files (x86)\Samsung\Digimax Viewer 2.0\STImgBrowser.exe
2009-01-27 22:37 - 2009-01-27 22:37 - 02023424 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2009-01-27 22:37 - 2009-01-27 22:37 - 07331840 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2009-01-27 22:37 - 2009-01-27 22:37 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2013-03-31 01:52 - 1998-11-20 18:44 - 00051712 _____ () C:\Program Files (x86)\Samsung\Digimax Viewer 2.0\Stwa.dll
2013-03-31 01:52 - 2003-01-22 21:21 - 00253952 _____ () C:\Program Files (x86)\Samsung\Digimax Viewer 2.0\impexp97.dll
2013-03-31 01:52 - 1999-07-05 19:07 - 00223232 _____ () C:\Program Files (x86)\Samsung\Digimax Viewer 2.0\Stwablt.dll
2013-03-31 01:52 - 1996-11-14 11:26 - 00079872 _____ () C:\Program Files (x86)\Samsung\Digimax Viewer 2.0\STXFORM.dll
2013-03-31 01:52 - 1999-04-27 11:22 - 00107520 _____ () C:\Program Files (x86)\Samsung\Digimax Viewer 2.0\Stfrg.dll
2013-03-31 01:52 - 1999-09-20 21:12 - 00133632 _____ () C:\Program Files (x86)\Samsung\Digimax Viewer 2.0\Stapi.dll
2012-05-31 17:28 - 2007-04-10 16:01 - 08357424 _____ () C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\res.dll
2009-04-30 12:05 - 2009-04-30 12:05 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-04-30 12:08 - 2009-04-30 12:08 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2017-02-09 00:34 - 2017-02-09 00:34 - 48920064 ____C () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 13:34 - 2017-03-01 23:30 - 00000826 ___AC C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3716940813-2614047019-3014684930-1006\Control Panel\Desktop\\Wallpaper -> C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 61.9.195.193 - 61.9.194.49
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: CanonSolutionMenuEx => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
MSCONFIG\startupreg: EaseUS Cleanup => "C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.10\bin\CleanUpUI.exe" 10 300
MSCONFIG\startupreg: EaseUS EPM tray => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.10\bin\EpmNews.exe
MSCONFIG\startupreg: EaseUS EPM Tray Agent => "C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.10\bin\TrayPopupE\TrayTipAgentE.exe"
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
MSCONFIG\startupreg: TrueImageMonitor.exe => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{3FDD206B-70EF-42DC-BF05-FB68BEE467F4}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD8\PowerDVD8.EXE
FirewallRules: [{83AD98D0-C0DC-4526-B4E8-E36788D6C101}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{8C8D588B-631E-406C-9C69-613C726A3280}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [TCP Query User{FFBFFE18-2552-4021-B8E7-C106E254F5D2}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{853F05DD-CB0A-40A9-BB68-9B597D2AC73C}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{0BFC4093-7021-451F-8547-EFB9AD1F072E}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{A209B7FF-CF96-4491-AB6F-9B877B8C41F3}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{1C0DFD0E-26A3-48F0-B7B6-0A3126836062}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{19D29B2A-4450-4591-B92A-BA100A7E6778}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{AAF34BC1-5095-47F0-8BD4-C0DCB3B4A812}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{9CB0DF80-9AB7-4FF6-B7CC-A878B4098F9F}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{0AE3CED2-1BD4-4CD5-8940-B5A265D1D94E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{7B4AD209-9201-4C9E-8035-5BF515C45DF1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{6B8ADDFB-8329-4925-B55D-C7BE94BC5607}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{B878C2F8-4675-4661-94C7-19816DA19034}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{995AB49C-B5EC-4BC8-BEE0-14E6FC800291}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{B1DFFE23-5147-42CF-AA8C-3E640C013FB2}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{4BAE81ED-4DCE-4ADC-AA1C-9A053EAA3D05}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{E8A878EE-6577-48AF-BAF1-37D0F6FE0E8C}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{8760E483-EBE7-433B-8759-C6218D8575D8}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{63CA2404-B5ED-448A-A7F8-9331422BF559}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{3390EE9C-8F76-424A-9C03-19FB867EF1D1}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{6D158F5B-B6D7-4E12-A558-5568EE41AF18}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{538B1B5B-46C8-48A8-AA62-F8EA4D1872DF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
Name: AODDriver4.01
Description: AODDriver4.01
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: AODDriver4.01
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/05/2017 10:36:39 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (03/05/2017 10:36:39 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (03/05/2017 07:56:58 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Removed Adobe Acrobat Reader DC.; Error = 0x80070422).
 
Error: (03/05/2017 07:56:56 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Removed Adobe Acrobat Reader DC.; Error = 0x80070422).
 
Error: (03/05/2017 07:17:04 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (03/05/2017 07:17:04 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (03/05/2017 07:14:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (03/04/2017 07:54:24 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (03/04/2017 07:54:24 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (03/04/2017 07:49:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
 
System errors:
=============
Error: (03/05/2017 07:38:35 AM) (Source: nvlddmkm) (EventID: 14) (User: )
Description: Event-ID 14
 
Error: (03/05/2017 07:12:50 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
Access is denied.
 
Error: (03/05/2017 07:12:45 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
Access is denied.
 
Error: (03/05/2017 07:12:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.01 service failed to start due to the following error: 
The system cannot find the path specified.
 
Error: (03/05/2017 07:12:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AMD FUEL Service service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (03/04/2017 08:01:01 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
Access is denied.
 
Error: (03/04/2017 08:00:56 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.
 
Error: (03/04/2017 07:49:13 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
Access is denied.
 
Error: (03/04/2017 07:49:07 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
Access is denied.
 
Error: (03/04/2017 07:49:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.01 service failed to start due to the following error: 
The system cannot find the path specified.
 
 
CodeIntegrity:
===================================
  Date: 2017-03-05 07:12:44.911
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\bthport.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-03-05 07:12:44.881
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\bthport.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-03-04 19:47:55.474
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\bthport.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-03-04 19:47:55.443
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\bthport.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-03-04 11:03:59.271
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\bthport.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-03-04 11:03:59.224
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\bthport.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-03-02 19:29:07.412
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\bthport.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-03-02 19:29:07.380
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\bthport.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-03-02 17:59:01.702
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\bthport.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-03-02 17:59:01.671
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\bthport.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 16%
Total physical RAM: 16365.25 MB
Available physical RAM: 13679.24 MB
Total Virtual: 32728.68 MB
Available Virtual: 29983.19 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:219.86 GB) (Free:155.22 GB) NTFS
Drive d: () (Fixed) (Total:1863.01 GB) (Free:1370.32 GB) NTFS
Drive e: (WinRE) (Fixed) (Total:7.81 GB) (Free:3.05 GB) NTFS
Drive l: (Elements) (Fixed) (Total:931.48 GB) (Free:188.3 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 15415647)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=7.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=219.9 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: B8B5477E)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 6.
 
========================================================
Disk: 7 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 93486964)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ======================================== End of Addition.txt ============================

 


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Get Process Explorer
 
Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute then:
 
File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.
 
 
Copy the next 2 lines:
 
TASKLIST /SVC  > \junk.txt
notepad \junk.txt
 
Open an Elevated Command Prompt:
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
 
 
Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply. 
 
 
Get the free version of Speccy:
 
http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), 
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.
 
First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.
 

  • 0

#3
jimxx7

jimxx7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts

As requested - System Processes File:

 

**********************************

 

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 98.67 0 K 24 K 0
procexp64.exe 0.68 36,840 K 55,536 K 5476 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
Interrupts 0.26 0 K 0 K n/a Hardware Interrupts and DPCs
System 0.10 1,016 K 2,788 K 4
dwm.exe 0.07 69,488 K 125,980 K 4192 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 0.05 69,456 K 84,328 K 6996 Google Chrome Google Inc. (Verified) Google Inc
svchost.exe 0.04 35,496 K 52,040 K 2312 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
services.exe 0.03 7,196 K 10,996 K 1976 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
STImgBrowser.exe 0.02 7,896 K 28,428 K 4932 STImgBrowser MFC Application (No signature was present in the subject) 
svchost.exe 0.01 6,064 K 11,168 K 1336 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 0.01 2,808 K 5,116 K 1552 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
explorer.exe 0.01 36,112 K 76,904 K 4284 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 0.01 82,456 K 134,892 K 2576 Google Chrome Google Inc. (Verified) Google Inc
avgwdsvca.exe 0.01 21,640 K 41,956 K 3180 AVG Watchdog Service AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
IBurn.exe 0.01 3,208 K 8,972 K 5152 InstantBurn UDF Tool CyberLink Corporation. (Verified) CyberLink
avgidsagenta.exe < 0.01 38,260 K 56,840 K 2956 AVG Identity Protection Service AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
csrss.exe < 0.01 20,032 K 23,848 K 1944 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
CLMLSvc.exe < 0.01 5,468 K 10,228 K 5260 CyberLink MediaLibray Service CyberLink (Verified) CyberLink
WUDFHost.exe < 0.01 3,060 K 7,120 K 5212 Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation (Verified) Microsoft Windows
PDVD8Serv.exe < 0.01 2,028 K 6,020 K 5296 PowerDVD RC Service CyberLink Corp. (Verified) CyberLink
WzPreloader.exe < 0.01 14,328 K 13,192 K 4964 WinZip Preloader WinZip Computing, S.L. (Verified) WinZip Computing LLC
svchost.exe < 0.01 169,700 K 179,364 K 2232 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 10,052 K 16,540 K 6008 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe < 0.01 30,204 K 17,004 K 4924 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
daemonu.exe < 0.01 29,400 K 35,564 K 3456 NVIDIA Settings Update Manager NVIDIA Corporation (Verified) NVIDIA Corporation
svchost.exe < 0.01 17,996 K 19,188 K 2632 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 11,092 K 17,928 K 2272 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 16,412 K 18,720 K 6388 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
nvvsvc.exe < 0.01 6,776 K 14,008 K 2728 NVIDIA Driver Helper Service, Version 320.49 NVIDIA Corporation (Verified) NVIDIA Corporation
avgui.exe < 0.01 11,232 K 12,192 K 5648 AVG User Interface AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
LSSrvc.exe < 0.01 1,544 K 4,688 K 3288 LightScribe Service Hewlett-Packard Company (No signature was present in the subject) Hewlett-Packard Company
schedul2.exe < 0.01 3,208 K 6,532 K 2400 Acronis Scheduler 2 Acronis (Verified) Acronis
wmpnetwk.exe 15,200 K 13,088 K 6004 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 3,672 K 7,504 K 6616 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 4,252 K 8,624 K 2132 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 2,128 K 5,208 K 1916 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
ViakaraokeSrv.exe 2,164 K 5,172 K 3768 Service binary VIA Technologies, Inc. (Verified) VIA Technologies Inc.
taskhost.exe 10,428 K 12,288 K 5000 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,420 K 6,160 K 3732 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 20,872 K 23,912 K 2192 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 6,156 K 10,024 K 1288 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 16,556 K 17,220 K 3028 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1,828 K 3,632 K 7452 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,300 K 5,004 K 4608 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 7,964 K 13,944 K 3212 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
spoolsv.exe 7,732 K 13,460 K 2996 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smss.exe 764 K 1,448 K 572 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
RichVideo.exe 1,412 K 4,632 K 3704 RichVideo Module (Certificate expired) 
procexp.exe 6,764 K 9,336 K 4080 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
PMBDeviceInfoProvider.exe 1,664 K 4,944 K 3568 Device Information Provider Sony Corporation (Verified) Sony Corporation
nvxdsync.exe 10,724 K 21,552 K 2552 NVIDIA User Experience Driver Component NVIDIA Corporation (Verified) NVIDIA Corporation
nvvsvc.exe 3,680 K 8,156 K 1864 NVIDIA Driver Helper Service, Version 320.49 NVIDIA Corporation (Verified) NVIDIA Corporation
nvtray.exe 7,376 K 15,608 K 5764 NVIDIA Settings NVIDIA Corporation (Verified) NVIDIA Corporation
NvTmru.exe 4,480 K 8,768 K 2592 NVIDIA NvTmru Application NVIDIA Corporation (Verified) NVIDIA Corporation
nvSCPAPISvr.exe 2,944 K 6,220 K 1348 Stereo Vision Control Panel API Server NVIDIA Corporation (Verified) NVIDIA Corporation
nusb3mon.exe 2,788 K 6,616 K 5424 USB 3.0 Monitor Renesas Electronics Corporation (Verified) Renesas Electronics Corporation
mscorsvw.exe 3,708 K 5,932 K 7220 .NET Runtime Optimization Service Microsoft Corporation (Verified) Microsoft Dynamic Code Publisher
mscorsvw.exe 5,396 K 6,908 K 7240 .NET Runtime Optimization Service Microsoft Corporation (Verified) Microsoft Dynamic Code Publisher
lsm.exe 3,292 K 5,004 K 2016 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
lsass.exe 5,472 K 12,796 K 2004 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
LightScribeControlPanel.exe 4,768 K 11,928 K 4836 Hewlett-Packard Company (No signature was present in the subject) Hewlett-Packard Company
ijplmsvc.exe 1,160 K 3,900 K 3248 Inkjet Printer/Scanner/Fax Extended Survey Program Service (Verified) Canon Inc.
GoogleCrashHandler64.exe 2,260 K 784 K 2584 Google Crash Handler Google Inc. (Verified) Google Inc
GoogleCrashHandler.exe 2,088 K 588 K 4704 Google Crash Handler Google Inc. (Verified) Google Inc
ctfmon.exe 3,216 K 820 K 7048 CTF Loader Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 70,044 K 77,192 K 6924 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 2,260 K 5,080 K 6652 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 2,816 K 6,872 K 7584 Google Chrome Google Inc. (Verified) Google Inc
brs.exe 1,688 K 4,684 K 5376 brs cyberlink (Verified) CyberLink
BJMYPRT.EXE 3,444 K 6,804 K 4820 Canon My Printer CANON INC. (Verified) Canon Inc.
avguix.exe 16,008 K 15,892 K 5720 AVG User Interface AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
avgsvca.exe 10,040 K 26,732 K 2064 AVG Service Process AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
avgrsa.exe 20,424 K 36,992 K 792 AVG Resident Shield Service AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
avgnsa.exe 12,448 K 21,516 K 4376 AVG Online Shield Service AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
avgemca.exe 3,692 K 9,428 K 4388 AVG E-mail Scanner AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
avgcsrva.exe 19,384 K 156,852 K 920 AVG Scanning Core Module - Server Part AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
audiodg.exe 14,940 K 15,604 K 7992 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
atiesrxx.exe 2,344 K 5,180 K 2108 AMD External Events Service Module AMD (Verified) Microsoft Windows Hardware Compatibility Publisher
atieclxx.exe 3,204 K 7,396 K 2500 AMD External Events Client Module AMD (Verified) Microsoft Windows Hardware Compatibility Publisher
afcdpsrv.exe 3,332 K 7,348 K 2676 File Level CDP Manager Service Acronis (Verified) Acronis

  • 0

#4
jimxx7

jimxx7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts
Services as requested:
 
 
Image Name                     PID Services                                    
========================= ======== ============================================
System Idle Process              0 N/A                                         
System                           4 N/A                                         
smss.exe                       572 N/A                                         
avgrsa.exe                     792 N/A                                         
avgcsrva.exe                   920 N/A                                         
csrss.exe                     1552 N/A                                         
wininit.exe                   1916 N/A                                         
csrss.exe                     1944 N/A                                         
services.exe                  1976 N/A                                         
lsass.exe                     2004 KeyIso, SamSs                               
lsm.exe                       2016 N/A                                         
svchost.exe                   1336 DcomLaunch, PlugPlay, Power                 
nvvsvc.exe                    1864 nvsvc                                       
nvSCPAPISvr.exe               1348 Stereo Service                              
svchost.exe                   1288 RpcEptMapper, RpcSs                         
atiesrxx.exe                  2108 AMD External Events Utility                 
winlogon.exe                  2132 N/A                                         
svchost.exe                   2192 AudioSrv, Dhcp, eventlog,                   
                                   HomeGroupProvider, lmhosts, wscsvc          
svchost.exe                   2232 AudioEndpointBuilder, hidserv,              
                                   HomeGroupListener, Netman, PcaSvc, SysMain, 
                                   TrkWks, UxSms, Wlansvc, WPDBusEnum, wudfsvc 
svchost.exe                   2272 EventSystem, fdPHost, FontCache, netprofm,  
                                   nsi, WdiServiceHost                         
svchost.exe                   2312 AeLookupSvc, BITS, Browser, EapHost, gpsvc, 
                                   iphlpsvc, LanmanServer, MMCSS, ProfSvc,     
                                   Schedule, SENS, ShellHWDetection, Themes,   
                                   Winmgmt, wuauserv                           
atieclxx.exe                  2500 N/A                                         
nvxdsync.exe                  2552 N/A                                         
svchost.exe                   2632 CryptSvc, Dnscache, LanmanWorkstation,      
                                   NlaSvc                                      
nvvsvc.exe                    2728 N/A                                         
spoolsv.exe                   2996 Spooler                                     
svchost.exe                   3028 BFE, DPS, MpsSvc                            
schedul2.exe                  2400 AcrSch2Svc                                  
afcdpsrv.exe                  2676 afcdpsrv                                    
avgidsagenta.exe              2956 AVGIDSAgent                                 
avgsvca.exe                   2064 avgsvc                                      
avgwdsvca.exe                 3180 avgwd                                       
svchost.exe                   3212 DiagTrack                                   
ijplmsvc.exe                  3248 IJPLMSVC                                    
LSSrvc.exe                    3288 LightScribeService                          
daemonu.exe                   3456 nvUpdatusService                            
PMBDeviceInfoProvider.exe     3568 PMBDeviceInfoProvider                       
RichVideo.exe                 3704 RichVideo                                   
svchost.exe                   3732 stisvc                                      
ViakaraokeSrv.exe             3768 VIAKaraokeService                           
avgnsa.exe                    4376 N/A                                         
avgemca.exe                   4388 N/A                                         
taskhost.exe                  5000 N/A                                         
dwm.exe                       4192 N/A                                         
explorer.exe                  4284 N/A                                         
GoogleCrashHandler.exe        4704 N/A                                         
GoogleCrashHandler64.exe      2584 N/A                                         
NvTmru.exe                    2592 N/A                                         
BJMYPRT.EXE                   4820 N/A                                         
LightScribeControlPanel.e     4836 N/A                                         
STImgBrowser.exe              4932 N/A                                         
WzPreloader.exe               4964 N/A                                         
IBurn.exe                     5152 N/A                                         
CLMLSvc.exe                   5260 N/A                                         
PDVD8Serv.exe                 5296 N/A                                         
brs.exe                       5376 N/A                                         
nusb3mon.exe                  5424 N/A                                         
avgui.exe                     5648 N/A                                         
avguix.exe                    5720 N/A                                         
nvtray.exe                    5764 N/A                                         
svchost.exe                   6008 FDResPub, SSDPSRV, upnphost                 
WUDFHost.exe                  5212 N/A                                         
SearchIndexer.exe             4924 WSearch                                     
wmpnetwk.exe                  6004 WMPNetworkSvc                               
svchost.exe                   6388 p2pimsvc, p2psvc, PNRPsvc                   
ctfmon.exe                    7048 N/A                                         
mscorsvw.exe                  7220 clr_optimization_v4.0.30319_32              
mscorsvw.exe                  7240 clr_optimization_v4.0.30319_64              
svchost.exe                   4608 SDRSVC                                      
chrome.exe                    2576 N/A                                         
chrome.exe                    6652 N/A                                         
chrome.exe                    7584 N/A                                         
chrome.exe                    6924 N/A                                         
chrome.exe                    6996 N/A                                         
procexp.exe                   4080 N/A                                         
procexp64.exe                 5476 N/A                                         
chrome.exe                    7576 N/A                                         
audiodg.exe                   4768 N/A                                         
notepad.exe                   6916 N/A                                         
svchost.exe                   6756 WerSvc                                      
cmd.exe                       6588 N/A                                         
conhost.exe                   6780 N/A                                         
tasklist.exe                  7272 N/A                                         
WmiPrvSE.exe                  5996 N/A                                         

  • 0

#5
jimxx7

jimxx7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts

Speccy output attached

Attached Files


  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Temps look a bit high in Speccy but it hasn't been very accurate recently so get a second opinion from Speedfan:

 

 
 
Download, save and Install it (Win 7+ or Vista right click and Run As Admin.) then run it (Win 7+ or Vista right click and Run As Admin.).
 
It will tell you your temps in real time tho the default is to show the hard drive temp in the systray.  You can change it:  Hit Configure then click on the highest temp and check Show in tray
 
I expect the problem is wmi, based on the errors I see.
 
Get Windows Repair All In One from:
 
 
 
Download it and save it then run it by right clicking and Run As Admin..
 
You can skip to step 4 or 5 where it gives you the same picture as in the above link.
 
Make sure just these 2 are checked before hitting Start:
 
 
Register System Files
Repair WMI
 
 
Reboot when done and run VEW:
 
 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)
 

  • 0

#7
jimxx7

jimxx7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts
System Logfile
 
 
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 09/03/2017 9:56:51 PM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 24/02/2017 9:31:13 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 23/02/2017 2:49:17 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 21/02/2017 9:10:54 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 09/02/2017 8:14:13 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 08/02/2017 2:13:36 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 08/02/2017 1:29:48 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 09/05/2015 12:48:20 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 09/05/2015 9:34:59 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 04/05/2015 4:34:22 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 24/04/2015 10:28:11 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 11/04/2015 8:36:11 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 24/03/2015 11:04:41 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 22/03/2015 6:05:06 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 21/03/2015 2:48:17 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 20/03/2015 10:24:08 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 19/03/2015 11:33:48 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 16/03/2015 7:03:31 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 06/03/2015 9:48:20 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 22/02/2015 8:49:50 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 14/02/2015 10:38:53 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 09/03/2017 10:40:17 AM
Type: Error Category: 0
Event: 7006 Source: Service Control Manager
The ScRegSetValueExW call failed for FailureActions with the following error:  Access is denied.
 
Log: 'System' Date/Time: 09/03/2017 10:40:12 AM
Type: Error Category: 0
Event: 7006 Source: Service Control Manager
The ScRegSetValueExW call failed for FailureActions with the following error:  Access is denied.
 
Log: 'System' Date/Time: 09/03/2017 10:40:11 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The AODDriver4.01 service failed to start due to the following error:  The system cannot find the path specified.
 
Log: 'System' Date/Time: 09/03/2017 10:40:11 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The AMD FUEL Service service failed to start due to the following error:  The system cannot find the file specified.
 
Log: 'System' Date/Time: 09/03/2017 10:36:33 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
 
Log: 'System' Date/Time: 09/03/2017 10:30:08 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
 
Log: 'System' Date/Time: 09/03/2017 10:30:07 AM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Log: 'System' Date/Time: 09/03/2017 10:30:07 AM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
 
Log: 'System' Date/Time: 09/03/2017 10:30:06 AM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Log: 'System' Date/Time: 09/03/2017 10:30:01 AM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
 
Log: 'System' Date/Time: 09/03/2017 10:29:54 AM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load:  AsIO Avgdiska AVGIDSDriver Avgldx64 Avgloga avguniva discache spldr Wanarpv6
 
Log: 'System' Date/Time: 09/03/2017 10:29:53 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error:  A device attached to the system is not functioning.
 
Log: 'System' Date/Time: 09/03/2017 10:29:04 AM
Type: Error Category: 0
Event: 7006 Source: Service Control Manager
The ScRegSetValueExW call failed for FailureActions with the following error:  Access is denied.
 
Log: 'System' Date/Time: 09/03/2017 10:29:00 AM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.
 
Log: 'System' Date/Time: 09/03/2017 10:21:05 AM
Type: Error Category: 0
Event: 7006 Source: Service Control Manager
The ScRegSetValueExW call failed for FailureActions with the following error:  Access is denied.
 
Log: 'System' Date/Time: 09/03/2017 10:20:59 AM
Type: Error Category: 0
Event: 7006 Source: Service Control Manager
The ScRegSetValueExW call failed for FailureActions with the following error:  Access is denied.
 
Log: 'System' Date/Time: 09/03/2017 10:20:59 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The AODDriver4.01 service failed to start due to the following error:  The system cannot find the path specified.
 
Log: 'System' Date/Time: 09/03/2017 10:20:59 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The AMD FUEL Service service failed to start due to the following error:  The system cannot find the file specified.
 
Log: 'System' Date/Time: 09/03/2017 10:19:49 AM
Type: Error Category: 0
Event: 7043 Source: Service Control Manager
The Diagnostics Tracking Service service did not shut down properly after receiving a preshutdown control.
 
Log: 'System' Date/Time: 09/03/2017 10:19:13 AM
Type: Error Category: 0
Event: 7006 Source: Service Control Manager
The ScRegSetValueExW call failed for FailureActions with the following error:  Access is denied.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 09/03/2017 10:40:22 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.01#7&1C4905A4&0&058F63646476&1#.
 
Log: 'System' Date/Time: 09/03/2017 10:40:20 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.
 
Log: 'System' Date/Time: 09/03/2017 10:40:04 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\BTHUSB failed to load for the device USB\VID_0DB0&PID_A871\6&788acb3&0&2.
 
Log: 'System' Date/Time: 09/03/2017 10:39:15 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped. 
 
Log: 'System' Date/Time: 09/03/2017 10:30:03 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.
 
Log: 'System' Date/Time: 09/03/2017 10:29:06 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped. 
 
Log: 'System' Date/Time: 09/03/2017 10:21:19 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.01#7&1C4905A4&0&058F63646476&1#.
 
Log: 'System' Date/Time: 09/03/2017 10:21:06 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.
 
Log: 'System' Date/Time: 09/03/2017 10:20:59 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\BTHUSB failed to load for the device USB\VID_0DB0&PID_A871\6&788acb3&0&2.
 
Log: 'System' Date/Time: 09/03/2017 10:19:49 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped. 
 
Log: 'System' Date/Time: 09/03/2017 10:07:27 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.01#7&1C4905A4&0&058F63646476&1#.
 
Log: 'System' Date/Time: 09/03/2017 10:07:26 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.
 
Log: 'System' Date/Time: 09/03/2017 10:05:57 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\BTHUSB failed to load for the device USB\VID_0DB0&PID_A871\6&788acb3&0&2.
 
Log: 'System' Date/Time: 09/03/2017 10:04:25 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped. 
 
Log: 'System' Date/Time: 09/03/2017 8:38:24 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.01#7&1C4905A4&0&058F63646476&1#.
 
Log: 'System' Date/Time: 09/03/2017 8:38:22 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.
 
Log: 'System' Date/Time: 09/03/2017 8:38:06 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\BTHUSB failed to load for the device USB\VID_0DB0&PID_A871\6&788acb3&0&2.
 
Log: 'System' Date/Time: 09/03/2017 8:35:59 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped. 
 
Log: 'System' Date/Time: 09/03/2017 7:51:37 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.01#7&1C4905A4&0&058F63646476&1#.
 
Log: 'System' Date/Time: 09/03/2017 7:51:35 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

  • 0

#8
jimxx7

jimxx7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts

Application Logfile 

 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 09/03/2017 9:59:23 PM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 09/03/2017 10:40:22 AM
Type: Error Category: 0
Event: 1103 Source: .NET Runtime Optimization Service
.NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown
 
 
Log: 'Application' Date/Time: 09/03/2017 10:40:22 AM
Type: Error Category: 0
Event: 1103 Source: .NET Runtime Optimization Service
.NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown
 
 
Log: 'Application' Date/Time: 09/03/2017 10:38:22 AM
Type: Error Category: 0
Event: 3009 Source: Microsoft-Windows-LoadPerf
Installing the performance counter strings for service .NET CLR Networking 4.0.0.0 () failed. The first DWORD in the Data section contains the error code.
 
Log: 'Application' Date/Time: 09/03/2017 10:38:22 AM
Type: Error Category: 0
Event: 3009 Source: Microsoft-Windows-LoadPerf
Installing the performance counter strings for service .NET Data Provider for Oracle () failed. The first DWORD in the Data section contains the error code.
 
Log: 'Application' Date/Time: 09/03/2017 10:34:52 AM
Type: Error Category: 0
Event: 24 Source: Microsoft-Windows-WMI
Event provider NVIDIA|NVWMI|EVENTS|2.0 attempted to register query "select * from ThermalEvent" whose target class "ThermalEvent" in //./root/cimv2/NV/Events namespace does not exist. The query will be ignored.
 
Log: 'Application' Date/Time: 09/03/2017 10:34:52 AM
Type: Error Category: 0
Event: 24 Source: Microsoft-Windows-WMI
Event provider NVIDIA|NVWMI|EVENTS|2.0 attempted to register query "select * from CoolerEvent" whose target class "CoolerEvent" in //./root/cimv2/NV/Events namespace does not exist. The query will be ignored.
 
Log: 'Application' Date/Time: 09/03/2017 10:34:52 AM
Type: Error Category: 0
Event: 24 Source: Microsoft-Windows-WMI
Event provider  attempted to register query "select * from ThermalEvent" whose target class "ThermalEvent" in //./root/cimv2/NV/Events namespace does not exist. The query will be ignored.
 
Log: 'Application' Date/Time: 09/03/2017 10:34:52 AM
Type: Error Category: 0
Event: 24 Source: Microsoft-Windows-WMI
Event provider  attempted to register query "select * from CoolerEvent" whose target class "CoolerEvent" in //./root/cimv2/NV/Events namespace does not exist. The query will be ignored.
 
Log: 'Application' Date/Time: 09/03/2017 10:34:32 AM
Type: Error Category: 0
Event: 3011 Source: Microsoft-Windows-LoadPerf
Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Log: 'Application' Date/Time: 09/03/2017 10:34:32 AM
Type: Error Category: 0
Event: 3012 Source: Microsoft-Windows-LoadPerf
The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Log: 'Application' Date/Time: 09/03/2017 10:31:38 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Log: 'Application' Date/Time: 09/03/2017 10:31:31 AM
Type: Error Category: 0
Event: 3011 Source: Microsoft-Windows-LoadPerf
Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Log: 'Application' Date/Time: 09/03/2017 10:31:31 AM
Type: Error Category: 0
Event: 3012 Source: Microsoft-Windows-LoadPerf
The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Log: 'Application' Date/Time: 09/03/2017 10:25:28 AM
Type: Error Category: 0
Event: 3011 Source: Microsoft-Windows-LoadPerf
Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Log: 'Application' Date/Time: 09/03/2017 10:25:28 AM
Type: Error Category: 0
Event: 3012 Source: Microsoft-Windows-LoadPerf
The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Log: 'Application' Date/Time: 09/03/2017 10:22:34 AM
Type: Error Category: 0
Event: 3011 Source: Microsoft-Windows-LoadPerf
Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Log: 'Application' Date/Time: 09/03/2017 10:22:34 AM
Type: Error Category: 0
Event: 3012 Source: Microsoft-Windows-LoadPerf
The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Log: 'Application' Date/Time: 09/03/2017 10:22:19 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Log: 'Application' Date/Time: 09/03/2017 10:13:47 AM
Type: Error Category: 0
Event: 3011 Source: Microsoft-Windows-LoadPerf
Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Log: 'Application' Date/Time: 09/03/2017 10:13:47 AM
Type: Error Category: 0
Event: 3012 Source: Microsoft-Windows-LoadPerf
The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 09/03/2017 10:40:13 AM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <file:C:/Program Files (x86)/Microsoft Office/Office14/Visio Content/> cannot be accessed.
 
Context:  Application, SystemIndex Catalog
 
Details:
The object was not found.  (HRESULT : 0x80041201) (0x80041201)
 
 
Log: 'Application' Date/Time: 09/03/2017 10:39:15 AM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
 
Log: 'Application' Date/Time: 09/03/2017 10:39:14 AM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
 
Log: 'Application' Date/Time: 09/03/2017 10:38:22 AM
Type: Warning Category: 0
Event: 2007 Source: Microsoft-Windows-LoadPerf
Cannot repair performance counters for .NET CLR Networking 4.0.0.0 service. Reinstall the performance counters manually using the LODCTR tool.
 
Log: 'Application' Date/Time: 09/03/2017 10:38:22 AM
Type: Warning Category: 0
Event: 2007 Source: Microsoft-Windows-LoadPerf
Cannot repair performance counters for .NET Data Provider for Oracle service. Reinstall the performance counters manually using the LODCTR tool.
 
Log: 'Application' Date/Time: 09/03/2017 10:35:10 AM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, WpcClamperProv, has been registered in the Windows Management Instrumentation namespace ROOT\CIMV2\Applications\WindowsParentalControls to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 09/03/2017 10:35:10 AM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, WpcClamperProv, has been registered in the Windows Management Instrumentation namespace ROOT\CIMV2\Applications\WindowsParentalControls to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 09/03/2017 10:35:02 AM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, WpcClamperProv, has been registered in the Windows Management Instrumentation namespace ROOT\CIMV2\Applications\WindowsParentalControls to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 09/03/2017 10:35:02 AM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, WpcClamperProv, has been registered in the Windows Management Instrumentation namespace ROOT\CIMV2\Applications\WindowsParentalControls to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 09/03/2017 10:35:01 AM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, HiPerfCooker_v1, has been registered in the Windows Management Instrumentation namespace Root\WMI to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 09/03/2017 10:35:01 AM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, HiPerfCooker_v1, has been registered in the Windows Management Instrumentation namespace Root\WMI to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 09/03/2017 10:35:00 AM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, CommandLineEventConsumer, has been registered in the Windows Management Instrumentation namespace root\default to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 09/03/2017 10:35:00 AM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, CommandLineEventConsumer, has been registered in the Windows Management Instrumentation namespace root\default to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 09/03/2017 10:35:00 AM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, LogFileEventConsumer, has been registered in the Windows Management Instrumentation namespace root\default to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 09/03/2017 10:35:00 AM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, LogFileEventConsumer, has been registered in the Windows Management Instrumentation namespace root\default to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 09/03/2017 10:34:59 AM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, ActiveScriptEventConsumer, has been registered in the Windows Management Instrumentation namespace root\subscription to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 09/03/2017 10:34:59 AM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, ActiveScriptEventConsumer, has been registered in the Windows Management Instrumentation namespace root\subscription to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 09/03/2017 10:34:59 AM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, CommandLineEventConsumer, has been registered in the Windows Management Instrumentation namespace root\subscription to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 09/03/2017 10:34:59 AM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, CommandLineEventConsumer, has been registered in the Windows Management Instrumentation namespace root\subscription to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 09/03/2017 10:34:59 AM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, LogFileEventConsumer, has been registered in the Windows Management Instrumentation namespace root\subscription to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

What temps did you see from Speedfan?

 

You apparently have two nvidia cards.  What wattage is your power supply?

 

Uninstall:

 

Java 8 Update 31 which is not the latest.
Java has been very vulnerable to infection so unless you absolutely need it you should not reinstall it.
 
If you feel you must have Java:
Get the latest Java at:
 
Save it to your PC then close all browsers and install it.  Do not let it install the yahoo toolbar or other foistware.
Once installed, go into Control Panel, Java, Security and set the slider to the Highest then OK.
 
(If you also want the 64 bit version then use the 64 bit version of IE to get it.)
 
Also Uninstall:
 
ReboundAlert
Search Protect 
 
Let's run a fixlist to clean up some deadwood:
 
 
Download the attached fixlist.txt to the same location as FRST
 
 
Run FRST and press Fix
A fix log will be generated please post that 
 
 
Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.
 
Could you make a new Speccy log?  You have a Seagate drive and like all Seagate drives it is throwing a lot of errors but it seems to be getting an abnormal lot of Command Timeouts.  I want to see if they are increasing.  
 
 
 

  • 0

#10
jimxx7

jimxx7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts

Firstly RKinner with all the pasting log results I haven't taken the time to say thank you... so

THANKS MATE !!!

 

here is the speedfan result:

CPU - 43

Volt Reg - 39

Mem DIMM - 41

PCH - 55

GPU - 36

HD 0 - 34

HD 1 - 29

Core 0 - 41


  • 0

Advertisements


#11
jimxx7

jimxx7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts
FIXLOG added:
 
 
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 08-03-2017
Ran by Jim (11-03-2017 18:13:58) Run:1
Running from C:\Users\Jim\Desktop
Loaded Profiles: UpdatusUser & Jim (Available Profiles: Owner & UpdatusUser & Jim)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CMD: del /a /q c:\windows\prefetch\*.pf
HKU\S-1-5-21-3716940813-2614047019-3014684930-1006\...\RunOnce: [Application Restart #1] => C:\Users\Jim\AppData\Local\Google\Chrome\Application\chrome.exe  --flag-switches-begin --flag-switches-end --restore-last-session -- hxxp://msg.edit.yahoo.com/config/reset_cookies?&.y=Y%3dv%3d1%26n%3d (the data entry has 650 more characters).
HKU\S-1-5-21-3716940813-2614047019-3014684930-1006\...\MountPoints2: {ea9ab89e-12a9-11e3-a6bd-6c626d1c8a0d} - L:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
Tcpip\..\Interfaces\{76815806-ADC5-4682-A3BF-DA909BCDA368}: [DhcpNameServer] 127.0.0.1
SearchScopes: HKU\S-1-5-21-3716940813-2614047019-3014684930-1006 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKU\S-1-5-21-3716940813-2614047019-3014684930-1006 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYAU&apn_uid=8C5BCB5D-5324-48D8-9F63-47771BF8B5D8&apn_sauid=A39BE3C8-04E8-4499-B053-C91BE84780A0
BHO-x32: ReboundAlert -> {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} -> C:\Program Files (x86)\ReboundAlert\IE\common.dll [2013-02-22] (WebAppTech Coding, LLC)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll => No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-18] (Oracle Corporation)
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-18] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3716940813-2614047019-3014684930-1006 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
FF Extension: (ReboundAlert) - C:\Program Files (x86)\ReboundAlert\Firefox [2013-03-11] [not signed]
FF HKU\S-1-5-21-3716940813-2614047019-3014684930-1006\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\ReboundAlert\Firefox
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-18] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll [No File]
CHR HomePage: Default -> hxxp://www.search.ask.com/?gct=hp
CHR DefaultSearchURL: Default -> hxxp://www.search.ask.com/web?q={searchTerms}
CHR DefaultSearchKeyword: Default -> search.ask.com
CHR DefaultSuggestURL: Default -> hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\gcswf32.dll => No File
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll => No File
CHR Extension: (YouTube) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-08]
CHR HKU\S-1-5-21-3716940813-2614047019-3014684930-1006\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [afbcibndhffhhbokgpbpecjmejjcgcej] - C:\Users\Jim\AppData\Local\CRE\afbcibndhffhhbokgpbpecjmejjcgcej.crx <not found>
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe /launchService [X]
S2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
 CustomCLSID: HKU\S-1-5-21-3716940813-2614047019-3014684930-1006_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Jim\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3716940813-2614047019-3014684930-1006_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Jim\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3716940813-2614047019-3014684930-1006_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Jim\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3716940813-2614047019-3014684930-1006_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Jim\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3716940813-2614047019-3014684930-1006_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Jim\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3716940813-2614047019-3014684930-1006_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Jim\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3716940813-2614047019-3014684930-1006_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Jim\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
Task: {7951D8AF-6AEB-408C-BBF1-2813805CDD21} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3716940813-2614047019-3014684930-1006
CMD:  type C:\Windows\oem\boottore.bat 
REG: reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows" /s
C:\Program Files\McAfee Security Scan
unlock: C:/Program Files (x86)/Microsoft Office/Office14/Visio Content
CMD: sc config wudfsvc start=auto
CMD: for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"
reboot:
 
 
 
*****************
 
 
========= del /a /q c:\windows\prefetch\*.pf =========
 
 
========= End of CMD: =========
 
HKU\S-1-5-21-3716940813-2614047019-3014684930-1006\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #1 => value removed successfully
HKU\S-1-5-21-3716940813-2614047019-3014684930-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ea9ab89e-12a9-11e3-a6bd-6c626d1c8a0d} => key removed successfully
HKCR\CLSID\{ea9ab89e-12a9-11e3-a6bd-6c626d1c8a0d} => key not found. 
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => value removed successfully
HKLM\SOFTWARE\Policies\Google => key not found. 
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{76815806-ADC5-4682-A3BF-DA909BCDA368}\\DhcpNameServer => value removed successfully
HKU\S-1-5-21-3716940813-2614047019-3014684930-1006\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => key removed successfully
HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => key not found. 
HKU\S-1-5-21-3716940813-2614047019-3014684930-1006\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => key removed successfully
HKCR\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44ed99e2-16a6-4b89-80d6-5b21cf42e78b} => key not found. 
HKCR\Wow6432Node\CLSID\{44ed99e2-16a6-4b89-80d6-5b21cf42e78b} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} => key removed successfully
HKCR\Wow6432Node\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key not found. 
HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} => key removed successfully
HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found. 
HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found. 
HKU\S-1-5-21-3716940813-2614047019-3014684930-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value removed successfully
HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => key not found. 
HKCR\PROTOCOLS\Handler\linkscanner => key not found. 
HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} => key not found. 
C:\Program Files (x86)\ReboundAlert\Firefox => not found.
HKU\S-1-5-21-3716940813-2614047019-3014684930-1006\Software\Mozilla\Firefox\Extensions\\[email protected] => value not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.31.2 => key not found. 
C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll => not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2 => key not found. 
C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll => not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@mcafee.com/McAfeeMssPlugin => key removed successfully
Chrome HomePage => removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
Chrome DefaultSuggestURL => removed successfully
C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\pdf.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\gcswf32.dll => not found.
C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll => not found.
C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo => moved successfully
HKU\S-1-5-21-3716940813-2614047019-3014684930-1006\SOFTWARE\Google\Chrome\Extensions\afbcibndhffhhbokgpbpecjmejjcgcej => key removed successfully
HKLM\System\CurrentControlSet\Services\AMD FUEL Service => key removed successfully
AMD FUEL Service => service removed successfully
HKLM\System\CurrentControlSet\Services\AODDriver4.01 => key removed successfully
AODDriver4.01 => service removed successfully
HKLM\System\CurrentControlSet\Services\BTCFilterService => key removed successfully
BTCFilterService => service removed successfully
HKLM\System\CurrentControlSet\Services\motccgp => key removed successfully
motccgp => service removed successfully
HKLM\System\CurrentControlSet\Services\motccgpfl => key removed successfully
motccgpfl => service removed successfully
HKLM\System\CurrentControlSet\Services\MotoSwitchService => key removed successfully
MotoSwitchService => service removed successfully
HKLM\System\CurrentControlSet\Services\Motousbnet => key removed successfully
Motousbnet => service removed successfully
HKLM\System\CurrentControlSet\Services\motusbdevice => key removed successfully
motusbdevice => service removed successfully
HKU\S-1-5-21-3716940813-2614047019-3014684930-1006_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208} => key removed successfully
HKU\S-1-5-21-3716940813-2614047019-3014684930-1006_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448} => key removed successfully
HKU\S-1-5-21-3716940813-2614047019-3014684930-1006_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1} => key removed successfully
HKU\S-1-5-21-3716940813-2614047019-3014684930-1006_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8} => key removed successfully
HKU\S-1-5-21-3716940813-2614047019-3014684930-1006_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A} => key removed successfully
HKU\S-1-5-21-3716940813-2614047019-3014684930-1006_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9} => key removed successfully
HKU\S-1-5-21-3716940813-2614047019-3014684930-1006_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7951D8AF-6AEB-408C-BBF1-2813805CDD21} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7951D8AF-6AEB-408C-BBF1-2813805CDD21} => key removed successfully
C:\Windows\System32\Tasks\Games\UpdateCheck_S-1-5-21-3716940813-2614047019-3014684930-1006 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Games\UpdateCheck_S-1-5-21-3716940813-2614047019-3014684930-1006 => key removed successfully
 
========= type C:\Windows\oem\boottore.bat =========
 
title Windows Recovery Activation
@ECHO OFF
color F9
cls
echo.
echo.
echo    ********************************************************
echo    *                                                      *
echo    * Windows Recovery Environment (WinRE) is an emergency *
echo    * bootable partition that can be used to restore the   *
echo    * system back to its original Windows 7 factory state  *
echo    * and provide extra advanced options such as Windows   *
echo    * backup and Microsoft recovery options (memory test,  *
echo    * Windows setup, System Restore and more).             *
echo    *                                                      *
echo    * Warning - advanced recovery options is only          *
echo    *           recommended for experienced users!!!       *
echo    *                                                      *
echo    ********************************************************
echo.
ECHO  Do you want to enable - Windows Recovery Environment (WinRE) boot
ECHO.
ECHO.
c:\windows\System32\CHOICE.EXE /C YN /N /M "   Please Select Y/N: "
IF ERRORLEVEL 2 GOTO END
 
color CF
cls
ECHO.
ECHO.
ECHO    *********************************************************
ECHO    *                                                       *
ECHO    * Warning - Selecting YES will force the system to boot *
ECHO    * into the emergency WinRE partition the Next time you  *
ECHO    * restart the system!!!                                 *
ECHO    *                                                       *
ECHO    *********************************************************
ECHO.
ECHO    Are you sure you want to enable WinRE boot?
ECHO. 
c:\windows\System32\CHOICE.EXE /C yn /N /M "   Please Select Y/N: "
IF ERRORLEVEL 2 GOTO START
 
color A0
call reagentc /boottore
rem call reagentc /info
cls
echo.
echo.
echo     *******************************************************
echo     *                                                     *
echo     * Windows Recovery Environment (WinRE) is now enabled *
echo     *                                                     *
echo     * It will start after the system is rebooted and will *
echo     *                                                     *
echo     * display the Recovery Menu options for you           *
echo     *                                                     *
echo     *******************************************************
echo.
echo.
pause
 
:END
exit
========= End of CMD: =========
 
 
========= reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows" /s =========
 
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
    IconServiceLib    REG_SZ    IconCodecService.dll
    DdeSendTimeout    REG_DWORD    0x0
    DesktopHeapLogging    REG_DWORD    0x1
    GDIProcessHandleQuota    REG_DWORD    0x2710
    ShutdownWarningDialogTimeout    REG_DWORD    0xffffffff
    USERNestedWindowLimit    REG_DWORD    0x32
    USERPostMessageLimit    REG_DWORD    0x2710
    USERProcessHandleQuota    REG_DWORD    0x2710
    (Default)    REG_SZ    mnmsrvc
    DeviceNotSelectedTimeout    REG_SZ    15
    Spooler    REG_SZ    yes
    TransmissionRetryTimeout    REG_SZ    90
    AppInit_DLLs    REG_SZ    
    LoadAppInit_DLLs    REG_DWORD    0x1
 
 
 
========= End of Reg: =========
 
"C:\Program Files\McAfee Security Scan" => not found.
"C:/Program Files (x86)/Microsoft Office/Office14/Visio Content" => not found.
 
========= sc config wudfsvc start=auto =========
 
DESCRIPTION:
        Modifies a service entry in the registry and Service Database.
USAGE:
        sc <server> config [service name] <option1> <option2>...
 
OPTIONS:
NOTE: The option name includes the equal sign.
      A space is required between the equal sign and the value.
 type= <own|share|interact|kernel|filesys|rec|adapt>
 start= <boot|system|auto|demand|disabled|delayed-auto>
 error= <normal|severe|critical|ignore>
 binPath= <BinaryPathName>
 group= <LoadOrderGroup>
 tag= <yes|no>
 depend= <Dependencies(separated by / (forward slash))>
 obj= <AccountName|ObjectName>
 DisplayName= <display name>
 password= <password>
 
========= End of CMD: =========
 
 
========= for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1" =========
 
 
========= End of CMD: =========
 
 
 
The system needed a reboot.
 
==== End of Fixlog 18:14:05 ====

  • 0

#12
jimxx7

jimxx7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts
FRST Log: (Addition Log to follow)
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-03-2017
Ran by Jim (administrator) on OWNER-PC (11-03-2017 20:26:07)
Running from C:\Users\Jim\Desktop
Loaded Profiles: UpdatusUser & Jim (Available Profiles: Owner & UpdatusUser & Jim)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
() C:\Program Files (x86)\Samsung\Digimax Viewer 2.0\STImgBrowser.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(CyberLink Corporation.) C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-07-04] (NVIDIA Corporation)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-25] (CANON INC.)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2489456 2010-12-17] (VIA)
HKLM-x32\...\Run: [InstantBurn] => C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe [681256 2008-10-17] (CyberLink Corporation.)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [MDS_Menu] => C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-04-30] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl8] => C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-16] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-16] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2009-04-29] (cyberlink)
HKLM-x32\...\Run: [UpdatePPShortCut] => C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe [210216 2009-05-25] (CyberLink Corp.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-3716940813-2614047019-3014684930-1006\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2387968 2009-01-27] (Hewlett-Packard Company)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digimax Viewer 2.0.lnk [2013-03-31]
ShortcutTarget: Digimax Viewer 2.0.lnk -> C:\Program Files (x86)\Samsung\Digimax Viewer 2.0\STImgBrowser.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update Notifier.lnk [2017-02-23]
ShortcutTarget: Update Notifier.lnk -> C:\Program Files\WinZip\WZUpdateNotifier.exe (WinZip)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2017-02-23]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
BootExecute: autocheck autochk /p \??\L:autocheck autochk * 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File 
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File 
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File 
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File 
Tcpip\Parameters: [DhcpNameServer] 61.9.195.193 61.9.194.49
Tcpip\..\Interfaces\{BE7DBD9A-8CF5-45EE-BB99-67C2A1D540BB}: [DhcpNameServer] 61.9.195.193 61.9.194.49
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3716940813-2614047019-3014684930-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3716940813-2614047019-3014684930-1006\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ninemsn.com.au/?ocid=iehp
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08] (CANON INC.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08] (CANON INC.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
 
FireFox:
========
FF HKU\S-1-5-21-3716940813-2614047019-3014684930-1003\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\ReboundAlert\Firefox => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-04-15] (CANON INC.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-06-21] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-06-21] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-09] (Google Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> search.ask.com/?gct=hp
CHR StartupUrls: Default -> "hxxp://isearch.avg.com?cid={420897B4-3090-4DA6-99C7-C4E35DF91734}&mid=cc1113bef9de47d091f4bd2b2bf863fe-10f8a1089b69b7ac31401cb1135c3307a3e569fa&lang=&ds=&coid=&cmpid=&pr=&d=&v=18.1.9.799&pid=avg&sg=&sap=hp"
CHR DefaultSearchURL: Default -> hxxp://www.search.ask.com/web?q={searchTerms}
CHR DefaultSearchKeyword: Default -> search.ask.com
CHR DefaultSuggestURL: Default -> hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\gcswf32.dll => No File
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll => No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Google Update) - C:\Users\Jim\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Profile: C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default [2017-03-11]
CHR Extension: (Google Search) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR Extension: (Chrome Media Router) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-08]
CHR HKLM\...\Chrome\Extension: [aaaaahlfahldnilidgnlikdckbfehhca] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [aaaaahlfahldnilidgnlikdckbfehhca] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [afbcibndhffhhbokgpbpecjmejjcgcej] - C:\Users\Jim\AppData\Local\CRE\afbcibndhffhhbokgpbpecjmejjcgcej.crx <not found>
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [971160 2017-01-09] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5337600 2017-01-09] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1146128 2016-12-06] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [725976 2017-01-09] (AVG Technologies CZ, s.r.o.)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-06] ()
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-01-27] (Hewlett-Packard Company) [File not signed]
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [479840 2012-11-27] (Sony Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-07-17] () [File not signed]
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2010-12-14] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 3xHybr64; C:\Windows\System32\DRIVERS\3xHybr64.sys [1345536 2010-01-19] (NXP Semiconductors Germany GmbH)
S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [31744 2012-07-20] (Google Inc)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [312576 2016-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [267008 2016-10-05] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [298240 2016-11-30] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [254208 2016-09-26] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [299264 2016-07-27] (AVG Technologies CZ, s.r.o.)
R0 avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.)
S3 BTHPORT; C:\Windows\System32\Drivers\BTHport.sys [552960 2012-02-17] (Microsoft Corporation) [File not signed]
R1 CLBStor; C:\Windows\System32\DRIVERS\CLBStor.sys [24560 2008-10-14] (Cyberlink Co.,Ltd.)
R2 CLBUDF; C:\Windows\System32\Drivers\CLBUDF.sys [371696 2008-10-14] (CyberLink Corporation.)
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-17] ()
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [146928 2009-04-16] (CyberLink Corp.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-11 18:13 - 2017-03-11 18:14 - 00018270 ____C C:\Users\Jim\Desktop\Fixlog.txt
2017-03-11 18:13 - 2017-03-11 18:13 - 00000000 ___DC C:\Users\Jim\Desktop\FRST-OlderVersion
2017-03-09 21:56 - 2017-03-09 21:59 - 00015067 ____C C:\VEW.txt
2017-03-09 21:55 - 2017-03-09 21:54 - 00061440 ____C ( ) C:\Users\Jim\Desktop\VEW.exe
2017-03-09 21:54 - 2017-03-09 21:54 - 00000000 ___DC C:\Users\Jim\AppData\Local\VirtualStore
2017-03-09 21:23 - 2017-03-09 21:23 - 00000207 ____C C:\Windows\tweaking.com-regbackup-OWNER-PC-Windows-7-Home-Premium-(64-bit).dat
2017-03-09 21:23 - 2017-03-09 21:23 - 00000000 ___DC C:\RegBackup
2017-03-09 19:33 - 2017-03-09 19:33 - 00003650 ____C C:\Windows\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2017-03-09 19:33 - 2017-03-09 19:33 - 00002170 ____C C:\Users\Jim\Desktop\Tweaking.com - Windows Repair.lnk
2017-03-09 19:33 - 2017-03-09 19:33 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2017-03-09 19:33 - 2017-03-09 19:33 - 00000000 ___DC C:\Program Files (x86)\Tweaking.com
2017-03-09 19:31 - 2017-03-09 19:33 - 00190904 ____C C:\Windows\Tweaking.com - Windows Repair Setup Log.txt
2017-03-09 19:28 - 2017-03-09 19:27 - 32823032 ____C (Tweaking.com) C:\Users\Jim\Desktop\tweaking.com_windows_repair_aio_setup.exe
2017-03-09 19:16 - 2017-03-11 17:28 - 00000000 ___DC C:\Program Files (x86)\SpeedFan
2017-03-09 19:16 - 2017-03-09 19:16 - 00001018 ____C C:\Users\Jim\Desktop\SpeedFan.lnk
2017-03-09 19:16 - 2017-03-09 19:16 - 00000045 ____C C:\Windows\SysWOW64\initdebug.nfo
2017-03-09 19:16 - 2017-03-09 19:16 - 00000000 ___DC C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2017-03-09 19:15 - 2017-03-09 19:13 - 03086696 ____C C:\Users\Jim\Desktop\instspeedfan452 (1).exe
2017-03-08 23:34 - 2017-03-08 23:37 - 00242765 ____C C:\Users\Jim\Desktop\OWNER-PC.txt
2017-03-08 23:32 - 2017-03-08 23:32 - 00000803 ____C C:\Users\Public\Desktop\Speccy.lnk
2017-03-08 23:32 - 2017-03-08 23:32 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2017-03-08 23:32 - 2017-03-08 23:32 - 00000000 ___DC C:\Program Files\Speccy
2017-03-08 23:31 - 2017-03-08 23:27 - 06293184 ____C (Piriform Ltd) C:\Users\Jim\Desktop\spsetup130.exe
2017-03-08 23:06 - 2017-03-08 23:06 - 00007616 ____C C:\junk.txt
2017-03-08 22:58 - 2017-03-08 22:58 - 00009213 ____C C:\Users\Jim\Desktop\System Idle Process.txt
2017-03-08 22:53 - 2017-03-08 22:52 - 02710688 ____C (Sysinternals - www.sysinternals.com) C:\Users\Jim\Desktop\procexp.exe
2017-03-08 18:54 - 2017-03-08 18:54 - 00000000 ___DC C:\Users\Jim\AppData\Local\AvgSetupLog
2017-03-05 11:58 - 2017-03-11 20:26 - 00017375 ____C C:\Users\Jim\Desktop\FRST.txt
2017-03-05 11:58 - 2017-03-05 12:16 - 00033895 ____C C:\Users\Jim\Desktop\Addition - 1st Time.txt
2017-03-05 11:57 - 2017-03-11 20:26 - 00000000 ___DC C:\FRST
2017-03-05 11:56 - 2017-03-11 18:13 - 02423808 ____C (Farbar) C:\Users\Jim\Desktop\FRST64.exe
2017-03-05 07:48 - 2017-03-05 07:48 - 00000000 __RDC C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures - Shortcut
2017-03-05 07:35 - 2017-03-05 07:57 - 00000000 ___DC C:\Program Files (x86)\Adobe
2017-03-01 23:26 - 2017-03-01 23:26 - 00000000 ___DC C:\Windows\pss
2017-02-23 21:59 - 2017-02-23 22:17 - 00001941 ___HC C:\Windows\EPMBatch.ept
2017-02-23 21:35 - 2017-02-23 21:35 - 00003508 ____C C:\Windows\System32\Tasks\WinZipBackGroundToolsTask
2017-02-23 21:35 - 2017-02-23 21:35 - 00003396 ____C C:\Windows\System32\Tasks\WinZip Update Notifier
2017-02-23 21:35 - 2017-02-23 21:35 - 00002347 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Update Notifier.lnk
2017-02-23 21:35 - 2017-02-23 21:35 - 00002324 ____C C:\ProgramData\Microsoft\Windows\Start Menu\WinZip Background Tools.lnk
2017-02-23 21:35 - 2017-02-23 21:35 - 00002294 ____C C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2017-02-23 21:35 - 2017-02-23 21:35 - 00002288 ____C C:\Users\Public\Desktop\WinZip.lnk
2017-02-23 21:35 - 2017-02-23 21:35 - 00000000 ___DC C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinZip 21.0
2017-02-23 21:35 - 2017-02-23 21:35 - 00000000 ___DC C:\Users\Jim\AppData\Local\WinZip
2017-02-23 21:35 - 2017-02-23 21:35 - 00000000 ___DC C:\ProgramData\WinZip
2017-02-23 21:35 - 2017-02-23 21:35 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip 21.0
2017-02-23 21:35 - 2017-02-23 21:35 - 00000000 ___DC C:\Program Files\WinZip
2017-02-23 21:33 - 2017-02-23 21:33 - 00000000 ___DC C:\Program Files (x86)\EaseUS
2017-02-23 19:53 - 2017-02-23 19:53 - 00000000 ___DC C:\Users\Jim\AppData\Roaming\Acronis
2017-02-23 14:48 - 2017-02-23 21:44 - 00007627 ____C C:\Users\Jim\AppData\Local\Resmon.ResmonCfg
2017-02-22 13:39 - 2017-02-22 13:39 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2017-02-11 21:31 - 2017-02-11 21:31 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2017-02-11 21:31 - 2017-02-11 21:31 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-02-11 13:12 - 2017-02-11 21:32 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2017-02-11 13:12 - 2017-02-11 21:32 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2017-02-11 13:12 - 2017-02-11 21:32 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2017-02-11 13:12 - 2017-02-11 21:31 - 02084864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-02-11 13:12 - 2017-02-11 21:31 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2017-02-11 13:12 - 2017-02-11 21:31 - 01414144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-02-11 13:12 - 2017-02-11 21:30 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2017-02-11 13:12 - 2017-02-11 21:30 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2017-02-11 13:12 - 2017-02-11 21:30 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2017-02-11 13:12 - 2017-02-11 21:30 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2017-02-11 13:12 - 2017-02-11 21:30 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2017-02-11 13:12 - 2017-02-11 21:30 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2017-02-11 13:12 - 2017-02-11 21:30 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2017-02-11 13:12 - 2017-02-11 21:30 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2017-02-11 13:12 - 2017-02-11 21:30 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2017-02-11 13:12 - 2017-02-11 21:30 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2017-02-11 13:12 - 2017-02-11 21:30 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2017-02-11 13:12 - 2017-02-11 21:30 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2017-02-11 13:12 - 2017-02-11 21:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2017-02-11 13:12 - 2017-02-11 21:30 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2017-02-11 13:12 - 2017-02-11 21:30 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2017-02-11 13:12 - 2017-02-11 21:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2017-02-11 13:12 - 2017-02-11 21:30 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2017-02-11 13:12 - 2017-02-11 21:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2017-02-11 13:11 - 2017-02-11 21:29 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2017-02-11 13:11 - 2017-02-11 21:28 - 20302848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-02-11 13:11 - 2017-02-11 21:28 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-02-11 13:11 - 2017-02-11 21:28 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-02-11 13:11 - 2017-02-11 21:28 - 02287616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-02-11 13:11 - 2017-02-11 21:28 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-02-11 13:11 - 2017-02-11 21:28 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-02-11 13:11 - 2017-02-11 21:28 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2017-02-11 13:11 - 2017-02-11 21:28 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-02-11 13:11 - 2017-02-11 21:28 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-02-11 13:11 - 2017-02-11 21:28 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-02-11 13:11 - 2017-02-11 21:28 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-02-11 13:11 - 2017-02-11 21:28 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-02-11 13:11 - 2017-02-11 21:28 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-02-11 13:11 - 2017-02-11 21:28 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-02-11 13:11 - 2017-02-11 21:28 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-02-11 13:11 - 2017-02-11 21:28 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-02-11 13:11 - 2017-02-11 21:28 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-02-11 13:11 - 2017-02-11 21:28 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-02-11 13:11 - 2017-02-11 21:28 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-02-11 13:11 - 2017-02-11 21:28 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-02-11 13:11 - 2017-02-11 21:28 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-02-11 13:11 - 2017-02-11 21:28 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-02-11 13:11 - 2017-02-11 21:28 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-02-11 13:11 - 2017-02-11 21:28 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-02-11 13:11 - 2017-02-11 21:28 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-02-11 13:11 - 2017-02-11 21:28 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-02-11 13:11 - 2017-02-11 21:28 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-02-11 13:11 - 2017-02-11 21:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-02-11 13:11 - 2017-02-11 21:28 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-02-11 13:11 - 2017-02-11 21:28 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-02-11 13:11 - 2017-02-11 21:28 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-02-11 13:11 - 2017-02-11 21:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-02-11 13:11 - 2017-02-11 21:28 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-02-11 13:11 - 2017-02-11 21:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-02-11 13:11 - 2017-02-11 21:28 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-02-11 13:11 - 2017-02-11 21:28 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2017-02-11 13:11 - 2017-02-11 21:28 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-02-11 13:11 - 2017-02-11 21:28 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-02-11 13:11 - 2017-02-11 21:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-02-11 13:11 - 2017-02-11 21:25 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2017-02-11 13:11 - 2017-02-11 21:25 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 25759744 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 12574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2017-02-11 13:10 - 2017-02-11 21:28 - 12574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2017-02-11 13:10 - 2017-02-11 21:28 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 06049280 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-02-11 13:10 - 2017-02-11 21:28 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-02-11 13:10 - 2017-02-11 21:28 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-02-11 13:10 - 2017-02-11 21:28 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 03244032 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 03219456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-02-11 13:10 - 2017-02-11 21:28 - 03209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-02-11 13:10 - 2017-02-11 21:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-02-11 13:10 - 2017-02-11 21:28 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-02-11 13:10 - 2017-02-11 21:28 - 02023424 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 01178112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
2017-02-11 13:10 - 2017-02-11 21:28 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 01027584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10.IME
2017-02-11 13:10 - 2017-02-11 21:28 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2017-02-11 13:10 - 2017-02-11 21:28 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-02-11 13:10 - 2017-02-11 21:28 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2017-02-11 13:10 - 2017-02-11 21:28 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00680448 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2017-02-11 13:10 - 2017-02-11 21:28 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00633296 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2017-02-11 13:10 - 2017-02-11 21:28 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-02-11 13:10 - 2017-02-11 21:28 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00467392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2017-02-11 13:10 - 2017-02-11 21:28 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00457216 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
2017-02-11 13:10 - 2017-02-11 21:28 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00430080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imkr80.ime
2017-02-11 13:10 - 2017-02-11 21:28 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00419648 _____ C:\Windows\SysWOW64\locale.nls
2017-02-11 13:10 - 2017-02-11 21:28 - 00419648 _____ C:\Windows\system32\locale.nls
2017-02-11 13:10 - 2017-02-11 21:28 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-02-11 13:10 - 2017-02-11 21:28 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2017-02-11 13:10 - 2017-02-11 21:28 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe
2017-02-11 13:10 - 2017-02-11 21:28 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-02-11 13:10 - 2017-02-11 21:28 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-02-11 13:10 - 2017-02-11 21:28 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-02-11 13:10 - 2017-02-11 21:28 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-02-11 13:10 - 2017-02-11 21:28 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2017-02-11 13:10 - 2017-02-11 21:28 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00249344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2017-02-11 13:10 - 2017-02-11 21:28 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime
2017-02-11 13:10 - 2017-02-11 21:28 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime
2017-02-11 13:10 - 2017-02-11 21:28 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime
2017-02-11 13:10 - 2017-02-11 21:28 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime
2017-02-11 13:10 - 2017-02-11 21:28 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime
2017-02-11 13:10 - 2017-02-11 21:28 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime
2017-02-11 13:10 - 2017-02-11 21:28 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-02-11 13:10 - 2017-02-11 21:28 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-02-11 13:10 - 2017-02-11 21:28 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-02-11 13:10 - 2017-02-11 21:28 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-02-11 13:10 - 2017-02-11 21:28 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2017-02-11 13:10 - 2017-02-11 21:28 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime
2017-02-11 13:10 - 2017-02-11 21:28 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-02-11 13:10 - 2017-02-11 21:28 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2017-02-11 13:10 - 2017-02-11 21:28 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tintlgnt.ime
2017-02-11 13:10 - 2017-02-11 21:28 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quick.ime
2017-02-11 13:10 - 2017-02-11 21:28 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qintlgnt.ime
2017-02-11 13:10 - 2017-02-11 21:28 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\phon.ime
2017-02-11 13:10 - 2017-02-11 21:28 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cintlgnt.ime
2017-02-11 13:10 - 2017-02-11 21:28 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chajei.ime
2017-02-11 13:10 - 2017-02-11 21:28 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2017-02-11 13:10 - 2017-02-11 21:28 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2017-02-11 13:10 - 2017-02-11 21:28 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-02-11 13:10 - 2017-02-11 21:28 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2017-02-11 13:10 - 2017-02-11 21:28 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-02-11 13:10 - 2017-02-11 21:28 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2017-02-11 13:10 - 2017-02-11 21:28 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pintlgnt.ime
2017-02-11 13:10 - 2017-02-11 21:28 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2017-02-11 13:10 - 2017-02-11 21:28 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2017-02-11 13:10 - 2017-02-11 21:28 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-02-11 13:10 - 2017-02-11 21:28 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-02-11 13:10 - 2017-02-11 21:28 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2017-02-11 13:10 - 2017-02-11 21:28 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2017-02-11 13:10 - 2017-02-11 21:28 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-02-11 13:10 - 2017-02-11 21:28 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-02-11 13:10 - 2017-02-11 21:28 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-02-11 13:10 - 2017-02-11 21:28 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2017-02-11 13:10 - 2017-02-11 21:28 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2017-02-11 13:10 - 2017-02-11 21:28 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-02-11 13:10 - 2017-02-11 21:28 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
2017-02-11 13:10 - 2017-02-11 21:28 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe
2017-02-11 13:10 - 2017-02-11 21:28 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2017-02-11 13:10 - 2017-02-11 21:28 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2017-02-11 13:10 - 2017-02-11 21:28 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-02-11 13:10 - 2017-02-11 21:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2017-02-11 13:10 - 2017-02-11 21:28 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2017-02-11 13:10 - 2017-02-11 21:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-02-11 13:10 - 2017-02-11 21:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-02-11 13:10 - 2017-02-11 21:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2017-02-11 13:10 - 2017-02-11 21:25 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2017-02-11 13:10 - 2017-02-11 21:25 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2017-02-11 13:09 - 2017-02-11 21:28 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-02-11 13:09 - 2017-02-11 21:28 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-02-11 13:09 - 2017-02-11 21:28 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-02-11 13:09 - 2017-02-11 21:28 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-02-11 13:09 - 2017-02-11 21:28 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-02-11 13:09 - 2017-02-11 21:28 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-02-11 13:09 - 2017-02-11 21:28 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-02-11 13:09 - 2017-02-11 21:28 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-02-11 13:09 - 2017-02-11 21:28 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-02-11 13:09 - 2017-02-11 21:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2017-02-11 13:09 - 2017-02-11 21:28 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2017-02-11 13:09 - 2017-02-11 21:28 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-02-11 13:09 - 2017-02-11 21:28 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-02-11 13:09 - 2017-02-11 21:28 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-02-11 13:09 - 2017-02-11 21:28 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-02-11 13:09 - 2017-02-11 21:28 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2017-02-11 13:09 - 2017-02-11 21:28 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2017-02-11 13:09 - 2017-02-11 21:25 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2017-02-11 13:09 - 2017-02-11 21:25 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2017-02-11 13:09 - 2017-02-11 21:25 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2017-02-11 13:09 - 2017-02-11 21:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2017-02-11 13:09 - 2017-02-11 21:25 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2017-02-11 13:09 - 2017-02-11 21:25 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2017-02-11 13:09 - 2017-02-11 21:25 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2017-02-11 13:09 - 2017-02-11 21:25 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2017-02-11 13:09 - 2017-02-11 21:25 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2017-02-11 13:09 - 2017-02-11 21:25 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2017-02-11 13:09 - 2017-02-11 21:25 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2017-02-11 13:09 - 2017-02-11 21:25 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2017-02-11 13:09 - 2017-02-11 21:25 - 01026048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2017-02-11 13:09 - 2017-02-11 21:25 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2017-02-11 13:09 - 2017-02-11 21:25 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2017-02-11 13:09 - 2017-02-11 21:25 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2017-02-11 13:09 - 2017-02-11 21:25 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2017-02-11 13:09 - 2017-02-11 21:25 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2017-02-11 13:09 - 2017-02-11 21:25 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2017-02-11 13:09 - 2017-02-11 21:25 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2017-02-11 13:09 - 2017-02-11 21:25 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2017-02-11 13:09 - 2017-02-11 21:25 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2017-02-11 13:09 - 2017-02-11 21:25 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2017-02-11 13:09 - 2017-02-11 21:25 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2017-02-11 13:09 - 2017-02-11 21:25 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2017-02-11 13:09 - 2017-02-11 21:25 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2017-02-11 13:09 - 2017-02-11 21:25 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2017-02-11 13:09 - 2017-02-11 21:25 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2017-02-11 13:09 - 2017-02-11 21:25 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2017-02-11 13:09 - 2017-02-11 21:25 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2017-02-11 13:09 - 2017-02-11 21:25 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2017-02-11 13:09 - 2017-02-11 21:25 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2017-02-11 13:09 - 2017-02-11 21:25 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2017-02-11 13:09 - 2017-02-11 21:25 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2017-02-11 13:09 - 2017-02-11 21:25 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2017-02-11 13:09 - 2017-02-11 21:25 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2017-02-11 13:09 - 2017-02-11 21:25 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2017-02-11 13:09 - 2017-02-11 21:25 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2017-02-11 13:09 - 2017-02-11 21:25 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2017-02-11 13:09 - 2017-02-11 21:25 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2017-02-11 13:09 - 2017-02-11 21:25 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2017-02-11 13:09 - 2017-02-11 21:25 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2017-02-11 13:09 - 2017-02-11 21:25 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2017-02-11 13:09 - 2017-02-11 21:25 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2017-02-11 13:09 - 2017-02-11 21:25 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2017-02-11 13:09 - 2017-02-11 21:25 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2017-02-11 13:09 - 2017-02-11 21:25 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2017-02-11 13:09 - 2017-02-11 21:25 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2017-02-11 13:09 - 2017-02-11 21:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2017-02-11 13:09 - 2017-02-11 21:25 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2017-02-11 13:09 - 2017-02-11 21:25 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll
2017-02-11 13:09 - 2017-02-11 21:24 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2017-02-11 13:09 - 2017-02-11 21:24 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2017-02-11 13:09 - 2017-02-11 21:24 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2017-02-11 13:09 - 2017-02-11 21:24 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2017-02-11 13:09 - 2015-12-09 06:07 - 01393152 ____C (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll
2017-02-11 13:09 - 2015-12-09 06:07 - 00378880 ____C (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2017-02-11 13:09 - 2015-12-09 05:54 - 00116736 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2017-02-11 13:09 - 2015-12-09 05:12 - 00230400 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2017-02-11 13:09 - 2015-12-09 05:11 - 00005632 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2017-02-11 11:22 - 2017-02-11 21:25 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2017-02-11 11:22 - 2017-02-11 21:25 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2017-02-11 11:22 - 2017-02-11 21:25 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2017-02-10 18:07 - 2017-02-11 01:12 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-02-10 18:07 - 2017-02-11 01:12 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-02-10 18:07 - 2017-02-11 01:05 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2017-02-10 18:07 - 2017-02-11 01:05 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2017-02-10 18:07 - 2017-02-11 01:03 - 00483840 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2017-02-10 18:07 - 2017-02-11 01:03 - 00363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2017-02-10 18:07 - 2017-02-11 01:02 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2017-02-10 18:07 - 2017-02-11 01:02 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2017-02-10 18:02 - 2017-02-11 01:12 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2017-02-10 18:02 - 2017-02-11 01:12 - 00344576 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2017-02-10 18:02 - 2017-02-11 01:12 - 00297472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2017-02-10 18:02 - 2017-02-11 01:12 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2017-02-10 18:02 - 2017-02-11 01:12 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
2017-02-10 18:02 - 2017-02-11 01:12 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2017-02-10 18:02 - 2017-02-11 01:12 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
2017-02-10 18:02 - 2017-02-11 01:12 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
2017-02-10 18:02 - 2017-02-11 01:04 - 01896168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-02-10 18:02 - 2017-02-11 01:04 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2017-02-10 18:02 - 2017-02-11 01:04 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2017-02-10 18:02 - 2017-02-11 01:04 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2017-02-10 18:02 - 2017-02-11 01:04 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2017-02-10 18:02 - 2017-02-11 01:04 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2017-02-10 18:02 - 2017-02-11 01:04 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-02-10 18:02 - 2017-02-11 01:04 - 00296448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2017-02-10 18:02 - 2017-02-11 01:04 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2017-02-10 18:02 - 2017-02-11 01:04 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2017-02-10 18:02 - 2017-02-11 01:03 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2017-02-10 18:02 - 2017-02-11 01:03 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2017-02-10 18:02 - 2017-02-11 01:03 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2017-02-10 18:02 - 2017-02-11 01:03 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2017-02-10 18:02 - 2017-02-11 01:03 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2017-02-10 18:02 - 2017-02-11 01:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2017-02-10 18:02 - 2017-02-11 01:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2017-02-10 18:02 - 2017-02-11 01:02 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2017-02-10 18:02 - 2017-02-11 01:02 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2017-02-10 18:02 - 2017-02-11 01:02 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2017-02-10 18:02 - 2017-02-11 01:02 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2017-02-10 18:02 - 2017-02-11 01:02 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2017-02-10 18:02 - 2017-02-11 01:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2017-02-10 18:02 - 2016-08-17 07:40 - 00343552 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2017-02-10 18:02 - 2016-08-17 07:40 - 00327168 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2017-02-10 18:02 - 2016-08-17 07:40 - 00099840 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2017-02-10 18:02 - 2016-08-17 07:40 - 00030720 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2017-02-10 18:02 - 2016-08-17 07:40 - 00025600 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2017-02-10 18:02 - 2016-08-17 07:40 - 00007808 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2017-02-10 18:02 - 2016-01-21 11:51 - 00073664 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2017-02-10 18:01 - 2017-02-11 01:01 - 02004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2017-02-10 18:01 - 2017-02-11 01:01 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2017-02-10 18:01 - 2017-02-11 01:01 - 00794624 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2017-02-10 18:01 - 2017-02-11 01:01 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2017-02-10 18:01 - 2017-02-11 01:01 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2017-02-10 18:01 - 2017-02-11 01:01 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2017-02-10 18:01 - 2017-02-11 01:01 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2017-02-10 18:01 - 2017-02-11 01:01 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2017-02-10 18:01 - 2017-02-11 01:01 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2017-02-10 18:01 - 2017-02-11 01:01 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2017-02-10 18:01 - 2017-02-11 01:01 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2017-02-10 18:01 - 2017-02-11 01:01 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2017-02-10 18:01 - 2017-02-11 01:01 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2017-02-10 18:01 - 2017-02-11 01:01 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
2017-02-10 18:01 - 2017-02-11 01:01 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2017-02-10 18:01 - 2017-02-11 01:01 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2017-02-10 18:01 - 2017-02-11 01:01 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2017-02-10 18:01 - 2017-02-11 01:01 - 00070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipsec.dll
2017-02-10 18:01 - 2017-02-11 01:01 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2017-02-10 18:01 - 2017-02-11 01:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2017-02-10 18:01 - 2017-02-11 01:01 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2017-02-10 18:01 - 2017-02-11 01:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2017-02-10 18:01 - 2017-02-11 01:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2017-02-09 20:27 - 2017-02-09 20:49 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2017-02-09 20:27 - 2017-02-09 20:49 - 00511488 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2017-02-09 20:25 - 2017-02-11 01:01 - 14183424 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-02-09 20:25 - 2017-02-11 01:01 - 12880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-02-09 20:25 - 2017-02-11 01:01 - 03229696 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2017-02-09 20:25 - 2017-02-11 01:01 - 02972672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2017-02-09 20:25 - 2017-02-11 01:01 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-02-09 20:25 - 2017-02-11 01:01 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-02-09 20:25 - 2017-02-11 01:00 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2017-02-09 20:25 - 2017-02-10 17:55 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2017-02-09 20:25 - 2017-02-10 17:55 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2017-02-09 20:25 - 2017-02-09 20:48 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2017-02-09 20:25 - 2017-02-09 20:48 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2017-02-09 20:25 - 2017-02-09 20:48 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2017-02-09 20:25 - 2017-02-09 20:48 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2017-02-09 20:25 - 2017-02-09 20:48 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2017-02-09 20:25 - 2017-02-09 20:48 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2017-02-09 18:53 - 2017-02-09 20:49 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2017-02-09 18:53 - 2017-02-09 20:49 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2017-02-09 18:53 - 2017-02-09 20:49 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2017-02-09 18:53 - 2017-02-09 20:49 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2017-02-09 18:53 - 2017-02-09 20:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
2017-02-09 18:53 - 2017-02-09 20:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
2017-02-09 18:53 - 2017-02-09 20:49 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2017-02-09 18:53 - 2017-02-09 20:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
2017-02-09 18:52 - 2017-02-11 01:13 - 01885696 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-02-09 18:52 - 2017-02-11 01:13 - 01240576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2017-02-09 18:52 - 2017-02-11 01:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2017-02-09 18:52 - 2017-02-11 01:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2017-02-09 18:52 - 2017-02-11 01:06 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-02-09 18:52 - 2017-02-11 01:06 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2017-02-09 18:52 - 2017-02-11 01:06 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-02-09 18:52 - 2017-02-11 01:06 - 00249352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2017-02-09 18:52 - 2017-02-11 01:06 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-02-09 18:52 - 2017-02-09 20:48 - 01684416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-02-09 18:51 - 2017-02-09 20:48 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2017-02-09 18:51 - 2017-02-09 20:48 - 00316416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2017-02-09 01:18 - 2017-02-11 01:07 - 01632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2017-02-09 01:18 - 2017-02-11 01:07 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2017-02-09 01:18 - 2017-02-11 01:07 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2017-02-09 01:18 - 2017-02-11 01:07 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2017-02-09 01:18 - 2017-02-11 01:06 - 01629184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-02-09 01:18 - 2017-02-11 01:06 - 01226752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-02-09 01:18 - 2017-02-11 01:06 - 00586752 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-02-09 01:18 - 2017-02-11 01:06 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-02-09 01:18 - 2017-02-11 01:06 - 00451080 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2017-02-09 01:18 - 2017-02-11 01:06 - 00314368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-02-09 01:18 - 2017-02-11 01:06 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-02-09 01:18 - 2017-02-11 01:06 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-02-09 01:18 - 2017-02-11 01:06 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-02-09 01:18 - 2017-02-11 01:06 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2017-02-09 01:18 - 2017-02-11 01:06 - 00077032 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-02-09 01:18 - 2017-02-11 01:06 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll
2017-02-09 01:18 - 2017-02-11 01:06 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tbs.dll
2017-02-09 01:18 - 2017-02-09 20:49 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-02-09 01:18 - 2017-02-09 20:49 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-02-09 01:18 - 2017-02-09 20:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-02-09 01:17 - 2017-02-11 21:25 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2017-02-09 01:17 - 2017-02-11 21:25 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2017-02-09 01:17 - 2017-02-11 21:25 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2017-02-09 01:17 - 2017-02-11 01:05 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2017-02-09 01:17 - 2017-02-11 01:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2017-02-09 01:17 - 2017-02-11 01:05 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2017-02-09 01:17 - 2017-02-11 01:04 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2017-02-09 01:17 - 2017-02-11 01:04 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-02-09 00:35 - 2017-02-09 00:35 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2017-02-09 00:35 - 2017-02-08 22:38 - 00001060 ____C C:\Users\Public\Desktop\AVG.lnk
2017-02-09 00:34 - 2017-03-11 12:54 - 00003600 ____C C:\Windows\System32\Tasks\AVG EUpdate Task
2017-02-09 00:34 - 2017-02-09 00:36 - 00000000 ___DC C:\ProgramData\Avg
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-11 20:24 - 2009-07-14 15:45 - 00028720 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-11 20:24 - 2009-07-14 15:45 - 00028720 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-11 20:20 - 2009-07-14 16:13 - 00772352 ____C C:\Windows\system32\PerfStringBackup.INI
2017-03-11 20:20 - 2009-07-14 14:20 - 00000000 ___DC C:\Windows\inf
2017-03-11 20:16 - 2012-07-09 19:55 - 00000000 ___DC C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
2017-03-11 20:16 - 2012-07-07 10:37 - 00000000 ___DC C:\ProgramData\MFAData
2017-03-11 20:16 - 2012-07-03 17:18 - 00000000 ___DC C:\ProgramData\NVIDIA
2017-03-11 20:16 - 2009-07-14 16:08 - 00000006 ___HC C:\Windows\Tasks\SA.DAT
2017-03-11 18:13 - 2013-07-03 22:18 - 00000000 ___DC C:\Windows\System32\Tasks\Games
2017-03-11 18:06 - 2013-07-03 23:05 - 00000000 ___DC C:\Program Files (x86)\Java
2017-03-11 17:13 - 2012-07-10 20:12 - 00091256 ____C C:\Users\Jim\AppData\Local\GDIPFONTCACHEV1.DAT
2017-03-09 21:40 - 2009-07-14 15:45 - 00352528 ____C C:\Windows\system32\FNTCACHE.DAT
2017-03-09 21:35 - 2009-07-14 13:34 - 00000439 ____C C:\Windows\win.ini
2017-03-09 20:59 - 2012-07-09 19:55 - 00000000 __RDC C:\Users\Jim
2017-03-08 23:02 - 2012-05-31 17:28 - 00001294 ____C C:\Users\Public\Desktop\Windows Recovery Activation.lnk
2017-03-06 18:17 - 2009-07-14 16:09 - 00000000 ___DC C:\Windows\System32\Tasks\WPD
2017-03-06 01:01 - 2009-07-14 15:57 - 00001547 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-03-05 11:21 - 2013-07-19 22:57 - 00000000 ___DC C:\ProgramData\CanonIJPLM
2017-03-05 07:58 - 2012-07-03 14:49 - 00000000 ___DC C:\Windows\SysWOW64\Macromed
2017-03-05 07:58 - 2012-07-03 14:49 - 00000000 ___DC C:\Windows\system32\Macromed
2017-03-05 07:35 - 2012-09-08 21:46 - 00000000 ___DC C:\ProgramData\Adobe
2017-03-01 23:31 - 2012-07-07 10:29 - 00000000 ___DC C:\ProgramData\Yahoo!
2017-03-01 23:31 - 2012-07-07 10:28 - 00000000 ___DC C:\Program Files (x86)\Yahoo!
2017-03-01 23:30 - 2009-07-14 13:34 - 00000826 ____C C:\Windows\system32\Drivers\etc\hosts_bak_521
2017-03-01 23:26 - 2012-12-29 21:09 - 00000000 ___DC C:\Users\Jim\AppData\Local\ElevatedDiagnostics
2017-02-28 16:27 - 2012-06-01 11:13 - 00000000 ___DC C:\Windows\Panther
2017-02-25 01:49 - 2013-08-16 02:04 - 00000000 ___DC C:\Windows\system32\MRT
2017-02-25 01:48 - 2012-07-10 01:06 - 138020592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-02-23 23:27 - 2012-07-10 20:33 - 00000000 ___DC C:\Users\Jim\AppData\Local\Microsoft Games
2017-02-23 19:53 - 2012-07-08 23:53 - 00001222 ____C C:\Users\Public\Desktop\Acronis True Image Home 2010.lnk
2017-02-22 13:39 - 2014-12-13 20:36 - 00002151 ____C C:\Users\Public\Desktop\Google Earth.lnk
2017-02-22 13:39 - 2014-12-13 20:35 - 00000000 ___DC C:\Program Files (x86)\Google
2017-02-22 07:28 - 2012-07-09 20:04 - 00000000 ___DC C:\Users\Jim\AppData\Local\Google
2017-02-12 08:42 - 2009-07-14 14:20 - 00000000 ___DC C:\Windows\SysWOW64\Dism
2017-02-12 08:42 - 2009-07-14 14:20 - 00000000 ___DC C:\Windows\system32\Dism
2017-02-12 08:42 - 2009-07-14 14:20 - 00000000 ___DC C:\Windows\PolicyDefinitions
2017-02-11 21:28 - 2015-05-15 19:55 - 00546656 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2017-02-11 21:28 - 2015-01-14 19:02 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2017-02-11 11:15 - 2014-12-12 21:44 - 00000000 ___DC C:\Windows\system32\appraiser
2017-02-11 11:15 - 2014-05-07 04:00 - 00000000 __SDC C:\Windows\system32\CompatTel
2017-02-11 11:15 - 2012-08-04 11:28 - 00000000 ___DC C:\Program Files\Microsoft Silverlight
2017-02-11 11:15 - 2012-08-04 11:28 - 00000000 ___DC C:\Program Files (x86)\Microsoft Silverlight
2017-02-11 01:03 - 2012-08-04 11:28 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-02-09 17:24 - 2012-10-27 21:54 - 00000000 ___DC C:\Windows\Minidump
2017-02-09 17:24 - 2009-07-14 14:20 - 00000000 ___DC C:\Windows\system32\Msdtc
2017-02-09 01:13 - 2012-07-03 17:18 - 00000000 ___DC C:\Users\UpdatusUser
2017-02-09 00:32 - 2014-12-13 20:35 - 00003330 ____C C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-02-09 00:32 - 2014-12-13 20:35 - 00003202 ____C C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
 
==================== Files in the root of some directories =======
 
2012-07-22 15:59 - 2012-07-22 15:59 - 0027520 ____C () C:\Users\Jim\AppData\Local\dt.dat
2017-02-23 14:48 - 2017-02-23 21:44 - 0007627 ____C () C:\Users\Jim\AppData\Local\Resmon.ResmonCfg
2012-05-31 17:33 - 2012-05-31 17:33 - 0000109 ____C () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2012-05-31 17:32 - 2012-05-31 17:33 - 0000106 ____C () C:\ProgramData\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}.log
2012-05-31 17:31 - 2012-05-31 17:32 - 0000105 ____C () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2012-05-31 17:29 - 2012-05-31 17:31 - 0000106 ____C () C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log
2012-05-31 17:33 - 2012-05-31 17:33 - 0000110 ____C () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log
2012-05-31 17:28 - 2012-05-31 17:29 - 0000107 ____C () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
 
Some files in TEMP:
====================
2017-03-11 17:12 - 2017-03-11 17:29 - 0192512 ____C () C:\Users\Jim\AppData\Local\Temp\sfamcc00001.dll
2012-07-07 10:41 - 2012-07-07 10:41 - 0247808 ____C (AVG Technologies CZ, s.r.o.) C:\Users\Owner\AppData\Local\Temp\avguidx.dll
2012-07-07 10:41 - 2012-07-07 10:41 - 2740320 ____C () C:\Users\Owner\AppData\Local\Temp\CommonInstaller.exe
2012-07-03 14:48 - 2010-02-26 11:45 - 0080896 ____C (Microsoft Corporation) C:\Users\Owner\AppData\Local\Temp\devcon.exe
2012-07-07 10:41 - 2012-07-07 10:41 - 0692224 ____C () C:\Users\Owner\AppData\Local\Temp\iGearedHelper.dll
2012-07-07 10:41 - 2012-07-07 10:41 - 0163936 ____C () C:\Users\Owner\AppData\Local\Temp\MachineIdCreator.exe
2012-07-07 10:41 - 2012-07-07 10:41 - 10249824 ____C () C:\Users\Owner\AppData\Local\Temp\oi_{A21D0A24-CBD5-44CA-9A4A-76DCD9FA8314}.exe
2012-07-07 10:41 - 2012-07-07 10:41 - 7112288 ____C () C:\Users\Owner\AppData\Local\Temp\ToolbarInstaller.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2012-07-03 15:55
 
==================== End of FRST.txt ============================

  • 0

#13
jimxx7

jimxx7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts

Addition Logfile after Fixes run:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-03-2017
Ran by Jim (11-03-2017 20:26:25)
Running from C:\Users\Jim\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-07-03 03:17:07)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3716940813-2614047019-3014684930-500 - Administrator - Disabled)
Guest (S-1-5-21-3716940813-2614047019-3014684930-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3716940813-2614047019-3014684930-1008 - Limited - Enabled)
Jim (S-1-5-21-3716940813-2614047019-3014684930-1006 - Administrator - Enabled) => C:\Users\Jim
Owner (S-1-5-21-3716940813-2614047019-3014684930-1002 - Administrator - Enabled) => C:\Users\Owner
UpdatusUser (S-1-5-21-3716940813-2614047019-3014684930-1003 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acronis True Image Home (HKLM-x32\...\{67ED38A3-4882-448B-B44D-3428AB00D7D5}) (Version: 13.0.7154 - Acronis)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.10.0.0 - Asmedia Technology)
AVG (HKLM\...\AvgZen) (Version: 1.113.2.50020 - AVG Technologies)
AVG (Version: 16.141.7998 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4756 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.141.7998 - AVG Technologies)
AVG Zen (Version: 1.113.1 - AVG Technologies) Hidden
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Canon MG5100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series) (Version:  - )
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
CyberLink BD Advisor 2.0 (HKLM-x32\...\{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}) (Version:  - )
CyberLink Blu-ray Disc Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2604 - CyberLink Corp.)
CyberLink InstantBurn (HKLM-x32\...\{19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}) (Version: 5.0.4617 - CyberLink Corp.)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1720 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 4.1.3117 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.2918 - CyberLink Corp.)
CyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.2815b - CyberLink Corp.)
CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.1.1111 - CyberLink Corp.)
Digimax V (HKLM-x32\...\{FC483A2D-E281-4282-94F8-A4C2E7CCD687}) (Version:  - )
Digimax Viewer 2.0 (HKLM-x32\...\{9EE54C1F-FC99-44D6-916A-0CA2D45E740F}) (Version:  - )
Etron USB3.0 Host Controller (x32 Version: 0.105 - Etron Technology) Hidden
Flash Player Pro V5.4 (HKLM-x32\...\Flash Player Pro_is1) (Version:  - FlashPlayerPro.com)
FMW 1 (Version: 1.143.3 - AVG Technologies) Hidden
G3 Manager (HKLM-x32\...\{8D9E93D2-049D-4E9D-B263-13216E20EF1F}) (Version: 1.00.0000 - )
G3 Manager (x32 Version: 1.00.0000 - DECA System) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
LightScribe System Software (HKLM-x32\...\{4A9849CA-E11C-4F24-8BB1-97C717A1C898}) (Version: 1.18.1.1 - LightScribe)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NavDesk 2009 (HKLM-x32\...\{F5F1B66A-F117-427C-98C7-D4732F49BEBF}) (Version: 6.20.211 - Navman Technologies NZ Ltd)
NVIDIA 3D Vision Controller Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 320.49 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 320.49 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.5.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.5.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.49 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.24.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.24.2 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0604 - NVIDIA Corporation)
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
PlayMemories Home (HKLM-x32\...\{1E5C7043-09C5-4974-A69F-A5271FD82BBC}) (Version: 7.0.00.11271 - Sony Corporation)
Ralink RT2870 Wireless LAN Card (HKLM-x32\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0E}) (Version: 3.1.4.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.43.321.2011 - Realtek)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6409 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6449 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.28.1 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.28.1 - Renesas Electronics Corporation) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.9.26 - Tweaking.com)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WinFast Multimedia Driver Installation  (HKLM-x32\...\{418EC9DD-25EE-4C3F-8827-B7AA9B26405B}) (Version:  - Multimedia)
WinZip 21.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2410D}) (Version: 21.0.12288 - WinZip Computing, S.L. )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3716940813-2614047019-3014684930-1006_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll ()
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {05E55333-2A96-4E22-8524-98635A13FD93} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe 
Task: {49BAD779-C313-4870-8B91-DDDF58FD2628} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-12] (Tweaking.com)
Task: {711EB444-D5AF-41FB-861C-608E26CC732F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-09] (Google Inc.)
Task: {763CBF87-73CE-4B75-AF12-26C10BA5D7E1} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe 
Task: {9BDC1E02-C8CC-4911-AC9B-CAB731431538} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-09] (Google Inc.)
Task: {E12638C1-0E7A-4791-A9E4-C87A251E85BA} - System32\Tasks\WinZip Update Notifier => C:\Program Files\WinZip\WZUpdateNotifier.exe [2017-02-13] (WinZip)
Task: {F6FF76A7-C9C3-4BE0-B6EB-DCF21C2E49DD} - System32\Tasks\WinZipBackGroundToolsTask => C:\Program Files\WinZip\WzBGTools.exe [2017-02-13] (WinZip Computing, S.L.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\Public\Desktop\Windows Recovery Activation.lnk -> C:\Windows\oem\boottore.bat ()
 
==================== Loaded Modules (Whitelisted) ==============
 
2012-07-03 17:18 - 2013-06-21 21:23 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-07-19 23:03 - 2010-04-06 06:55 - 00116104 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2012-05-31 17:31 - 2009-07-17 18:13 - 00244904 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2013-03-31 01:52 - 2003-03-20 11:53 - 00626688 _____ () C:\Program Files (x86)\Samsung\Digimax Viewer 2.0\STImgBrowser.exe
2017-02-08 23:13 - 2017-02-01 20:47 - 02459992 ____C () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-08 23:13 - 2017-02-01 20:47 - 00099672 ____C () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
2009-01-27 22:37 - 2009-01-27 22:37 - 02023424 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2009-01-27 22:37 - 2009-01-27 22:37 - 07331840 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2009-01-27 22:37 - 2009-01-27 22:37 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2013-03-31 01:52 - 1998-11-20 18:44 - 00051712 _____ () C:\Program Files (x86)\Samsung\Digimax Viewer 2.0\Stwa.dll
2013-03-31 01:52 - 2003-01-22 21:21 - 00253952 _____ () C:\Program Files (x86)\Samsung\Digimax Viewer 2.0\impexp97.dll
2013-03-31 01:52 - 1999-07-05 19:07 - 00223232 _____ () C:\Program Files (x86)\Samsung\Digimax Viewer 2.0\Stwablt.dll
2013-03-31 01:52 - 1996-11-14 11:26 - 00079872 _____ () C:\Program Files (x86)\Samsung\Digimax Viewer 2.0\STXFORM.dll
2013-03-31 01:52 - 1999-04-27 11:22 - 00107520 _____ () C:\Program Files (x86)\Samsung\Digimax Viewer 2.0\Stfrg.dll
2013-03-31 01:52 - 1999-09-20 21:12 - 00133632 _____ () C:\Program Files (x86)\Samsung\Digimax Viewer 2.0\Stapi.dll
2012-05-31 17:28 - 2007-04-10 16:01 - 08357424 _____ () C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\res.dll
2009-04-30 12:05 - 2009-04-30 12:05 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-04-30 12:08 - 2009-04-30 12:08 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2017-02-09 00:34 - 2017-02-09 00:34 - 48920064 ____C () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 13:34 - 2017-03-09 21:35 - 00000855 ___AC C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3716940813-2614047019-3014684930-1006\Control Panel\Desktop\\Wallpaper -> C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 61.9.195.193 - 61.9.194.49
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: CanonSolutionMenuEx => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
MSCONFIG\startupreg: EaseUS Cleanup => "C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.10\bin\CleanUpUI.exe" 10 300
MSCONFIG\startupreg: EaseUS EPM tray => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.10\bin\EpmNews.exe
MSCONFIG\startupreg: EaseUS EPM Tray Agent => "C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.10\bin\TrayPopupE\TrayTipAgentE.exe"
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
MSCONFIG\startupreg: TrueImageMonitor.exe => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{3FDD206B-70EF-42DC-BF05-FB68BEE467F4}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD8\PowerDVD8.EXE
FirewallRules: [{83AD98D0-C0DC-4526-B4E8-E36788D6C101}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{8C8D588B-631E-406C-9C69-613C726A3280}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [TCP Query User{FFBFFE18-2552-4021-B8E7-C106E254F5D2}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{853F05DD-CB0A-40A9-BB68-9B597D2AC73C}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{0BFC4093-7021-451F-8547-EFB9AD1F072E}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{A209B7FF-CF96-4491-AB6F-9B877B8C41F3}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{1C0DFD0E-26A3-48F0-B7B6-0A3126836062}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{19D29B2A-4450-4591-B92A-BA100A7E6778}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{AAF34BC1-5095-47F0-8BD4-C0DCB3B4A812}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{9CB0DF80-9AB7-4FF6-B7CC-A878B4098F9F}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{0AE3CED2-1BD4-4CD5-8940-B5A265D1D94E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{7B4AD209-9201-4C9E-8035-5BF515C45DF1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{6B8ADDFB-8329-4925-B55D-C7BE94BC5607}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{B878C2F8-4675-4661-94C7-19816DA19034}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{995AB49C-B5EC-4BC8-BEE0-14E6FC800291}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{B1DFFE23-5147-42CF-AA8C-3E640C013FB2}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{4BAE81ED-4DCE-4ADC-AA1C-9A053EAA3D05}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{E8A878EE-6577-48AF-BAF1-37D0F6FE0E8C}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{8760E483-EBE7-433B-8759-C6218D8575D8}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{63CA2404-B5ED-448A-A7F8-9331422BF559}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{3390EE9C-8F76-424A-9C03-19FB867EF1D1}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{6D158F5B-B6D7-4E12-A558-5568EE41AF18}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{538B1B5B-46C8-48A8-AA62-F8EA4D1872DF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
Error: (03/11/2017 08:16:41 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070420'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
 
Error: (03/11/2017 08:16:35 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
Access is denied.
 
Error: (03/11/2017 08:16:30 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
Access is denied.
 
Error: (03/11/2017 08:16:28 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:41:07 PM on ‎11/‎03/‎2017 was unexpected.
 
Error: (03/11/2017 06:15:36 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
 
Error: (03/11/2017 06:15:32 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
Access is denied.
 
Error: (03/11/2017 06:15:26 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
Access is denied.
 
Error: (03/11/2017 06:14:27 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
Access is denied.
 
Error: (03/11/2017 06:14:23 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.
 
 
CodeIntegrity:
===================================
  Date: 2017-03-11 20:16:28.524
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\bthport.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-03-11 20:16:28.493
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\bthport.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-03-11 18:15:19.266
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\bthport.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-03-11 18:15:19.235
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\bthport.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 17%
Total physical RAM: 16365.53 MB
Available physical RAM: 13510.11 MB
Total Virtual: 32729.24 MB
Available Virtual: 29762.29 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:219.86 GB) (Free:155.62 GB) NTFS
Drive d: () (Fixed) (Total:1863.01 GB) (Free:1353.66 GB) NTFS
Drive e: (WinRE) (Fixed) (Total:7.81 GB) (Free:3.05 GB) NTFS
Drive l: (Elements) (Fixed) (Total:931.48 GB) (Free:188.4 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: B8B5477E)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 15415647)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=7.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=219.9 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 93486964)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

  • 0

#14
jimxx7

jimxx7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts

Note:

 

Java removed OK

 

When ReboundAlert was removed it caused a Rebound Alert window to start in Chrome 

When Search Protect was removed Chrome asked if I wanted to add Yahoo Task bar which I declined of course
 
When I tried to run the FRST scan the system stalled for more than 60 mins and I had to hard boot (not desirable but it was clearly hanging)
 
I will run Speccy now.

  • 0

#15
jimxx7

jimxx7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts

Owner-PC.txt attached

Attached File  OWNER-PC.txt   77.24KB   202 downloads 


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP