Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Slow pc


  • Please log in to reply

#1
o0hope0o

o0hope0o

    New Member

  • Member
  • Pip
  • 5 posts

Hi

 Can someone have a quick look at my scan logs please.  Computer has become really slow and not sure why.

Many thanks Hope

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-04-2017
Ran by hope (administrator) on HOPE (26-04-2017 12:16:40)
Running from C:\Users\hope\Desktop
Loaded Profiles: hope (Available Profiles: hope)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.9.1.12\ns.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
() C:\Program Files (x86)\Real\RealPlayer\UpdateService\RealPlayerUpdateSvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.9.1.12\ns.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
(Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Google, Inc) C:\Users\hope\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\WDAppManager.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\Plugins\WD Backup\App\WDBackupService.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
() C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
(Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RealDownloader\realdownloader264.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
() C:\Program Files (x86)\Real\RealPlayer\RealDownloader\downloader2.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.14.662.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\SrTasks.exe
() C:\Program Files\Common Files\adaware\adaware antivirus\updater\12.0.649.11190\TBD1350.tmp
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
() C:\Program Files\Common Files\adaware\adaware antivirus\updater\12.0.649.11190\AdAwareUpdater.exe
() C:\Program Files\Common Files\adaware\adaware antivirus\updater\12.0.649.11190\QtWebEngineProcess.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Users\hope\AppData\Local\Google\Update\GoogleUpdate.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-06-26] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954352 2016-04-28] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-03-22] (Apple Inc.)
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239104 2017-03-23] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [263088 2017-04-26] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67896 2017-03-16] (Apple Inc.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-04-10] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [1046496 2016-11-11] (DivX, LLC)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4127488 2015-06-16] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [ZoneAlarm] => "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
HKLM-x32\...\Run: [WDAppManager] => C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe [21384 2016-04-19] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1761120 2015-12-07] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1890664 2016-01-14] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-02-12] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [352648 2017-03-22] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => C:\program files (x86)\real\realplayer\RealDownloader\downloader2.exe [738032 2017-03-14] ()
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-570208440-388758986-1359718189-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-03-16] (Apple Inc.)
HKU\S-1-5-21-570208440-388758986-1359718189-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2017-03-16] (Apple Inc.)
HKU\S-1-5-21-570208440-388758986-1359718189-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-03-16] (Apple Inc.)
HKU\S-1-5-21-570208440-388758986-1359718189-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-570208440-388758986-1359718189-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1931880 2017-04-16] (Lavasoft)
HKU\S-1-5-21-570208440-388758986-1359718189-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2017-03-16] (Apple Inc.)
HKU\S-1-5-21-570208440-388758986-1359718189-1001\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1092920 2017-02-08] (Apple Inc.)
HKU\S-1-5-21-570208440-388758986-1359718189-1001\...\Run: [Google Update] => C:\Users\hope\AppData\Local\Google\Update\1.3.33.3\GoogleUpdateCore.exe [599632 2017-04-15] (Google Inc.)
HKU\S-1-5-21-570208440-388758986-1359718189-1001\...\Run: [Google Photos Backup] => C:\Users\hope\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3790936 2016-04-08] (Google, Inc)
HKU\S-1-5-21-570208440-388758986-1359718189-1001\...\RunOnce: [AdAwareUpdater] => C:\Users\hope\Downloads\Adaware_Installer.exe [2558896 2017-04-26] ()
HKU\S-1-5-21-570208440-388758986-1359718189-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [806400 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine\22.9.1.12\buShell.dll [2017-03-16] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine\22.9.1.12\buShell.dll [2017-03-16] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine\22.9.1.12\buShell.dll [2017-03-16] (Symantec Corporation)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine32\22.9.1.12\buShell.dll [2017-03-16] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine32\22.9.1.12\buShell.dll [2017-03-16] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine32\22.9.1.12\buShell.dll [2017-03-16] (Symantec Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2017-03-22]
ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)
GroupPolicy: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [353384 2017-04-16] (Lavasoft Limited)
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [353384 2017-04-16] (Lavasoft Limited)
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [353384 2017-04-16] (Lavasoft Limited)
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [353384 2017-04-16] (Lavasoft Limited)
Winsock: Catalog9 17 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [353384 2017-04-16] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\LavasoftTcpService64.dll [433768 2017-04-16] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\LavasoftTcpService64.dll [433768 2017-04-16] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\LavasoftTcpService64.dll [433768 2017-04-16] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\LavasoftTcpService64.dll [433768 2017-04-16] (Lavasoft Limited)
Winsock: Catalog9-x64 05 C:\WINDOWS\system32\LavasoftTcpService64.dll [433768 2017-04-16] (Lavasoft Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{25cb897e-ecc4-4c56-b12a-36e4abc70a43}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{88b0ed29-1d74-4dc0-a7c7-51ab64641ff6}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_znealrm_16_17&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0BzzyByCtA0FyEzy0EtCtD0A0FyB0BtBtN0D0Tzu0StCyDyBzztN1L2XzutAtFtBtCtFtCtFtCtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyBzytAtC0B0DtCyBtGtA0A0EyEtGtBtC0B0BtGtBzyyB0EtGtA0ByCyDyC0DyEtAyB0E0F0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0E0FtCyD0Azy0FtGzyyCzy0AtGyEyC0CtAtGzy0CzytDtGtCtDtBtCyDtB0BtDyC0A0D0E2QtN0A0LzuyE%26cr%3D749370036%26a%3Dwncy_znealrm_16_17%26os_ver%3D6.3%26os%3DWindows%2B8.1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT13/2
HKU\S-1-5-21-570208440-388758986-1359718189-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/
HKU\S-1-5-21-570208440-388758986-1359718189-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT13/2
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_znealrm_16_17&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0BzzyByCtA0FyEzy0EtCtD0A0FyB0BtBtN0D0Tzu0StCyDyBzztN1L2XzutAtFtBtCtFtCtFtCtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyBzytAtC0B0DtCyBtGtA0A0EyEtGtBtC0B0BtGtBzyyB0EtGtA0ByCyDyC0DyEtAyB0E0F0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0E0FtCyD0Azy0FtGzyyCzy0AtGyEyC0CtAtGzy0CzytDtGtCtDtBtCyDtB0BtDyC0A0D0E2QtN0A0LzuyE%26cr%3D749370036%26a%3Dwncy_znealrm_16_17%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_znealrm_16_17&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0BzzyByCtA0FyEzy0EtCtD0A0FyB0BtBtN0D0Tzu0StCyDyBzztN1L2XzutAtFtBtCtFtCtFtCtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyBzytAtC0B0DtCyBtGtA0A0EyEtGtBtC0B0BtGtBzyyB0EtGtA0ByCyDyC0DyEtAyB0E0F0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0E0FtCyD0Azy0FtGzyyCzy0AtGyEyC0CtAtGzy0CzytDtGtCtDtBtCyDtB0BtDyC0A0D0E2QtN0A0LzuyE%26cr%3D749370036%26a%3Dwncy_znealrm_16_17%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {AE91E442-9680-40CB-BFB4-24E56AC73A67} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {AE91E442-9680-40CB-BFB4-24E56AC73A67} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-570208440-388758986-1359718189-1001 -> DefaultScope {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=1002180&geo=GB&ver=22&locale=en_GB&guid=3EE20A19-FA05-4F9D-9DDD-D3F1B0CB92C9&doi=2016-09-01&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-570208440-388758986-1359718189-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D101115-A60FA26CFB78147A880F&form=CONBDF&conlogo=CT3332038&q={searchTerms}
SearchScopes: HKU\S-1-5-21-570208440-388758986-1359718189-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D101115-A60FA26CFB78147A880F&form=CONBDF&conlogo=CT3332038&q={searchTerms}
SearchScopes: HKU\S-1-5-21-570208440-388758986-1359718189-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-570208440-388758986-1359718189-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={F4516B7C-522E-4176-BC5B-7EAE7B54467D}&mid=7b14d574a70f47cf9d41a50fe661a66c-ca1da5b917d2c34b5e1c53b72f6858a58bfa5970&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516piz&pr=fr&d=2016-09-02 11:14:50&v=4.3.5.160&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-570208440-388758986-1359718189-1001 -> {9FB217FF-3F34-4C05-8127-8B29188E6F34} URL = hxxps://uk.search.yahoo.com/search?p={searchTerms}&intl=uk&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle
SearchScopes: HKU\S-1-5-21-570208440-388758986-1359718189-1001 -> {AE91E442-9680-40CB-BFB4-24E56AC73A67} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-570208440-388758986-1359718189-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=1002180&geo=GB&ver=22&locale=en_GB&guid=3EE20A19-FA05-4F9D-9DDD-D3F1B0CB92C9&doi=2016-09-01&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-570208440-388758986-1359718189-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-570208440-388758986-1359718189-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\program files (x86)\real\realplayer\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2017-03-14] (RealDownloader)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-09-05] (Microsoft Corporation)
BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.9.1.12\coIEPlg.dll [2017-03-16] (Symantec Corporation)
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-09-05] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\program files (x86)\real\realplayer\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2017-03-14] (RealDownloader)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-09-05] (Microsoft Corporation)
BHO-x32: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine32\22.9.1.12\coIEPlg.dll [2017-03-16] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-26] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-09-05] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-26] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.9.1.12\coIEPlg.dll [2017-03-16] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine32\22.9.1.12\coIEPlg.dll [2017-03-16] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-570208440-388758986-1359718189-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.9.1.12\coIEPlg.dll [2017-03-16] (Symantec Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-05] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-05] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-05] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-05] (Microsoft Corporation)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.7.1.32\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.7.1.32\coFFAddon [2017-04-06]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.7.1.32\coFFAddon
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw.dll [2012-04-26] (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2016-11-14] (DivX, LLC)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-09-05] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-09-05] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=18.1.7.343 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2017-03-22] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=18.1.7.343 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2017-03-22] (RealPlayer)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2014-11-05] (RocketLife, LLP)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-570208440-388758986-1359718189-1001: @tools.google.com/Google Update;version=3 -> C:\Users\hope\AppData\Local\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-570208440-388758986-1359718189-1001: @tools.google.com/Google Update;version=9 -> C:\Users\hope\AppData\Local\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-15] (Google Inc.)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.9.1.12\Exts\Chrome.crx [2017-03-24]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.9.1.12\Exts\Chrome.crx [2017-03-24]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-03-17] (Apple Inc.)
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [262696 2017-04-26] (AVG Technologies CZ, s.r.o.)
S3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7448992 2017-04-26] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428680 2017-03-23] (AVG Technologies CZ, s.r.o.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3035848 2016-09-15] (Microsoft Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [33640 2017-04-07] (HP Inc.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-14] (Realsil Microelectronics Inc.) [File not signed]
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2759784 2017-04-16] (Lavasoft Limited)
R2 NS; C:\Program Files (x86)\Norton Security\Engine\22.9.1.12\NS.exe [326160 2017-03-16] (Symantec Corporation)
R2 RealPlayerUpdateSvc; C:\program files (x86)\real\realplayer\UpdateService\RealPlayerUpdateSvc.exe [35104 2017-03-14] ()
R2 RealTimes Desktop Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [987408 2017-03-22] (RealNetworks, Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1750712 2015-06-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2102496 2015-06-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [224712 2015-07-24] (Safer-Networking Ltd.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [253960 2016-04-28] (Synaptics Incorporated)
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [25192 2017-04-16] ()
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [308088 2015-12-07] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2017-03-28] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2017-03-28] (Microsoft Corporation)
S3 WD Backup Drive Helper; C:\WINDOWS\SysWoW64\dllhost.exe /Processid:{4AB831D3-8315-414C-8A7A-303105288D0B}
S3 WD Backup Snapshot; C:\WINDOWS\SysWoW64\dllhost.exe /Processid:{302480DF-3AC5-4400-BE7B-DD77AF93B6DD}

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 avgbdisk; C:\WINDOWS\system32\drivers\avgbdiska.sys [166136 2017-04-26] (AVG Technologies CZ, s.r.o.)
S3 avgbidsdriver; C:\WINDOWS\system32\drivers\avgbidsdrivera.sys [310056 2017-04-26] (AVG Technologies CZ, s.r.o.)
S3 avgbidsh; C:\WINDOWS\system32\drivers\avgbidsha.sys [192096 2017-04-26] (AVG Technologies CZ, s.r.o.)
S3 avgblog; C:\WINDOWS\system32\drivers\avgbloga.sys [336408 2017-04-26] (AVG Technologies CZ, s.r.o.)
S3 avgbuniv; C:\WINDOWS\system32\drivers\avgbuniva.sys [50848 2017-04-26] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\WINDOWS\system32\drivers\avgHwid.sys [39288 2017-04-26] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\WINDOWS\system32\drivers\avgMonFlt.sys [128096 2017-04-26] (AVG Technologies CZ, s.r.o.)
S3 avgRdr; C:\WINDOWS\system32\drivers\avgRdr2.sys [102136 2017-04-26] (AVG Technologies CZ, s.r.o.)
S0 avgRvrt; C:\WINDOWS\system32\drivers\avgRvrt.sys [76688 2017-04-26] (AVG Technologies CZ, s.r.o.)
S3 avgSnx; C:\WINDOWS\system32\drivers\avgSnx.sys [1006040 2017-04-26] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\system32\drivers\avgSP.sys [557776 2017-04-26] (AVG Technologies CZ, s.r.o.)
S3 avgStm; C:\WINDOWS\system32\drivers\avgStm.sys [165048 2017-04-26] (AVG Technologies CZ, s.r.o.)
S3 avgVmm; C:\WINDOWS\system32\drivers\avgVmm.sys [340688 2017-04-26] (AVG Technologies CZ, s.r.o.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.7.1.32\Definitions\BASHDefs\20170424.001\BHDrvx64.sys [1831064 2017-04-06] (Symantec Corporation)
R1 ccSet_NS; C:\WINDOWS\system32\drivers\NSx64\1609010.00C\ccSetx64.sys [174240 2017-02-20] (Symantec Corporation)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497312 2017-01-26] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156824 2017-01-26] (Symantec Corporation)
S3 FTDIBUS; C:\WINDOWS\system32\drivers\ftdibus.sys [118160 2016-10-04] (Future Technology Devices International Ltd.)
S3 FTSER2K; C:\WINDOWS\system32\drivers\ftser2k.sys [88752 2016-10-04] ()
R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.7.1.32\Definitions\IPSDefs\20170421.005\IDSvia64.sys [1036440 2017-04-26] (Symantec Corporation)
R0 KL1; C:\WINDOWS\System32\DRIVERS\kl1.sys [478392 2015-11-03] (Kaspersky Lab ZAO)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [30328 2015-11-03] (Kaspersky Lab)
S3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [172920 2015-11-03] (AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\system32\DRIVERS\klhk.sys [227512 2015-11-03] (AO Kaspersky Lab)
S1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [917880 2015-11-03] (AO Kaspersky Lab)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 netr28x; C:\WINDOWS\system32\DRIVERS\netr28x.sys [2554528 2015-06-12] (MediaTek Inc.)
S3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [52904 2016-04-28] (Synaptics Incorporated)
R3 SRTSP; C:\WINDOWS\System32\Drivers\NSx64\1609010.00C\SRTSP64.SYS [770200 2017-03-16] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\NSx64\1609010.00C\SRTSPX64.SYS [49312 2017-03-16] (Symantec Corporation)
S3 SWDUMon; C:\WINDOWS\system32\DRIVERS\SWDUMon.sys [25608 2016-09-02] (SlimWare Utilities, Inc.)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NSx64\1609010.00C\SYMEFASI64.SYS [1716896 2017-02-20] (Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\NSx64\1609010.00C\SymELAM.sys [24616 2017-02-20] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [102608 2017-02-26] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\NSx64\1609010.00C\Ironx64.SYS [291480 2017-02-20] (Symantec Corporation)
R1 SymNetS; C:\WINDOWS\System32\Drivers\NSx64\1609010.00C\SYMNETS.SYS [567512 2017-02-20] (Symantec Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-26 12:16 - 2017-04-26 12:16 - 00039002 _____ C:\Users\hope\Desktop\FRST.txt
2017-04-26 12:15 - 2017-04-26 12:16 - 00000000 ____D C:\FRST
2017-04-26 12:15 - 2017-04-26 12:15 - 00000000 ____D C:\Users\hope\Desktop\FRST-OlderVersion
2017-04-26 12:14 - 2017-04-26 12:15 - 02427392 _____ (Farbar) C:\Users\hope\Desktop\FRST64.exe
2017-04-26 11:57 - 2017-04-26 11:57 - 00388608 _____ (Trend Micro Inc.) C:\Users\hope\Downloads\HijackThis.exe
2017-04-26 11:26 - 2017-04-26 11:26 - 00004008 _____ C:\WINDOWS\System32\Tasks\Antivirus Emergency Update
2017-04-26 11:26 - 2017-04-26 11:26 - 00000017 _____ C:\ProgramData\adaware-installer-reboot-required.tmp
2017-04-26 11:25 - 2017-04-26 11:25 - 00557776 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
2017-04-26 11:25 - 2017-04-26 11:25 - 00400928 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
2017-04-26 11:25 - 2017-04-26 11:25 - 00340688 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
2017-04-26 11:25 - 2017-04-26 11:25 - 00165048 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgStm.sys
2017-04-26 11:25 - 2017-04-26 11:25 - 00128096 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
2017-04-26 11:25 - 2017-04-26 11:25 - 00102136 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys
2017-04-26 11:25 - 2017-04-26 11:25 - 00076688 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
2017-04-26 11:25 - 2017-04-26 11:25 - 00039288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgHwid.sys
2017-04-26 11:25 - 2017-04-26 11:24 - 01006040 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys
2017-04-26 11:25 - 2017-04-26 11:24 - 00336408 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbloga.sys
2017-04-26 11:25 - 2017-04-26 11:24 - 00310056 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdrivera.sys
2017-04-26 11:25 - 2017-04-26 11:24 - 00192096 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsha.sys
2017-04-26 11:25 - 2017-04-26 11:24 - 00166136 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbdiska.sys
2017-04-26 11:25 - 2017-04-26 11:24 - 00050848 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbuniva.sys
2017-04-26 11:24 - 2017-04-26 11:24 - 00000000 ____D C:\Users\hope\AppData\Local\AdAwareUpdater
2017-04-26 11:23 - 2017-04-26 11:23 - 02558896 _____ C:\Users\hope\Downloads\Adaware_Installer.exe
2017-04-26 11:22 - 2017-04-26 11:22 - 00000955 _____ C:\Users\Public\Desktop\AVG.lnk
2017-04-26 11:22 - 2017-04-26 11:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-04-26 11:20 - 2017-04-26 11:20 - 00003668 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task
2017-04-26 11:20 - 2017-04-26 11:20 - 00000000 ____D C:\Program Files\Common Files\adaware
2017-04-26 11:18 - 2017-04-26 11:18 - 03449296 _____ (AVG Technologies CZ, s.r.o.) C:\Users\hope\Downloads\Antivirus_Free_1892.exe
2017-04-26 11:18 - 2017-04-26 11:18 - 00000000 ____D C:\ProgramData\adaware
2017-04-21 22:06 - 2017-04-26 09:49 - 00000338 _____ C:\WINDOWS\Tasks\HPCeeScheduleForhope.job
2017-04-16 20:28 - 2017-04-01 19:52 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-04-16 20:28 - 2017-04-01 19:52 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-04-13 21:59 - 2017-03-28 08:10 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-04-13 21:59 - 2017-03-28 08:10 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-04-13 21:59 - 2017-03-28 07:21 - 00167848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2017-04-13 21:59 - 2017-03-28 07:19 - 00601712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-04-13 21:59 - 2017-03-28 07:15 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-04-13 21:59 - 2017-03-28 07:07 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-04-13 21:59 - 2017-03-28 07:05 - 08168512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-04-13 21:59 - 2017-03-28 07:05 - 01504056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-04-13 21:59 - 2017-03-28 07:04 - 05721808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-04-13 21:59 - 2017-03-28 07:04 - 02262776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-04-13 21:59 - 2017-03-28 07:04 - 01431232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-04-13 21:59 - 2017-03-28 07:04 - 00975744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-04-13 21:59 - 2017-03-28 07:04 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-04-13 21:59 - 2017-03-28 07:04 - 00277344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-04-13 21:59 - 2017-03-28 07:04 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll
2017-04-13 21:59 - 2017-03-28 07:04 - 00116568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-04-13 21:59 - 2017-03-28 07:02 - 01980768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2017-04-13 21:59 - 2017-03-28 07:02 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2017-04-13 21:59 - 2017-03-28 07:02 - 00576408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-04-13 21:59 - 2017-03-28 06:59 - 06667520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-04-13 21:59 - 2017-03-28 06:59 - 04023008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-04-13 21:59 - 2017-03-28 06:58 - 20967840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-04-13 21:59 - 2017-03-28 06:58 - 01851688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-04-13 21:59 - 2017-03-28 06:58 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-04-13 21:59 - 2017-03-28 06:58 - 01344448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2017-04-13 21:59 - 2017-03-28 06:58 - 01277856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-04-13 21:59 - 2017-03-28 06:58 - 01202936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-04-13 21:59 - 2017-03-28 06:58 - 00981888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-04-13 21:59 - 2017-03-28 06:58 - 00961192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-04-13 21:59 - 2017-03-28 06:53 - 01414728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-04-13 21:59 - 2017-03-28 06:53 - 00545944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-04-13 21:59 - 2017-03-28 06:52 - 00306800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll
2017-04-13 21:59 - 2017-03-28 06:48 - 05685760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-04-13 21:59 - 2017-03-28 06:42 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-04-13 21:59 - 2017-03-28 06:42 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2017-04-13 21:59 - 2017-03-28 06:41 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-04-13 21:59 - 2017-03-28 06:40 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2017-04-13 21:59 - 2017-03-28 06:40 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthManagerProxy.dll
2017-04-13 21:59 - 2017-03-28 06:40 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-04-13 21:59 - 2017-03-28 06:39 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Radios.dll
2017-04-13 21:59 - 2017-03-28 06:39 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-04-13 21:59 - 2017-03-28 06:38 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll
2017-04-13 21:59 - 2017-03-28 06:38 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
2017-04-13 21:59 - 2017-03-28 06:37 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unimdm.tsp
2017-04-13 21:59 - 2017-03-28 06:37 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apds.dll
2017-04-13 21:59 - 2017-03-28 06:37 - 00177664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2017-04-13 21:59 - 2017-03-28 06:37 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2017-04-13 21:59 - 2017-03-28 06:37 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.HostName.dll
2017-04-13 21:59 - 2017-03-28 06:37 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.SystemManagement.dll
2017-04-13 21:59 - 2017-03-28 06:37 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-04-13 21:59 - 2017-03-28 06:36 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ipsecsnp.dll
2017-04-13 21:59 - 2017-03-28 06:36 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2017-04-13 21:59 - 2017-03-28 06:36 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinRtTracing.dll
2017-04-13 21:59 - 2017-03-28 06:36 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.SerialCommunication.dll
2017-04-13 21:59 - 2017-03-28 06:36 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-04-13 21:59 - 2017-03-28 06:36 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2017-04-13 21:59 - 2017-03-28 06:36 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.ServiceDiscovery.Dnssd.dll
2017-04-13 21:59 - 2017-03-28 06:36 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.UserDeviceAssociation.dll
2017-04-13 21:59 - 2017-03-28 06:36 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicDisplay.sys
2017-04-13 21:59 - 2017-03-28 06:35 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-04-13 21:59 - 2017-03-28 06:35 - 00392192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.Input.dll
2017-04-13 21:59 - 2017-03-28 06:35 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.LowLevel.dll
2017-04-13 21:59 - 2017-03-28 06:35 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.XboxLive.Storage.dll
2017-04-13 21:59 - 2017-03-28 06:35 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-04-13 21:59 - 2017-03-28 06:35 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2017-04-13 21:59 - 2017-03-28 06:35 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-04-13 21:59 - 2017-03-28 06:35 - 00142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFi.dll
2017-04-13 21:59 - 2017-03-28 06:35 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2017-04-13 21:59 - 2017-03-28 06:35 - 00113152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Lights.dll
2017-04-13 21:59 - 2017-03-28 06:35 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll
2017-04-13 21:59 - 2017-03-28 06:34 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2017-04-13 21:59 - 2017-03-28 06:34 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-04-13 21:59 - 2017-03-28 06:34 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBroker.dll
2017-04-13 21:59 - 2017-03-28 06:34 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Core.dll
2017-04-13 21:59 - 2017-03-28 06:33 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll
2017-04-13 21:59 - 2017-03-28 06:33 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Import.dll
2017-04-13 21:59 - 2017-03-28 06:33 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-04-13 21:59 - 2017-03-28 06:33 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.AllJoyn.dll
2017-04-13 21:59 - 2017-03-28 06:33 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.XboxLive.Storage.dll
2017-04-13 21:59 - 2017-03-28 06:33 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ipsmsnap.dll
2017-04-13 21:59 - 2017-03-28 06:33 - 00265728 _____ C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll
2017-04-13 21:59 - 2017-03-28 06:33 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinRtTracing.dll
2017-04-13 21:59 - 2017-03-28 06:33 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Core.dll
2017-04-13 21:59 - 2017-03-28 06:32 - 01243136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.FaceAnalysis.dll
2017-04-13 21:59 - 2017-03-28 06:32 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.SmartCards.dll
2017-04-13 21:59 - 2017-03-28 06:32 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Wallet.dll
2017-04-13 21:59 - 2017-03-28 06:32 - 00386048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFiDirect.dll
2017-04-13 21:59 - 2017-03-28 06:32 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2017-04-13 21:59 - 2017-03-28 06:32 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2017-04-13 21:59 - 2017-03-28 06:32 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-04-13 21:59 - 2017-03-28 06:32 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2017-04-13 21:59 - 2017-03-28 06:32 - 00271360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2017-04-13 21:59 - 2017-03-28 06:32 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-04-13 21:59 - 2017-03-28 06:32 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WwaApi.dll
2017-04-13 21:59 - 2017-03-28 06:32 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vaultcli.dll
2017-04-13 21:59 - 2017-03-28 06:32 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2017-04-13 21:59 - 2017-03-28 06:32 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2017-04-13 21:59 - 2017-03-28 06:32 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2017-04-13 21:59 - 2017-03-28 06:32 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2017-04-13 21:59 - 2017-03-28 06:31 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-04-13 21:59 - 2017-03-28 06:31 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mbsmsapi.dll
2017-04-13 21:59 - 2017-03-28 06:31 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2017-04-13 21:59 - 2017-03-28 06:31 - 00390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2017-04-13 21:59 - 2017-03-28 06:30 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebcamUi.dll
2017-04-13 21:59 - 2017-03-28 06:30 - 00819200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll
2017-04-13 21:59 - 2017-03-28 06:30 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NaturalLanguage6.dll
2017-04-13 21:59 - 2017-03-28 06:30 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sbe.dll
2017-04-13 21:59 - 2017-03-28 06:30 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Picker.dll
2017-04-13 21:59 - 2017-03-28 06:30 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-04-13 21:59 - 2017-03-28 06:29 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Ocr.dll
2017-04-13 21:59 - 2017-03-28 06:29 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2017-04-13 21:59 - 2017-03-28 06:29 - 00314368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2017-04-13 21:59 - 2017-03-28 06:29 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-04-13 21:59 - 2017-03-28 06:29 - 00238080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2017-04-13 21:59 - 2017-03-28 06:28 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-04-13 21:59 - 2017-03-28 06:28 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2017-04-13 21:59 - 2017-03-28 06:28 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Wallet.dll
2017-04-13 21:59 - 2017-03-28 06:28 - 00551936 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-04-13 21:59 - 2017-03-28 06:28 - 00500224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll
2017-04-13 21:59 - 2017-03-28 06:28 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-04-13 21:59 - 2017-03-28 06:27 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2017-04-13 21:59 - 2017-03-28 06:27 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CryptoWinRT.dll
2017-04-13 21:59 - 2017-03-28 06:27 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WwaApi.dll
2017-04-13 21:59 - 2017-03-28 06:26 - 01534464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.3D.dll
2017-04-13 21:59 - 2017-03-28 06:26 - 00642048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll
2017-04-13 21:59 - 2017-03-28 06:26 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dll
2017-04-13 21:59 - 2017-03-28 06:26 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-04-13 21:59 - 2017-03-28 06:25 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2017-04-13 21:59 - 2017-03-28 06:25 - 01196544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2017-04-13 21:59 - 2017-03-28 06:25 - 00963584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebcamUi.dll
2017-04-13 21:59 - 2017-03-28 06:25 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2017-04-13 21:59 - 2017-03-28 06:24 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-04-13 21:59 - 2017-03-28 06:24 - 04614656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-04-13 21:59 - 2017-03-28 06:24 - 00901120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2017-04-13 21:59 - 2017-03-28 06:24 - 00675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2017-04-13 21:59 - 2017-03-28 06:23 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-04-13 21:59 - 2017-03-28 06:23 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-04-13 21:59 - 2017-03-28 06:23 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2017-04-13 21:59 - 2017-03-28 06:23 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2017-04-13 21:59 - 2017-03-28 06:22 - 00516096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2017-04-13 21:59 - 2017-03-28 06:22 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTMediaFrame.dll
2017-04-13 21:59 - 2017-03-28 06:22 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enrollmentapi.dll
2017-04-13 21:59 - 2017-03-28 06:21 - 01077760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll
2017-04-13 21:59 - 2017-03-28 06:20 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-04-13 21:59 - 2017-03-28 06:20 - 00795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MiracastReceiver.dll
2017-04-13 21:59 - 2017-03-28 06:20 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-04-13 21:59 - 2017-03-28 06:19 - 00746496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcprx.dll
2017-04-13 21:59 - 2017-03-28 06:19 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-04-13 21:59 - 2017-03-28 06:19 - 00343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2017-04-13 21:59 - 2017-03-28 06:19 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2017-04-13 21:59 - 2017-03-28 06:19 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dialclient.dll
2017-04-13 21:59 - 2017-03-28 06:18 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-04-13 21:59 - 2017-03-28 06:17 - 06109696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-04-13 21:59 - 2017-03-28 06:17 - 00895488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2017-04-13 21:59 - 2017-03-28 06:17 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToReceiver.dll
2017-04-13 21:59 - 2017-03-28 06:17 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-04-13 21:59 - 2017-03-28 06:16 - 03198464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2017-04-13 21:59 - 2017-03-28 06:16 - 01221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2017-04-13 21:59 - 2017-03-28 06:16 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll
2017-04-13 21:59 - 2017-03-28 06:15 - 01247232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2017-04-13 21:59 - 2017-03-28 06:14 - 07468544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-04-13 21:59 - 2017-03-28 06:14 - 03520512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2017-04-13 21:59 - 2017-03-28 06:14 - 01080320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Ocr.dll
2017-04-13 21:59 - 2017-03-28 06:14 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-04-13 21:59 - 2017-03-28 06:14 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-04-13 21:59 - 2017-03-28 06:14 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Geolocation.dll
2017-04-13 21:59 - 2017-03-28 06:14 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
2017-04-13 21:59 - 2017-03-28 06:13 - 04596224 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2017-04-13 21:59 - 2017-03-28 06:13 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-04-13 21:59 - 2017-03-28 06:13 - 01656320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Perception.dll
2017-04-13 21:59 - 2017-03-28 06:13 - 01232384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll
2017-04-13 21:59 - 2017-03-28 06:13 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2017-04-13 21:59 - 2017-03-28 06:13 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-04-13 21:59 - 2017-03-28 06:13 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-04-13 21:59 - 2017-03-28 06:12 - 02682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2017-04-13 21:59 - 2017-03-28 06:12 - 01013248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2017-04-13 21:59 - 2017-03-28 06:12 - 01004544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2017-04-13 21:59 - 2017-03-28 06:12 - 00862208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-04-13 21:59 - 2017-03-28 06:12 - 00827904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-04-13 21:59 - 2017-03-28 06:12 - 00691200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-04-13 21:59 - 2017-03-28 06:12 - 00654336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2017-04-13 21:59 - 2017-03-28 06:12 - 00620544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-04-13 21:59 - 2017-03-28 06:12 - 00598528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2017-04-13 21:59 - 2017-03-28 06:12 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2017-04-13 21:59 - 2017-03-28 06:12 - 00542208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2017-04-13 21:59 - 2017-03-28 06:12 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll
2017-04-13 21:59 - 2017-03-28 06:11 - 02994176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-04-13 21:59 - 2017-03-28 06:11 - 02646528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-04-13 21:59 - 2017-03-28 06:11 - 01600000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-04-13 21:59 - 2017-03-28 06:11 - 01576448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2017-04-13 21:59 - 2017-03-28 06:11 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Phone.dll
2017-04-13 21:59 - 2017-03-28 06:11 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2017-04-13 21:59 - 2017-03-28 06:10 - 02483200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-04-13 21:59 - 2017-03-28 06:10 - 02424320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Perception.dll
2017-04-13 21:59 - 2017-03-28 06:10 - 01424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2017-04-13 21:59 - 2017-03-28 06:10 - 01266176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2017-04-13 21:59 - 2017-03-28 06:10 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-04-13 21:59 - 2017-03-28 06:09 - 03106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2017-04-13 21:59 - 2017-03-28 06:09 - 01369088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll
2017-04-13 21:59 - 2017-03-28 06:08 - 01564160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-04-13 21:59 - 2017-03-28 06:08 - 00783360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2017-04-13 21:59 - 2017-03-28 06:08 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RADCUI.dll
2017-04-13 21:59 - 2017-03-28 05:48 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-04-13 21:59 - 2017-03-16 05:38 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CompPkgSup.dll
2017-04-13 21:58 - 2017-03-28 07:32 - 00198856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2017-04-13 21:58 - 2017-03-28 07:29 - 02213248 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-04-13 21:58 - 2017-03-28 07:28 - 07786336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-04-13 21:58 - 2017-03-28 07:28 - 00773720 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-04-13 21:58 - 2017-03-28 07:26 - 00603488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2017-04-13 21:58 - 2017-03-28 07:26 - 00218520 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2017-04-13 21:58 - 2017-03-28 07:22 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-04-13 21:58 - 2017-03-28 07:20 - 01181024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-04-13 21:58 - 2017-03-28 07:18 - 01705976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-04-13 21:58 - 2017-03-28 07:12 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-04-13 21:58 - 2017-03-28 07:11 - 02187616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-04-13 21:58 - 2017-03-28 07:11 - 01860288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-04-13 21:58 - 2017-03-28 07:11 - 01738560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-04-13 21:58 - 2017-03-28 07:11 - 00402784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-04-13 21:58 - 2017-03-28 07:11 - 00360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2017-04-13 21:58 - 2017-03-28 07:10 - 07220184 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-04-13 21:58 - 2017-03-28 07:10 - 02758648 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-04-13 21:58 - 2017-03-28 07:10 - 01293152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-04-13 21:58 - 2017-03-28 07:10 - 01157008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-04-13 21:58 - 2017-03-28 07:09 - 00097128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Credentials.UI.CredentialPicker.dll
2017-04-13 21:58 - 2017-03-28 07:06 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-04-13 21:58 - 2017-03-28 07:05 - 22221368 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-04-13 21:58 - 2017-03-28 07:05 - 04260576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-04-13 21:58 - 2017-03-28 07:05 - 01988048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-04-13 21:58 - 2017-03-28 07:05 - 01848584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2017-04-13 21:58 - 2017-03-28 07:05 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-04-13 21:58 - 2017-03-28 07:05 - 01302136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-04-13 21:58 - 2017-03-28 07:05 - 01072248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-04-13 21:58 - 2017-03-28 07:04 - 01276760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-04-13 21:58 - 2017-03-28 07:04 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-04-13 21:58 - 2017-03-28 07:04 - 00160088 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2017-04-13 21:58 - 2017-03-28 06:59 - 02533728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-04-13 21:58 - 2017-03-28 06:58 - 00387872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-04-13 21:58 - 2017-03-28 06:41 - 00372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-04-13 21:58 - 2017-03-28 06:38 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-04-13 21:58 - 2017-03-28 06:37 - 22568960 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-04-13 21:58 - 2017-03-28 06:37 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-04-13 21:58 - 2017-03-28 06:36 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdpRelayTransport.dll
2017-04-13 21:58 - 2017-03-28 06:35 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-04-13 21:58 - 2017-03-28 06:35 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-04-13 21:58 - 2017-03-28 06:34 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\unimdm.tsp
2017-04-13 21:58 - 2017-03-28 06:34 - 00113664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.ServiceDiscovery.Dnssd.dll
2017-04-13 21:58 - 2017-03-28 06:33 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-04-13 21:58 - 2017-03-28 06:32 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-04-13 21:58 - 2017-03-28 06:32 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-04-13 21:58 - 2017-03-28 06:31 - 00418304 _____ C:\WINDOWS\system32\Windows.Perception.Stub.dll
2017-04-13 21:58 - 2017-03-28 06:31 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-04-13 21:58 - 2017-03-28 06:31 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-04-13 21:58 - 2017-03-28 06:31 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SmartCards.Phone.dll
2017-04-13 21:58 - 2017-03-28 06:31 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2017-04-13 21:58 - 2017-03-28 06:31 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-04-13 21:58 - 2017-03-28 06:31 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SerialCommunication.dll
2017-04-13 21:58 - 2017-03-28 06:31 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Lights.dll
2017-04-13 21:58 - 2017-03-28 06:30 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-04-13 21:58 - 2017-03-28 06:30 - 00692224 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
2017-04-13 21:58 - 2017-03-28 06:30 - 00568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.LowLevel.dll
2017-04-13 21:58 - 2017-03-28 06:30 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFiDirect.dll
2017-04-13 21:58 - 2017-03-28 06:30 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-04-13 21:58 - 2017-03-28 06:30 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafpos.dll
2017-04-13 21:58 - 2017-03-28 06:29 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SmartCards.dll
2017-04-13 21:58 - 2017-03-28 06:29 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2017-04-13 21:58 - 2017-03-28 06:29 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-04-13 21:58 - 2017-03-28 06:29 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-04-13 21:58 - 2017-03-28 06:29 - 00293888 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-04-13 21:58 - 2017-03-28 06:29 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll
2017-04-13 21:58 - 2017-03-28 06:29 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-04-13 21:58 - 2017-03-28 06:29 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2017-04-13 21:58 - 2017-03-28 06:28 - 00456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2017-04-13 21:58 - 2017-03-28 06:28 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-04-13 21:58 - 2017-03-28 06:28 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Picker.dll
2017-04-13 21:58 - 2017-03-28 06:28 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2017-04-13 21:58 - 2017-03-28 06:27 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.PointOfService.dll
2017-04-13 21:58 - 2017-03-28 06:27 - 00671744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mbsmsapi.dll
2017-04-13 21:58 - 2017-03-28 06:27 - 00472064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2017-04-13 21:58 - 2017-03-28 06:27 - 00441856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
2017-04-13 21:58 - 2017-03-28 06:26 - 01145344 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2017-04-13 21:58 - 2017-03-28 06:26 - 00549376 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-04-13 21:58 - 2017-03-28 06:26 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2017-04-13 21:58 - 2017-03-28 06:26 - 00284160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-04-13 21:58 - 2017-03-28 06:25 - 18364928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-04-13 21:58 - 2017-03-28 06:24 - 19416576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-04-13 21:58 - 2017-03-28 06:24 - 06288384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-04-13 21:58 - 2017-03-28 06:24 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2017-04-13 21:58 - 2017-03-28 06:23 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-04-13 21:58 - 2017-03-28 06:23 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-04-13 21:58 - 2017-03-28 06:22 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2017-04-13 21:58 - 2017-03-28 06:21 - 23681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-04-13 21:58 - 2017-03-28 06:21 - 03778048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-04-13 21:58 - 2017-03-28 06:21 - 01589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2017-04-13 21:58 - 2017-03-28 06:21 - 01403392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Editing.dll
2017-04-13 21:58 - 2017-03-28 06:21 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTMediaFrame.dll
2017-04-13 21:58 - 2017-03-28 06:20 - 01105408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MiracastReceiver.dll
2017-04-13 21:58 - 2017-03-28 06:19 - 07655424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-04-13 21:58 - 2017-03-28 06:19 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-04-13 21:58 - 2017-03-28 06:19 - 00442368 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2017-04-13 21:58 - 2017-03-28 06:18 - 12181504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-04-13 21:58 - 2017-03-28 06:18 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-04-13 21:58 - 2017-03-28 06:18 - 01078784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2017-04-13 21:58 - 2017-03-28 06:18 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2017-04-13 21:58 - 2017-03-28 06:17 - 13087232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-04-13 21:58 - 2017-03-28 06:16 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2017-04-13 21:58 - 2017-03-28 06:15 - 02390016 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-04-13 21:58 - 2017-03-28 06:15 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2017-04-13 21:58 - 2017-03-28 06:15 - 00937984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-04-13 21:58 - 2017-03-28 06:15 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2017-04-13 21:58 - 2017-03-28 06:15 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Geolocation.dll
2017-04-13 21:58 - 2017-03-28 06:15 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2017-04-13 21:58 - 2017-03-28 06:14 - 08126976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-04-13 21:58 - 2017-03-28 06:14 - 00975872 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-04-13 21:58 - 2017-03-28 06:14 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-04-13 21:58 - 2017-03-28 06:14 - 00913920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2017-04-13 21:58 - 2017-03-28 06:14 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2017-04-13 21:58 - 2017-03-28 06:14 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-04-13 21:58 - 2017-03-28 06:13 - 06045184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-04-13 21:58 - 2017-03-28 06:13 - 02095616 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-04-13 21:58 - 2017-03-28 06:13 - 00759296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-04-13 21:58 - 2017-03-28 06:13 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-04-13 21:58 - 2017-03-28 06:13 - 00611328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.dll
2017-04-13 21:58 - 2017-03-28 06:12 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-04-13 21:58 - 2017-03-28 06:12 - 02026496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-04-13 21:58 - 2017-03-28 06:12 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2017-04-13 21:58 - 2017-03-28 06:11 - 01981440 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-04-13 21:58 - 2017-03-28 06:11 - 01275392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2017-04-13 21:58 - 2017-03-28 06:11 - 00765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2017-04-13 21:58 - 2017-03-28 06:10 - 08076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-04-13 21:58 - 2017-03-28 06:10 - 01783296 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-04-13 21:58 - 2017-03-28 06:10 - 01637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-04-13 21:58 - 2017-03-28 06:10 - 00875520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-04-13 21:58 - 2017-03-28 06:10 - 00774656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2017-04-13 21:58 - 2017-03-28 06:09 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-04-13 21:58 - 2017-03-28 06:09 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-04-13 21:58 - 2017-03-28 06:09 - 01328640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2017-04-13 21:58 - 2017-03-28 06:09 - 01131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-04-13 21:58 - 2017-03-28 06:08 - 02895872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-04-13 21:58 - 2017-03-28 06:07 - 00908800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2017-04-13 21:58 - 2017-03-28 06:07 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2017-04-13 21:58 - 2017-03-28 06:07 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2017-04-13 21:58 - 2017-03-28 06:06 - 00999424 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-04-13 21:58 - 2017-03-28 06:06 - 00924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2017-04-13 21:58 - 2017-03-28 06:05 - 01633792 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-04-13 21:57 - 2017-03-28 07:36 - 01617760 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-04-13 21:57 - 2017-03-28 07:36 - 01294688 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-04-13 21:57 - 2017-03-28 07:36 - 00565088 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-04-13 21:57 - 2017-03-28 07:36 - 00343904 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-04-13 21:57 - 2017-03-28 07:36 - 00142176 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-04-13 21:57 - 2017-03-28 07:35 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-04-13 21:57 - 2017-03-28 07:20 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-04-13 21:57 - 2017-03-28 07:10 - 00178528 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll
2017-04-13 21:57 - 2017-03-28 07:10 - 00146776 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-04-13 21:57 - 2017-03-28 07:09 - 02446704 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2017-04-13 21:57 - 2017-03-28 07:09 - 00682816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-04-13 21:57 - 2017-03-28 07:09 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-04-13 21:57 - 2017-03-28 07:08 - 01267504 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2017-04-13 21:57 - 2017-03-28 07:08 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-04-13 21:57 - 2017-03-28 07:08 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-04-13 21:57 - 2017-03-28 07:04 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-04-13 21:57 - 2017-03-28 07:00 - 01569184 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-04-13 21:57 - 2017-03-28 07:00 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-04-13 21:57 - 2017-03-28 06:58 - 00372440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2017-04-13 21:57 - 2017-03-28 06:44 - 07216640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-04-13 21:57 - 2017-03-28 06:38 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-04-13 21:57 - 2017-03-28 06:38 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-04-13 21:57 - 2017-03-28 06:37 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManagerProxy.dll
2017-04-13 21:57 - 2017-03-28 06:37 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DdcWnsListener.dll
2017-04-13 21:57 - 2017-03-28 06:36 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-04-13 21:57 - 2017-03-28 06:36 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-04-13 21:57 - 2017-03-28 06:36 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-04-13 21:57 - 2017-03-28 06:35 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2017-04-13 21:57 - 2017-03-28 06:35 - 00156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.Client.dll
2017-04-13 21:57 - 2017-03-28 06:35 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.SystemManagement.dll
2017-04-13 21:57 - 2017-03-28 06:35 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Printers.dll
2017-04-13 21:57 - 2017-03-28 06:34 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.SyncEngine.dll
2017-04-13 21:57 - 2017-03-28 06:34 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2017-04-13 21:57 - 2017-03-28 06:34 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_ClosedCaptioning.dll
2017-04-13 21:57 - 2017-03-28 06:34 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
2017-04-13 21:57 - 2017-03-28 06:33 - 00196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.dll
2017-04-13 21:57 - 2017-03-28 06:33 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFi.dll
2017-04-13 21:57 - 2017-03-28 06:33 - 00182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceDirectoryClient.dll
2017-04-13 21:57 - 2017-03-28 06:33 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2017-04-13 21:57 - 2017-03-28 06:33 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll
2017-04-13 21:57 - 2017-03-28 06:33 - 00082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.UserDeviceAssociation.dll
2017-04-13 21:57 - 2017-03-28 06:32 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-04-13 21:57 - 2017-03-28 06:32 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Radios.dll
2017-04-13 21:57 - 2017-03-28 06:31 - 00547840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Input.dll
2017-04-13 21:57 - 2017-03-28 06:31 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-04-13 21:57 - 2017-03-28 06:31 - 00276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-04-13 21:57 - 2017-03-28 06:31 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2017-04-13 21:57 - 2017-03-28 06:31 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-04-13 21:57 - 2017-03-28 06:31 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-04-13 21:57 - 2017-03-28 06:30 - 00651264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.AllJoyn.dll
2017-04-13 21:57 - 2017-03-28 06:30 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2017-04-13 21:57 - 2017-03-28 06:30 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-04-13 21:57 - 2017-03-28 06:29 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Import.dll
2017-04-13 21:57 - 2017-03-28 06:29 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2017-04-13 21:57 - 2017-03-28 06:29 - 00379904 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2017-04-13 21:57 - 2017-03-28 06:29 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-04-13 21:57 - 2017-03-28 06:29 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
2017-04-13 21:57 - 2017-03-28 06:29 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2017-04-13 21:57 - 2017-03-28 06:29 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-04-13 21:57 - 2017-03-28 06:29 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
2017-04-13 21:57 - 2017-03-28 06:29 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-04-13 21:57 - 2017-03-28 06:28 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-04-13 21:57 - 2017-03-28 06:28 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-04-13 21:57 - 2017-03-28 06:28 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-04-13 21:57 - 2017-03-28 06:28 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2017-04-13 21:57 - 2017-03-28 06:27 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2017-04-13 21:57 - 2017-03-28 06:27 - 00645120 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2017-04-13 21:57 - 2017-03-28 06:27 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-04-13 21:57 - 2017-03-28 06:27 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-04-13 21:57 - 2017-03-28 06:26 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2017-04-13 21:57 - 2017-03-28 06:25 - 01010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-04-13 21:57 - 2017-03-28 06:25 - 00966144 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbe.dll
2017-04-13 21:57 - 2017-03-28 06:25 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2017-04-13 21:57 - 2017-03-28 06:25 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-04-13 21:57 - 2017-03-28 06:25 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-04-13 21:57 - 2017-03-28 06:24 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-04-13 21:57 - 2017-03-28 06:23 - 09130496 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-04-13 21:57 - 2017-03-28 06:23 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManMigrationPlugin.dll
2017-04-13 21:57 - 2017-03-28 06:21 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CastLaunch.dll
2017-04-13 21:57 - 2017-03-28 06:20 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-04-13 21:57 - 2017-03-28 06:19 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2017-04-13 21:57 - 2017-03-28 06:19 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2017-04-13 21:57 - 2017-03-28 06:17 - 05114368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2017-04-13 21:57 - 2017-03-28 06:17 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-04-13 21:57 - 2017-03-28 06:17 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll
2017-04-13 21:57 - 2017-03-28 06:16 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
2017-04-13 21:57 - 2017-03-28 06:16 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-04-13 21:57 - 2017-03-28 06:15 - 00945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-04-13 21:57 - 2017-03-28 06:15 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2017-04-13 21:57 - 2017-03-28 06:14 - 01692160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-04-13 21:57 - 2017-03-28 06:14 - 01643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2017-04-13 21:57 - 2017-03-28 06:14 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-04-13 21:57 - 2017-03-28 06:13 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-04-13 21:57 - 2017-03-28 06:13 - 01359872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-04-13 21:57 - 2017-03-28 06:13 - 01040896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NaturalLanguage6.dll
2017-04-13 21:57 - 2017-03-28 06:13 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Midi.dll
2017-04-13 21:57 - 2017-03-28 06:12 - 02208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.3D.dll
2017-04-13 21:57 - 2017-03-28 06:12 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-04-13 21:57 - 2017-03-28 06:12 - 00376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
2017-04-13 21:57 - 2017-03-28 06:11 - 02914816 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-04-13 21:57 - 2017-03-28 06:10 - 02316288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-04-13 21:57 - 2017-03-28 06:10 - 01586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2017-04-13 21:57 - 2017-03-28 06:10 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-04-13 21:57 - 2017-03-28 06:09 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-04-13 21:57 - 2017-03-28 06:09 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2017-04-13 21:57 - 2017-03-28 06:08 - 03612672 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-04-13 21:57 - 2017-03-28 06:08 - 03542016 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2017-04-13 21:57 - 2017-03-28 06:08 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2017-04-13 21:57 - 2017-03-28 06:06 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-04-13 21:57 - 2017-03-18 17:50 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-04-13 21:57 - 2017-03-18 17:35 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-04-13 21:57 - 2017-03-16 05:47 - 00038768 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompPkgSup.dll
2017-04-06 11:03 - 2017-04-06 12:18 - 00000000 ____D C:\Users\hope\Desktop\TMA06 Useful
2017-03-29 12:20 - 2017-03-29 12:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2017-03-29 12:17 - 2017-03-29 12:17 - 00001822 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-03-29 12:17 - 2017-03-29 12:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-03-29 12:16 - 2017-03-29 12:17 - 00000000 ____D C:\Program Files\iTunes
2017-03-29 12:16 - 2017-03-29 12:16 - 00000000 ____D C:\Program Files\iPod
2017-03-27 12:35 - 2017-03-27 12:35 - 00003386 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-26 11:59 - 2013-06-24 20:14 - 00000000 ____D C:\Users\hope\AppData\Local\VirtualStore
2017-04-26 11:50 - 2016-09-25 13:57 - 00004140 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{DFDA9706-9189-4B15-8EFC-3A4F26AD6E23}
2017-04-26 11:28 - 2016-09-02 11:14 - 00000000 ____D C:\Users\hope\AppData\Roaming\AVG
2017-04-26 11:26 - 2016-09-02 11:08 - 00000000 ____D C:\ProgramData\Avg
2017-04-26 11:23 - 2016-09-02 11:09 - 00000000 ____D C:\Program Files (x86)\AVG
2017-04-26 11:22 - 2016-09-02 11:08 - 00000000 ____D C:\Users\hope\AppData\Local\AvgSetupLog
2017-04-26 09:47 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-04-26 09:47 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-04-26 09:37 - 2016-09-25 12:56 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-04-25 11:16 - 2017-02-26 18:44 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Security
2017-04-23 11:23 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-04-23 11:23 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-04-22 21:12 - 2013-06-24 20:14 - 00000000 ____D C:\Users\hope\AppData\Local\Packages
2017-04-21 21:57 - 2016-10-04 13:58 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-04-21 21:56 - 2016-10-04 13:57 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-04-17 15:34 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2017-04-17 15:06 - 2016-09-25 13:03 - 01324890 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-04-16 20:55 - 2015-10-11 17:25 - 00433768 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService64.dll
2017-04-16 20:55 - 2015-10-11 17:25 - 00353384 _____ (Lavasoft Limited) C:\WINDOWS\SysWOW64\LavasoftTcpService.dll
2017-04-16 20:45 - 2014-11-17 17:45 - 00000000 ___RD C:\Users\hope\iCloudDrive
2017-04-16 20:44 - 2016-04-29 16:03 - 00000000 __SHD C:\Users\hope\IntelGraphicsProfiles
2017-04-16 20:44 - 2016-02-13 18:32 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-04-16 20:29 - 2016-07-16 07:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-04-16 20:25 - 2016-09-25 13:24 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-04-16 20:25 - 2016-09-25 12:55 - 00357608 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-04-16 20:25 - 2016-05-02 11:58 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-04-16 20:25 - 2016-05-02 11:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-04-16 20:24 - 2016-07-16 07:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-04-16 20:22 - 2016-07-16 12:47 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-04-16 20:22 - 2016-07-16 12:47 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-04-16 20:22 - 2016-07-16 12:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-04-16 20:22 - 2016-07-16 12:47 - 00000000 ___RD C:\Program Files\Windows Defender
2017-04-16 20:22 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2017-04-16 20:22 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2017-04-16 20:22 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\setup
2017-04-16 20:22 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\en-GB
2017-04-16 20:22 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-04-16 20:22 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-04-16 20:22 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-04-16 20:22 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-04-16 20:22 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-04-16 20:22 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-04-15 23:17 - 2013-08-18 22:08 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-04-15 23:13 - 2016-05-02 11:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-04-15 23:13 - 2013-07-02 22:06 - 148601744 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-04-15 23:09 - 2017-03-10 14:43 - 00003670 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-570208440-388758986-1359718189-1001UA
2017-04-15 23:09 - 2017-03-10 14:43 - 00003402 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-570208440-388758986-1359718189-1001Core
2017-03-29 14:03 - 2016-11-04 13:08 - 00000000 ____D C:\Users\hope\AppData\Local\DDB3242D-A786-4195-9B35-31C71003A3D3.aplzod
2017-03-29 12:21 - 2016-09-25 13:02 - 01312088 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2017-03-29 12:20 - 2013-08-08 21:27 - 00000000 ____D C:\Users\hope\AppData\Local\CrashDumps
2017-03-29 12:06 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\rescache
2017-03-28 07:20 - 2016-09-25 12:58 - 02717184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-03-27 14:26 - 2015-08-04 10:26 - 00000000 ____D C:\Program Files\Common Files\AV
2017-03-27 12:55 - 2017-03-22 12:29 - 00000000 ____D C:\Users\hope\AppData\Roaming\SecondLife
2017-03-27 12:51 - 2015-08-24 21:55 - 00000000 ____D C:\Users\hope\AppData\Local\Ubisoft Game Launcher
2017-03-27 12:41 - 2016-09-25 13:03 - 00000000 ____D C:\Users\hope
2017-03-27 12:35 - 2016-09-14 10:46 - 00002369 _____ C:\Users\Public\Desktop\Norton Security.lnk
2017-03-27 12:35 - 2016-09-14 10:44 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2017-03-27 12:35 - 2016-09-14 10:44 - 00000000 ____D C:\WINDOWS\system32\Drivers\NSx64

==================== Files in the root of some directories =======

2016-04-28 15:47 - 2016-04-30 11:47 - 0000103 _____ () C:\Users\hope\AppData\Roaming\WB.CFG
2017-04-26 11:26 - 2017-04-26 11:26 - 0000017 _____ () C:\ProgramData\adaware-installer-reboot-required.tmp
2015-01-21 17:11 - 2015-01-21 17:11 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-12-29 00:24 - 2012-12-29 00:24 - 0000595 _____ () C:\ProgramData\CyberlinkOutput.txt

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-04-25 11:48

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-04-2017
Ran by hope (26-04-2017 12:19:41)
Running from C:\Users\hope\Desktop
Windows 10 Home Version 1607 (X64) (2016-09-25 12:41:03)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-570208440-388758986-1359718189-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-570208440-388758986-1359718189-503 - Limited - Disabled)
Guest (S-1-5-21-570208440-388758986-1359718189-501 - Limited - Disabled)
hope (S-1-5-21-570208440-388758986-1359718189-1001 - Administrator - Enabled) => C:\Users\hope

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Security (Enabled - Up to date) {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}
AV: AVG Antivirus (Disabled - Out of date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Spybot - Search and Destroy (Enabled - Out of date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Disabled - Out of date) {F620D48B-1497-73CC-F290-58052563BEAE}
AS: Norton Security (Enabled - Up to date) {8B15A0D7-38AE-74BB-CE13-B9D7D5768117}
FW: Norton Security (Enabled) {084FC016-54FB-7A6D-DFFC-2B9050228CD1}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7 Wonders II (x32 Version: 2.2.0.98 - WildTangent) Hidden
adaware antivirus (HKLM\...\{BECD7155-DC57-4F89-B1A8-A90B033C6209}_AdAwareUpdater) (Version: 12.0.649.11190 - adaware)
AdAwareUpdater (Version: 12.0.649.11190 - adaware) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{05E07D23-91E9-4E70-A4CC-EF505088F967}) (Version: 5.4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{741291DA-2B34-4D44-8FB6-58EDE21261D8}) (Version: 5.4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{DB18F1C0-846F-46F5-A074-5B97C8AF5C8E}) (Version: 10.3.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
AVG (HKLM\...\AvgZen) (Version: 1.181.3.2097 - AVG Technologies)
AVG (Version: 1.181.1 - AVG Technologies) Hidden
AVG Protection (HKLM-x32\...\AVG Antivirus) (Version: 17.3.3011 - AVG Technologies)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Blackboard Collaborate Launcher (HKLM-x32\...\{AEED1D32-C837-405A-8009-6660E3883C9E}) (Version: 1.6.4.0 - Blackboard)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Connected Music powered by Universal Music Group version 1.0 (HKLM-x32\...\{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1) (Version: 1.0 - Snowite)
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Crazy Chicken Soccer (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4.6515 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.4.2928 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.2.3317 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2527 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.3.2817 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.8.5511 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.6.6119 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DivX Setup (HKLM\...\DivX Setup) (Version: 3.0.0.125 - DivX, LLC)
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
FMW 1 (Version: 1.182.1 - AVG Technologies) Hidden
Google Photos Backup (HKU\S-1-5-21-570208440-388758986-1359718189-1001\...\Google Photos Backup) (Version: 1.1.2.13 - Google, Inc.)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-570208440-388758986-1359718189-1001\...\HPConnectedMusic) (Version: 1.1 (build 59) hp - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{E2C8D0C2-1C97-4C05-939A-5B13A0FE655C}) (Version: 2.20.31 - Hewlett-Packard Company)
HP Deskjet 2540 series Basic Device Software (HKLM\...\{6A79CD11-0C1C-4E24-A8C6-46A02F680346}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Deskjet 2540 series Help (HKLM-x32\...\{4539575D-C09D-4E71-B207-0F2D6BD74DA2}) (Version: 30.0.0 - Hewlett Packard)
HP Documentation (HKLM-x32\...\{1AC082E0-049D-4C5C-9ECF-9473AD5A949D}) (Version: 1.1.0.0 - Hewlett-Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.16432 - HP)
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.4.14.41 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.6.14.19 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
iCloud (HKLM\...\{7F40A9A7-B3BE-4EA8-B052-60449F6C3C02}) (Version: 6.2.1.67 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{164600BE-9CEC-44E6-9B38-2B12D5FE2342}) (Version: 12.6.0.100 - Apple Inc.)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest II (x32 Version: 2.2.0.97 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Artifacts (x32 Version: 2.2.0.110 - WildTangent) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7167.2060 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.7167.2060 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-570208440-388758986-1359718189-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
Norton Security (HKLM-x32\...\NS) (Version: 22.9.1.12 - Symantec Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7341.2032 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7341.2032 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7341.2032 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Pixillion Image Converter (HKLM-x32\...\Pixillion) (Version: 3.04 - NCH Software)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Product Improvement Study for HP Deskjet 2540 series (HKLM\...\{DF34643B-A745-430C-B27B-A48F853C81E4}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.2.0 - Ralink)
Ranch Rush 2 - Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
RealDownloader (x32 Version: 18.1.7.343 - RealNetworks) Hidden
RealDownloader (x32 Version: 18.1.7.343 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (RealTimes) (HKLM-x32\...\RealPlayer 18.1) (Version: 18.1.7 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Sense (HKLM-x32\...\Sense) (Version: Build 187 - The Open University) <==== ATTENTION
Sky Go Download Player (HKU\S-1-5-21-570208440-388758986-1359718189-1001\...\54448661.go.sky.com) (Version:  - go.sky.com)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.5.43 - Safer-Networking Ltd.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.98 - Synaptics Incorporated)
Titanbet Poker UK (HKU\S-1-5-21-570208440-388758986-1359718189-1001\...\Titanbet.co.uk) (Version:  - )
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
vc2012_redist (x32 Version: 1.0.0.0 - Realnetworks) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Video Downloader (x32 Version: 18.1.7 - RealNetworks) Hidden
Virtual Families (x32 Version: 2.2.0.98 - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.3 - VideoLAN)
vs2015_redist x64 (Version: 1.0.0.0 - Realnetworks) Hidden
vs2015_redist x86 (x32 Version: 1.0.0.0 - Realnetworks) Hidden
WD Backup (HKLM-x32\...\{a8c9535a-ecd9-4172-a330-0cb5ff9dbed9}) (Version: 1.5.5953.19614 - Western Digital Technologies, Inc.)
WD Backup (x32 Version: 1.5.5953.19614 - Western Digital Technologies, Inc) Hidden
WD Drive Utilities (HKLM-x32\...\{eab1fb93-61fb-48de-b815-b4e9b68d2ef1}) (Version: 1.3.2.2 - Western Digital Technologies, Inc.)
WD Drive Utilities (x32 Version: 1.3.2.2 - Western Digital Technologies, Inc.) Hidden
WD Quick View (HKLM-x32\...\{965D28B5-3C86-41FD-994E-D6376815C9B3}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{249644e6-451a-4a5c-bd5c-21eeb9eec79d}) (Version: 1.3.1.2 - Western Digital Technologies, Inc.)
WD Security (x32 Version: 1.3.1.2 - Western Digital Technologies, Inc.) Hidden
Web Companion (HKLM-x32\...\{9d637cbe-f767-4b30-9dda-3b594fab9057}) (Version: 2.3.1551.2994 - Lavasoft)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.6 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version:  - Yahoo Inc.)
ZoneAlarm Antivirus (x32 Version: 14.1.011.000 - Check Point Software Technologies Ltd.) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-570208440-388758986-1359718189-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-570208440-388758986-1359718189-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\hope\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-570208440-388758986-1359718189-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\hope\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-570208440-388758986-1359718189-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\hope\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00BA6206-D81D-47F8-8995-04E31755918E} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {00EA02AE-2B40-4A54-BA35-FB256333C6F7} - System32\Tasks\Norton Security\Norton Security Error Analyzer => C:\Program Files (x86)\Norton Security\Engine\22.9.1.12\SymErr.exe [2017-02-20] (Symantec Corporation)
Task: {06FF19FA-7B50-47BF-AA07-F9F5F0C18CB2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {094CD275-5C71-4753-B57E-5566CA859498} - \Microsoft\Windows\SideShow\AutoWake -> No File <==== ATTENTION
Task: {0D001C02-3B04-4E55-8EF3-A66772431420} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
Task: {0F6DBBD1-1FA5-490B-A482-1F43FCC689E6} - \Microsoft\Windows\SideShow\SystemDataProviders -> No File <==== ATTENTION
Task: {127E7245-C62A-4F5B-B50E-145F3E74FF16} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display -> No File <==== ATTENTION
Task: {157D426F-294C-4D4B-BDF8-9324FBD39F87} - \CLMLSvc_P2G8 -> No File <==== ATTENTION
Task: {1A4230A2-E136-4936-9B22-DDF624BB8332} - \Microsoft\Windows\IME\SQM data sender -> No File <==== ATTENTION
Task: {1E8C5C2C-44FA-4974-B6EB-1BD1E4DB8D18} - \Optimize Start Menu Cache Files-S-1-5-21-570208440-388758986-1359718189-1001 -> No File <==== ATTENTION
Task: {23FF5B52-CB56-44EF-AD8B-A9376EC20D5F} - System32\Tasks\Norton Security\Norton Security Error Processor => C:\Program Files (x86)\Norton Security\Engine\22.9.1.12\SymErr.exe [2017-02-20] (Symantec Corporation)
Task: {25DB0C8A-03DA-4521-A2F0-4C45F7F23935} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-570208440-388758986-1359718189-1001UA => C:\Users\hope\AppData\Local\Google\Update\GoogleUpdate.exe [2017-03-10] (Google Inc.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - \Microsoft\Windows\Workplace Join\Automatic-Workplace-Join -> No File <==== ATTENTION
Task: {3760D593-C9D4-4A4C-AB62-9B67620CF782} - \Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources -> No File <==== ATTENTION
Task: {3A1BBFFA-5A7A-4EF2-9CE3-62296A62CDD3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {3B05AC36-1618-45CD-86BD-50191D7C0818} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {3DCAFC04-965B-489A-920C-8ED1E23A7E7E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {46BA70BC-2D26-4895-AA57-C0A0B42F519C} - \RealTimes (32-bit)  -> No File <==== ATTENTION
Task: {489F2310-5578-4699-9210-68DED7950C7D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-02-02] (Adobe Systems Incorporated)
Task: {4AB423B9-A92D-4BD2-9728-214ECDC16348} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot -> No File <==== ATTENTION
Task: {4BF6C6D2-8F84-44B7-8008-0F5FAFEF79C6} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-570208440-388758986-1359718189-1001 => C:\program files (x86)\real\realplayer\RealDownloader\RealUpgrade.exe [2017-03-14] (RealNetworks, Inc.)
Task: {5343E0DF-163E-422F-B163-1CF5FBB57996} - \{B4ED0CB6-FF19-4F82-BC6D-C0585C68705C} -> No File <==== ATTENTION
Task: {574E858B-105C-45D3-AB95-EEA470728472} - \CreateChoiceProcessTask -> No File <==== ATTENTION
Task: {5A3FB241-0B11-4EA5-BC66-0D9F1B406040} - \Microsoft\Windows\Customer Experience Improvement Program\BthSQM -> No File <==== ATTENTION
Task: {6106DCD7-8EEF-40EC-BE33-B0FDB4351D6F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {62892DFB-B003-4708-9C90-54B7C4FFC82C} - \Microsoft\Windows\UpdateOrchestrator\Policy Install -> No File <==== ATTENTION
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - \Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task -> No File <==== ATTENTION
Task: {6F5747E6-3D03-4DCC-BA56-92954FB51DD3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {73212267-69BC-49F4-950E-E49259FE7E06} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {743CFB83-0F84-4CDF-B7B1-4243C600CBCB} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {7AC2E127-E4C2-49FF-996E-53EF955C940B} - \AVGPCTuneUp_Task_BkGndMaintenance -> No File <==== ATTENTION
Task: {7B10011F-7885-4048-B805-675C03851B4E} - System32\Tasks\Norton Security\Norton Security Autofix => C:\Program Files (x86)\Norton Security\Engine\22.9.1.12\SymErr.exe [2017-02-20] (Symantec Corporation)
Task: {7CF000F8-6CF2-4894-8A8C-567B5D1EFCA7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {81BC65E8-06FD-4C8B-B5A9-246F9740F55D} - \Microsoft\Windows\WindowsUpdate\AUScheduledInstall -> No File <==== ATTENTION
Task: {81D3B086-4C43-40AA-A13A-97E4DE1B17BF} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {86056263-EA16-49CE-956E-13DE753FF71C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - \Microsoft\Windows\SkyDrive\Routine Maintenance Task -> No File <==== ATTENTION
Task: {8B6759EE-1C08-4B8F-955C-774AB5A6544E} - \Microsoft\Windows\SideShow\SessionAgent -> No File <==== ATTENTION
Task: {9115B171-DD66-49E2-AB59-BCF80E4F262A} - \Synaptics TouchPad Enhancements -> No File <==== ATTENTION
Task: {91EE41F1-437D-4100-8D65-7CF20CAB258F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {933A444A-819A-40E8-85ED-490C2DB537E5} - \Microsoft\Windows Live\SOXE\Extractor Definitions Update Task -> No File <==== ATTENTION
Task: {A1805C79-604A-456A-8D2E-8685AF895363} - \Microsoft\Windows\WindowsUpdate\AUFirmwareInstall -> No File <==== ATTENTION
Task: {A29250F0-CD14-4EA4-A569-558533A8A095} - \Safer-Networking\Spybot - Search and Destroy\Scan the system -> No File <==== ATTENTION
Task: {A5A8CE60-934F-4BF6-BC73-71A9C519289B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-04-06] (HP Inc.)
Task: {AACC3A46-628B-4AE0-BE2C-76D40DC8293B} - \CLVDLauncher -> No File <==== ATTENTION
Task: {B43B0CDB-ECBE-44A0-A265-583EAB46B443} - System32\Tasks\RealDownloader Update Check => C:\program files (x86)\real\realplayer\RealDownloader\downloader2.exe [2017-03-14] ()
Task: {B5871E2F-408C-44D8-AF59-84F00C8AEE8D} - \Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon -> No File <==== ATTENTION
Task: {BB569C30-2735-4124-A44C-1623B09FC6A9} - \Microsoft\Windows\Shell\FamilySafetyUpload -> No File <==== ATTENTION
Task: {BDD77D1A-F9D9-4742-A105-6C16B8A2C81D} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-570208440-388758986-1359718189-1001 => C:\program files (x86)\real\realplayer\RealDownloader\RealUpgrade.exe [2017-03-14] (RealNetworks, Inc.)
Task: {BEBB457A-DA7B-49A8-B314-EBBCB80DBCD3} - \MirageAgent -> No File <==== ATTENTION
Task: {C0A93ECC-ADCA-44CE-B744-A9EFB134FC8E} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security\Engine\22.9.1.12\WSCStub.exe [2017-03-16] (Symantec Corporation)
Task: {C4AE3C3E-C327-4689-B6FD-C11FB31AE88B} - \Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler -> No File <==== ATTENTION
Task: {C5921E2D-B3E3-49B4-8B3B-AC8293D0E316} - \Safer-Networking\Spybot - Search and Destroy\Check for updates -> No File <==== ATTENTION
Task: {C9DCF59E-6B97-4C0C-8641-B8261089C8CA} - \Microsoft\Windows\MobilePC\HotStart -> No File <==== ATTENTION
Task: {CC7A5F3B-F861-43ED-A34C-FF8646D3858B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {CDB6A6D2-480B-4B19-8201-7CF320187B0E} - System32\Tasks\DivXUpdate => C:\Program Files (x86)\Common Files\DivX Shared\Qt4.8\DivXUpdate.exe [2016-11-11] (DivX, LLC)
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - \Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor -> No File <==== ATTENTION
Task: {CE424F68-B674-4DBF-89AD-1BB5B4D3F954} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {CE83BCF9-1949-4102-809D-66D445643CE7} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {D16B39B0-EEB7-4440-A0FC-CDA48D73E551} - \HPCustParticipation HP Deskjet 2540 series -> No File <==== ATTENTION
Task: {D7A0273A-5CDB-4CDD-AD46-F593381B905D} - \Safer-Networking\Spybot - Search and Destroy\Refresh immunization -> No File <==== ATTENTION
Task: {DB21EF32-6BA9-4118-BBC1-BC4FF48961E5} - \Microsoft\Windows\SideShow\GadgetManager -> No File <==== ATTENTION
Task: {E2F0EF29-5289-4FBE-810B-500D41FEA60C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-570208440-388758986-1359718189-1001Core => C:\Users\hope\AppData\Local\Google\Update\GoogleUpdate.exe [2017-03-10] (Google Inc.)
Task: {E729C222-0BD6-430A-821F-B13005108462} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-04-01] (HP Inc.)
Task: {EB572211-79AC-4256-81AA-51E1447DDDDD} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2017-04-26] (AVG Technologies CZ, s.r.o.)
Task: {EB99B3D0-1771-48BE-98BC-DB6DB740801D} - \Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start -> No File <==== ATTENTION
Task: {F3A4BC5C-8E93-4CF8-9941-045133106B81} - \Microsoft\Windows\WindowsUpdate\AUSessionConnect -> No File <==== ATTENTION
Task: {F8BC94FF-3998-4B32-8128-CF2182CDB3EC} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {FB3A4E4E-5EFC-479D-BD54-0159792211F5} - \Microsoft\Windows\WindowsUpdate\Scheduled Start With Network -> No File <==== ATTENTION
Task: {FE8AF828-A1EB-4BA9-851B-62F02DCBE2C1} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForhope.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\hope\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-04-13 21:58 - 2017-03-28 07:22 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-03-16 17:08 - 2017-03-16 17:08 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-03-14 21:44 - 2017-03-14 21:44 - 00035104 _____ () C:\program files (x86)\real\realplayer\UpdateService\RealPlayerUpdateSvc.exe
2017-04-13 21:58 - 2017-03-28 07:22 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-24 16:55 - 2016-09-05 15:50 - 08921800 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-09-25 13:48 - 2016-09-25 13:48 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-15 14:46 - 2017-03-04 07:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-15 14:47 - 2017-03-04 07:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-15 14:47 - 2017-03-04 07:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-15 14:47 - 2017-03-04 07:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-04-13 21:57 - 2017-03-28 06:07 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-04-13 21:57 - 2017-03-28 06:08 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-04-13 21:58 - 2017-03-28 06:11 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2012-06-27 07:42 - 2012-06-27 07:42 - 00607744 _____ () C:\WINDOWS\system32\spool\DRIVERS\x64\3\JobCapsA.DLL
2016-04-14 12:21 - 2017-04-16 20:55 - 00025192 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
2016-04-14 12:21 - 2017-04-16 20:55 - 00017000 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.Service.Logger.dll
2016-04-14 12:21 - 2017-04-16 20:55 - 00036968 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WcfService.dll
2017-03-14 20:56 - 2017-03-14 20:56 - 00738032 _____ () C:\program files (x86)\real\realplayer\RealDownloader\downloader2.exe
2017-04-26 09:46 - 2017-04-26 09:46 - 00077312 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.14.662.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-04-26 09:46 - 2017-04-26 09:46 - 00190464 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.14.662.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-04-26 09:46 - 2017-04-26 09:46 - 43011072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.14.662.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-04-26 09:46 - 2017-04-26 09:46 - 02451456 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.14.662.0_x64__kzf8qxf38zg5c\skypert.dll
2017-02-21 14:45 - 2017-02-21 14:45 - 07779064 _____ () C:\Program Files\Common Files\adaware\adaware antivirus\updater\12.0.649.11190\AdAwareUpdater.exe
2017-02-21 14:53 - 2017-02-21 14:53 - 00144856 _____ () C:\Program Files\Common Files\adaware\adaware antivirus\updater\12.0.649.11190\boost_filesystem-vc140-mt-1_61.dll
2017-02-21 14:53 - 2017-02-21 14:53 - 00030680 _____ () C:\Program Files\Common Files\adaware\adaware antivirus\updater\12.0.649.11190\boost_system-vc140-mt-1_61.dll
2017-02-21 14:53 - 2017-02-21 14:53 - 00733144 _____ () C:\Program Files\Common Files\adaware\adaware antivirus\updater\12.0.649.11190\boost_log-vc140-mt-1_61.dll
2017-02-21 14:53 - 2017-02-21 14:53 - 00121816 _____ () C:\Program Files\Common Files\adaware\adaware antivirus\updater\12.0.649.11190\boost_thread-vc140-mt-1_61.dll
2017-02-21 14:53 - 2017-02-21 14:53 - 00067544 _____ () C:\Program Files\Common Files\adaware\adaware antivirus\updater\12.0.649.11190\boost_date_time-vc140-mt-1_61.dll
2017-02-21 14:53 - 2017-02-21 14:53 - 00524760 _____ () C:\Program Files\Common Files\adaware\adaware antivirus\updater\12.0.649.11190\boost_locale-vc140-mt-1_61.dll
2017-02-21 14:53 - 2017-02-21 14:53 - 00039384 _____ () C:\Program Files\Common Files\adaware\adaware antivirus\updater\12.0.649.11190\boost_chrono-vc140-mt-1_61.dll
2017-02-21 14:53 - 2017-02-21 14:53 - 04887512 _____ () C:\Program Files\Common Files\adaware\adaware antivirus\updater\12.0.649.11190\AdAwareUpdaterKernel.dll
2017-02-21 14:53 - 2017-02-21 14:53 - 03712984 _____ () C:\Program Files\Common Files\adaware\adaware antivirus\updater\12.0.649.11190\RCF.dll
2017-02-21 14:53 - 2017-02-21 14:53 - 00491992 _____ () C:\Program Files\Common Files\adaware\adaware antivirus\updater\12.0.649.11190\boost_program_options-vc140-mt-1_61.dll
2017-02-21 14:53 - 2017-02-21 14:53 - 01000920 _____ () C:\Program Files\Common Files\adaware\adaware antivirus\updater\12.0.649.11190\boost_regex-vc140-mt-1_61.dll
2017-02-21 14:53 - 2017-02-21 14:53 - 00022488 _____ () C:\Program Files\Common Files\adaware\adaware antivirus\updater\12.0.649.11190\QtWebEngineProcess.exe
2017-04-13 21:58 - 2017-03-28 07:26 - 03388256 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll
2017-04-13 21:58 - 2017-03-28 07:13 - 02263904 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll
2016-04-29 16:22 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-04-29 16:22 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-04-29 16:22 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-04-29 16:22 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2017-03-14 21:44 - 2017-03-14 21:44 - 00040248 _____ () C:\program files (x86)\real\realplayer\UpdateService\DL2UpdatePlugin.dll
2017-03-14 21:44 - 2017-03-14 21:44 - 00042296 _____ () C:\program files (x86)\real\realplayer\UpdateService\RealDownloaderUpdatePlugin.dll
2017-03-14 21:43 - 2017-03-14 21:43 - 00039752 _____ () C:\program files (x86)\real\realplayer\UpdateService\VideoDLUpdatePlugin.dll
2012-12-29 00:05 - 2012-06-25 19:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-06-28 23:15 - 2012-06-08 04:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 11:34 - 2012-06-08 11:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2017-03-16 17:09 - 2017-03-16 17:09 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2017-03-16 17:08 - 2017-03-16 17:08 - 00189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2016-09-01 18:13 - 2016-09-01 18:13 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-08 23:35 - 2016-04-08 23:35 - 03481600 _____ () C:\Users\hope\AppData\Local\Programs\Google\Google Photos Backup\gpuploader_i18n.dll
2015-10-11 17:25 - 2017-04-16 20:55 - 00137320 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll
2016-04-14 12:21 - 2017-04-16 20:55 - 00058472 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Common.Platform.dll
2016-04-14 12:21 - 2017-04-16 20:55 - 00018024 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.UpdateComponents.dll
2015-10-11 17:25 - 2017-04-16 20:55 - 00301672 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll
2016-04-14 12:21 - 2017-04-16 20:55 - 00030312 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.AvastWrapper.dll
2015-10-11 17:25 - 2017-04-16 20:55 - 00058984 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll
2015-10-11 17:25 - 2017-04-16 20:55 - 00128104 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.PUP.Management.dll
2015-10-11 17:25 - 2017-04-16 20:55 - 00078952 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SysInfo.dll
2015-10-11 17:25 - 2017-04-16 20:55 - 00044136 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.CSharp.Utilities.dll
2017-04-26 11:20 - 2017-04-26 11:19 - 48920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
2017-04-26 11:25 - 2017-04-26 11:25 - 00171208 _____ () C:\Program Files (x86)\AVG\Antivirus\JsonRpcServer.dll
2017-04-26 11:25 - 2017-04-26 11:25 - 48936448 _____ () C:\Program Files (x86)\AVG\Antivirus\libcef.dll
2017-04-26 11:25 - 2017-04-26 11:25 - 00177472 _____ () C:\Program Files (x86)\AVG\Antivirus\event_routing_rpc.dll
2017-04-26 11:25 - 2017-04-26 11:25 - 00654504 _____ () C:\Program Files (x86)\AVG\Antivirus\ffl2.dll
2016-09-24 16:54 - 2016-09-05 14:09 - 08921792 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-570208440-388758986-1359718189-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-570208440-388758986-1359718189-1001\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-570208440-388758986-1359718189-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\hope\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "RealTimes.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "HP Quick Launch"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "ZoneAlarm"
HKLM\...\StartupApproved\Run32: => "TkBellExe"
HKLM\...\StartupApproved\Run32: => "DivXMediaServer"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKLM\...\StartupApproved\Run32: => "RealDownloader"
HKU\S-1-5-21-570208440-388758986-1359718189-1001\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"
HKU\S-1-5-21-570208440-388758986-1359718189-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{45AF4ED5-8474-46DF-AADE-89108F0D1492}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{9D362B49-91DA-48DE-90E5-14A0B83AEDAE}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{C6C96C1D-BCB7-41C5-B583-56E9DA7C5660}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{E8BED55D-51C2-40D5-B5FF-65C230AE18A3}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{019CE4D5-B8C0-4730-AAEE-27DDA908CF95}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{A1A10922-0AAD-46A8-B16F-38582951CF6D}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{A1598C79-044E-4374-8C9D-A104F3C36989}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{FE630604-4876-40D9-B39E-521FA682542B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{F9AC6840-B94A-4D0D-A57B-21470EACBE9C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0BD58C84-79D6-48C0-999A-66478F5DACDD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CE073E4C-4378-45C0-9AB3-35DF8F952231}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6B9B41BD-740D-45BC-9B26-A75C3DC1F6CB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{98B97539-B54E-4C8E-9A3B-526F81A62758}] => (Allow) LPort=1900
FirewallRules: [{54DEBB77-390E-48BF-92F6-B577C334E4B0}] => (Allow) LPort=2869
FirewallRules: [{435FE520-3357-4E2B-A580-297B84A30114}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{6B828A61-64DC-424B-9097-A4BC4972BD0B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{D55270E8-858F-4641-ACBC-CE8AAA932A9F}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetup.exe
FirewallRules: [{BAA854DB-3FC0-4C38-8DF1-315800C0B18F}] => (Allow) LPort=5357
FirewallRules: [{91950B90-026C-4F43-A324-538049879458}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{6227134E-979F-4C22-A94C-9A12A5CB9F31}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0D70D979-9D90-4139-888B-E7DAB4C4B187}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{352DC1DA-5BF8-4777-A264-572E6AD236CB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1E2B3B10-8D4F-4D2A-878D-9951350A7926}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{577F621B-B888-4226-8074-BE9FA278F799}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{B85559E4-DA46-4E2A-9E08-3033E1535C0E}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{4040FA2E-0147-427F-9227-C6C1B1FCFD69}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{2EE30A3B-7EDE-447E-8831-102CEC2C0F6B}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [TCP Query User{77DDA0DA-DE57-4595-9444-1E8A97BBC633}C:\users\hope\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_80\bin\javaw.exe] => (Block) C:\users\hope\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_80\bin\javaw.exe
FirewallRules: [UDP Query User{82EA02C4-8450-4496-89D4-AD60074BF1D0}C:\users\hope\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_80\bin\javaw.exe] => (Block) C:\users\hope\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_80\bin\javaw.exe
FirewallRules: [{63FA06DF-0CB3-41F1-9002-433B9869DBE6}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{C7E29C46-81AE-4DC8-86BD-739058692414}] => (Allow) C:\Program Files\iTunes\iTunes.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

24-03-2017 13:24:31 Windows Update
15-04-2017 23:10:09 Windows Update
23-04-2017 11:22:46 Windows Update
26-04-2017 11:18:42 AA11

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (04/26/2017 11:39:31 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDWinLogon.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDWinLogon.dll" on line 2.
The manifest file root element must be assembly.

Error: (04/26/2017 11:39:31 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDTasks.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDTasks.dll" on line 2.
The manifest file root element must be assembly.

Error: (04/26/2017 11:39:30 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\Tools.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\Tools.dll" on line 2.
The manifest file root element must be assembly.

Error: (04/26/2017 11:39:30 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDLists.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDLists.dll" on line 2.
The manifest file root element must be assembly.

Error: (04/26/2017 11:39:29 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDHookDrv64.sys".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDHookDrv64.sys" on line 2.
The manifest file root element must be assembly.

Error: (04/26/2017 11:39:29 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDLicense.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDLicense.dll" on line 2.
The manifest file root element must be assembly.

Error: (04/26/2017 11:39:29 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDHookDrv32.sys".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDHookDrv32.sys" on line 2.
The manifest file root element must be assembly.

Error: (04/26/2017 11:39:29 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDFileScanLibrary.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDFileScanLibrary.dll" on line 2.
The manifest file root element must be assembly.

Error: (04/26/2017 11:39:29 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDFileScanHelper.exe".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDFileScanHelper.exe" on line 2.
The manifest file root element must be assembly.

Error: (04/26/2017 11:39:29 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDEvents.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDEvents.dll" on line 2.
The manifest file root element must be assembly.

System errors:
=============
Error: (04/26/2017 11:37:46 AM) (Source: DCOM) (EventID: 10010) (User: HOPE)
Description: The server {37998346-3765-45B1-8C66-AA88CA6B20B8} did not register with DCOM within the required timeout.

Error: (04/26/2017 10:50:24 AM) (Source: DCOM) (EventID: 10010) (User: HOPE)
Description: The server Cortana.ActionUris.ActionUri did not register with DCOM within the required timeout.

Error: (04/26/2017 10:35:47 AM) (Source: DCOM) (EventID: 10010) (User: HOPE)
Description: The server {37998346-3765-45B1-8C66-AA88CA6B20B8} did not register with DCOM within the required timeout.

Error: (04/26/2017 09:40:06 AM) (Source: DCOM) (EventID: 10010) (User: HOPE)
Description: The server {21F282D1-A881-49E1-9A3A-26E44E39B86C} did not register with DCOM within the required timeout.

Error: (04/25/2017 09:44:08 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/25/2017 09:29:18 PM) (Source: DCOM) (EventID: 10010) (User: HOPE)
Description: The server {21F282D1-A881-49E1-9A3A-26E44E39B86C} did not register with DCOM within the required timeout.

Error: (04/25/2017 07:58:11 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/25/2017 07:29:55 PM) (Source: DCOM) (EventID: 10010) (User: HOPE)
Description: The server {21F282D1-A881-49E1-9A3A-26E44E39B86C} did not register with DCOM within the required timeout.

Error: (04/25/2017 07:28:13 PM) (Source: DCOM) (EventID: 10010) (User: HOPE)
Description: The server App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca did not register with DCOM within the required timeout.

Error: (04/25/2017 01:36:50 PM) (Source: DCOM) (EventID: 10010) (User: HOPE)
Description: The server {21F282D1-A881-49E1-9A3A-26E44E39B86C} did not register with DCOM within the required timeout.

==================== Memory info ===========================

Processor: Intel® Core™ i3-3110M CPU @ 2.40GHz
Percentage of memory in use: 57%
Total physical RAM: 6036.27 MB
Available physical RAM: 2544.3 MB
Total Virtual: 6996.27 MB
Available Virtual: 2275.57 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:676.57 GB) (Free:583.97 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:20.12 GB) (Free:2.45 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive z: () (Fixed) (Total:0.25 GB) (Free:0.15 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 5B88DBE8)

Partition: GPT.

==================== End of Addition.txt ============================

 

 

 


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,725 posts
  • MVP

The German adage, "if some is good, more is better and too much is just right" does not apply to antivirus programs.  You only want one as they fight each other.

 

I assume you have a license for Norton so leave it and uninstall:

 

adaware antivirus

AVG

ZoneAlarm Antivirus (FRST says it is hidden so you may not be able to uninstall it yet)

Spybot - Search & Destroy (not an antivirus but not recommended on anything newer than Win 2000)  Hopefully you did not let it immunize your system.  If so try to get it to remove it before you uninstall.

 

It looks like you may have some file system damage so force it to do a disk check:  chkdsk C: /f /r /x

 

Instructions here:

https://www.tekrevue...dsk-windows-10/

 

Once that finishes then check your system files:

 

 

Open an elevated command prompt:
 
 
If you open an elevated command prompt it will by default open in c:\Windows\system32
 
Once you have an elevated command prompt:
 
Type:
 
 DISM  /Online  /Cleanup-Image  /RestoreHealth
 (I use two spaces so you can be sure to see where one space goes.)
Hit Enter.  This will take a while (10-20 minutes) to complete.  Once the prompt returns:
 
Reboot.  Open an elevated Command Prompt again and type (with an Enter after the line):
 
sfc  /scannow
 
 
This will also take a few minutes.  
 
When it finishes it will say one of the following:
 
Windows did not find any integrity violations (a good thing)
Windows Resource Protection found corrupt files and repaired them (a good thing)
Windows Resource Protection found corrupt files but was unable to fix some (or all) of them (not a good thing)
 
Tell me which one it says.  Now type:
 
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \junk.txt 
 
Hit Enter.  Then type::
 
 
notepad  \junk.txt 
 
Hit Enter. 
 
 Copy the text from notepad and paste it into a reply.
 
 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)
 

 

 
Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.
 
 
Get Process Explorer
 
Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute then:
 
File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.
 
 
Get the free version of Speccy:
 
http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER if it asks.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), 
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.
 
First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.
 
 

  • 0

#3
o0hope0o

o0hope0o

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

Thank you for your quick reply, I will post later when I have done the above.


  • 0

#4
o0hope0o

o0hope0o

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

Hi

 

I hope this is ok, sorry its a pretty long post. Since I've ran check disk, my pc does seem a lot better now(thank you).

 

I ran the check disk and it froze on 11%, so left it over night and seems to have completed. 

Windows did not find any integrity violations (a good thing), was the result from the scan.

 

Junk file

 

2017-04-26 19:22:19, Info                  CSI    00000006 [SR] Verifying 100 components
2017-04-26 19:22:19, Info                  CSI    00000007 [SR] Beginning Verify and Repair transaction
2017-04-26 19:22:22, Info                  CSI    0000006c [SR] Verify complete
2017-04-26 19:22:22, Info                  CSI    0000006d [SR] Verifying 100 components
2017-04-26 19:22:22, Info                  CSI    0000006e [SR] Beginning Verify and Repair transaction
2017-04-26 19:22:24, Info                  CSI    000000d3 [SR] Verify complete
2017-04-26 19:22:25, Info                  CSI    000000d4 [SR] Verifying 100 components
2017-04-26 19:22:25, Info                  CSI    000000d5 [SR] Beginning Verify and Repair transaction
2017-04-26 19:22:27, Info                  CSI    0000013a [SR] Verify complete
2017-04-26 19:22:27, Info                  CSI    0000013b [SR] Verifying 100 components
2017-04-26 19:22:27, Info                  CSI    0000013c [SR] Beginning Verify and Repair transaction
2017-04-26 19:22:30, Info                  CSI    000001a1 [SR] Verify complete
2017-04-26 19:22:30, Info                  CSI    000001a2 [SR] Verifying 100 components
2017-04-26 19:22:30, Info                  CSI    000001a3 [SR] Beginning Verify and Repair transaction
2017-04-26 19:22:33, Info                  CSI    00000208 [SR] Verify complete
2017-04-26 19:22:33, Info                  CSI    00000209 [SR] Verifying 100 components
2017-04-26 19:22:33, Info                  CSI    0000020a [SR] Beginning Verify and Repair transaction
2017-04-26 19:22:35, Info                  CSI    0000026f [SR] Verify complete
2017-04-26 19:22:36, Info                  CSI    00000270 [SR] Verifying 100 components
2017-04-26 19:22:36, Info                  CSI    00000271 [SR] Beginning Verify and Repair transaction
2017-04-26 19:22:38, Info                  CSI    000002d6 [SR] Verify complete
2017-04-26 19:22:38, Info                  CSI    000002d7 [SR] Verifying 100 components
2017-04-26 19:22:38, Info                  CSI    000002d8 [SR] Beginning Verify and Repair transaction
2017-04-26 19:22:41, Info                  CSI    0000033d [SR] Verify complete
2017-04-26 19:22:41, Info                  CSI    0000033e [SR] Verifying 100 components
2017-04-26 19:22:41, Info                  CSI    0000033f [SR] Beginning Verify and Repair transaction
2017-04-26 19:22:43, Info                  CSI    000003a4 [SR] Verify complete
2017-04-26 19:22:43, Info                  CSI    000003a5 [SR] Verifying 100 components
2017-04-26 19:22:43, Info                  CSI    000003a6 [SR] Beginning Verify and Repair transaction
2017-04-26 19:22:46, Info                  CSI    0000040b [SR] Verify complete
2017-04-26 19:22:46, Info                  CSI    0000040c [SR] Verifying 100 components
2017-04-26 19:22:46, Info                  CSI    0000040d [SR] Beginning Verify and Repair transaction
2017-04-26 19:22:49, Info                  CSI    00000472 [SR] Verify complete
2017-04-26 19:22:49, Info                  CSI    00000473 [SR] Verifying 100 components
2017-04-26 19:22:49, Info                  CSI    00000474 [SR] Beginning Verify and Repair transaction
2017-04-26 19:22:51, Info                  CSI    000004d9 [SR] Verify complete
2017-04-26 19:22:51, Info                  CSI    000004da [SR] Verifying 100 components
2017-04-26 19:22:51, Info                  CSI    000004db [SR] Beginning Verify and Repair transaction
2017-04-26 19:22:54, Info                  CSI    00000540 [SR] Verify complete
2017-04-26 19:22:54, Info                  CSI    00000541 [SR] Verifying 100 components
2017-04-26 19:22:54, Info                  CSI    00000542 [SR] Beginning Verify and Repair transaction
2017-04-26 19:22:56, Info                  CSI    000005a7 [SR] Verify complete
2017-04-26 19:22:56, Info                  CSI    000005a8 [SR] Verifying 100 components
2017-04-26 19:22:56, Info                  CSI    000005a9 [SR] Beginning Verify and Repair transaction
2017-04-26 19:22:59, Info                  CSI    0000060e [SR] Verify complete
2017-04-26 19:22:59, Info                  CSI    0000060f [SR] Verifying 100 components
2017-04-26 19:22:59, Info                  CSI    00000610 [SR] Beginning Verify and Repair transaction
2017-04-26 19:23:01, Info                  CSI    00000675 [SR] Verify complete
2017-04-26 19:23:02, Info                  CSI    00000676 [SR] Verifying 100 components
2017-04-26 19:23:02, Info                  CSI    00000677 [SR] Beginning Verify and Repair transaction
2017-04-26 19:23:04, Info                  CSI    000006dc [SR] Verify complete
2017-04-26 19:23:04, Info                  CSI    000006dd [SR] Verifying 100 components
2017-04-26 19:23:04, Info                  CSI    000006de [SR] Beginning Verify and Repair transaction
2017-04-26 19:23:07, Info                  CSI    00000743 [SR] Verify complete
2017-04-26 19:23:07, Info                  CSI    00000744 [SR] Verifying 100 components
2017-04-26 19:23:07, Info                  CSI    00000745 [SR] Beginning Verify and Repair transaction
2017-04-26 19:23:10, Info                  CSI    000007ad [SR] Verify complete
2017-04-26 19:23:10, Info                  CSI    000007ae [SR] Verifying 100 components
2017-04-26 19:23:10, Info                  CSI    000007af [SR] Beginning Verify and Repair transaction
2017-04-26 19:23:13, Info                  CSI    00000814 [SR] Verify complete
2017-04-26 19:23:13, Info                  CSI    00000815 [SR] Verifying 100 components
2017-04-26 19:23:13, Info                  CSI    00000816 [SR] Beginning Verify and Repair transaction
2017-04-26 19:23:15, Info                  CSI    0000087b [SR] Verify complete
2017-04-26 19:23:15, Info                  CSI    0000087c [SR] Verifying 100 components
2017-04-26 19:23:15, Info                  CSI    0000087d [SR] Beginning Verify and Repair transaction
2017-04-26 19:23:18, Info                  CSI    000008e2 [SR] Verify complete
2017-04-26 19:23:18, Info                  CSI    000008e3 [SR] Verifying 100 components
2017-04-26 19:23:18, Info                  CSI    000008e4 [SR] Beginning Verify and Repair transaction
2017-04-26 19:23:21, Info                  CSI    00000949 [SR] Verify complete
2017-04-26 19:23:21, Info                  CSI    0000094a [SR] Verifying 100 components
2017-04-26 19:23:21, Info                  CSI    0000094b [SR] Beginning Verify and Repair transaction
2017-04-26 19:23:23, Info                  CSI    000009b0 [SR] Verify complete
2017-04-26 19:23:23, Info                  CSI    000009b1 [SR] Verifying 100 components
2017-04-26 19:23:23, Info                  CSI    000009b2 [SR] Beginning Verify and Repair transaction
2017-04-26 19:23:25, Info                  CSI    00000a17 [SR] Verify complete
2017-04-26 19:23:25, Info                  CSI    00000a18 [SR] Verifying 100 components
2017-04-26 19:23:25, Info                  CSI    00000a19 [SR] Beginning Verify and Repair transaction
2017-04-26 19:23:27, Info                  CSI    00000a7e [SR] Verify complete
2017-04-26 19:23:27, Info                  CSI    00000a7f [SR] Verifying 100 components
2017-04-26 19:23:27, Info                  CSI    00000a80 [SR] Beginning Verify and Repair transaction
2017-04-26 19:23:29, Info                  CSI    00000ae5 [SR] Verify complete
2017-04-26 19:23:30, Info                  CSI    00000ae6 [SR] Verifying 100 components
2017-04-26 19:23:30, Info                  CSI    00000ae7 [SR] Beginning Verify and Repair transaction
2017-04-26 19:23:33, Info                  CSI    00000b4c [SR] Verify complete
2017-04-26 19:23:33, Info                  CSI    00000b4d [SR] Verifying 100 components
2017-04-26 19:23:33, Info                  CSI    00000b4e [SR] Beginning Verify and Repair transaction
2017-04-26 19:23:38, Info                  CSI    00000bb3 [SR] Verify complete
2017-04-26 19:23:38, Info                  CSI    00000bb4 [SR] Verifying 100 components
2017-04-26 19:23:38, Info                  CSI    00000bb5 [SR] Beginning Verify and Repair transaction
2017-04-26 19:23:40, Info                  CSI    00000c1a [SR] Verify complete
2017-04-26 19:23:40, Info                  CSI    00000c1b [SR] Verifying 100 components
2017-04-26 19:23:40, Info                  CSI    00000c1c [SR] Beginning Verify and Repair transaction
2017-04-26 19:23:43, Info                  CSI    00000c81 [SR] Verify complete
2017-04-26 19:23:43, Info                  CSI    00000c82 [SR] Verifying 100 components
2017-04-26 19:23:43, Info                  CSI    00000c83 [SR] Beginning Verify and Repair transaction
2017-04-26 19:23:45, Info                  CSI    00000ce8 [SR] Verify complete
2017-04-26 19:23:45, Info                  CSI    00000ce9 [SR] Verifying 100 components
2017-04-26 19:23:45, Info                  CSI    00000cea [SR] Beginning Verify and Repair transaction
2017-04-26 19:23:48, Info                  CSI    00000d4f [SR] Verify complete
2017-04-26 19:23:48, Info                  CSI    00000d50 [SR] Verifying 100 components
2017-04-26 19:23:48, Info                  CSI    00000d51 [SR] Beginning Verify and Repair transaction
2017-04-26 19:23:51, Info                  CSI    00000db6 [SR] Verify complete
2017-04-26 19:23:51, Info                  CSI    00000db7 [SR] Verifying 100 components
2017-04-26 19:23:51, Info                  CSI    00000db8 [SR] Beginning Verify and Repair transaction
2017-04-26 19:23:53, Info                  CSI    00000e1d [SR] Verify complete
2017-04-26 19:23:53, Info                  CSI    00000e1e [SR] Verifying 100 components
2017-04-26 19:23:53, Info                  CSI    00000e1f [SR] Beginning Verify and Repair transaction
2017-04-26 19:23:55, Info                  CSI    00000e84 [SR] Verify complete
2017-04-26 19:23:55, Info                  CSI    00000e85 [SR] Verifying 100 components
2017-04-26 19:23:55, Info                  CSI    00000e86 [SR] Beginning Verify and Repair transaction
2017-04-26 19:23:57, Info                  CSI    00000eeb [SR] Verify complete
2017-04-26 19:23:57, Info                  CSI    00000eec [SR] Verifying 100 components
2017-04-26 19:23:57, Info                  CSI    00000eed [SR] Beginning Verify and Repair transaction
2017-04-26 19:24:00, Info                  CSI    00000f52 [SR] Verify complete
2017-04-26 19:24:00, Info                  CSI    00000f53 [SR] Verifying 100 components
2017-04-26 19:24:00, Info                  CSI    00000f54 [SR] Beginning Verify and Repair transaction
2017-04-26 19:24:03, Info                  CSI    00000fc1 [SR] Verify complete
2017-04-26 19:24:03, Info                  CSI    00000fc2 [SR] Verifying 100 components
2017-04-26 19:24:03, Info                  CSI    00000fc3 [SR] Beginning Verify and Repair transaction
2017-04-26 19:24:05, Info                  CSI    00001028 [SR] Verify complete
2017-04-26 19:24:05, Info                  CSI    00001029 [SR] Verifying 100 components
2017-04-26 19:24:05, Info                  CSI    0000102a [SR] Beginning Verify and Repair transaction
2017-04-26 19:24:07, Info                  CSI    0000108f [SR] Verify complete
2017-04-26 19:24:07, Info                  CSI    00001090 [SR] Verifying 100 components
2017-04-26 19:24:07, Info                  CSI    00001091 [SR] Beginning Verify and Repair transaction
2017-04-26 19:24:09, Info                  CSI    000010fd [SR] Verify complete
2017-04-26 19:24:09, Info                  CSI    000010fe [SR] Verifying 100 components
2017-04-26 19:24:09, Info                  CSI    000010ff [SR] Beginning Verify and Repair transaction
2017-04-26 19:24:11, Info                  CSI    00001167 [SR] Verify complete
2017-04-26 19:24:11, Info                  CSI    00001168 [SR] Verifying 100 components
2017-04-26 19:24:11, Info                  CSI    00001169 [SR] Beginning Verify and Repair transaction
2017-04-26 19:24:12, Info                  CSI    000011ce [SR] Verify complete
2017-04-26 19:24:13, Info                  CSI    000011cf [SR] Verifying 100 components
2017-04-26 19:24:13, Info                  CSI    000011d0 [SR] Beginning Verify and Repair transaction
2017-04-26 19:24:17, Info                  CSI    0000123d [SR] Verify complete
2017-04-26 19:24:17, Info                  CSI    0000123e [SR] Verifying 100 components
2017-04-26 19:24:17, Info                  CSI    0000123f [SR] Beginning Verify and Repair transaction
2017-04-26 19:24:24, Info                  CSI    000012be [SR] Verify complete
2017-04-26 19:24:24, Info                  CSI    000012bf [SR] Verifying 100 components
2017-04-26 19:24:24, Info                  CSI    000012c0 [SR] Beginning Verify and Repair transaction
2017-04-26 19:24:29, Info                  CSI    0000132f [SR] Verify complete
2017-04-26 19:24:29, Info                  CSI    00001330 [SR] Verifying 100 components
2017-04-26 19:24:29, Info                  CSI    00001331 [SR] Beginning Verify and Repair transaction
2017-04-26 19:24:34, Info                  CSI    0000139b [SR] Verify complete
2017-04-26 19:24:34, Info                  CSI    0000139c [SR] Verifying 100 components
2017-04-26 19:24:34, Info                  CSI    0000139d [SR] Beginning Verify and Repair transaction
2017-04-26 19:24:38, Info                  CSI    00001410 [SR] Verify complete
2017-04-26 19:24:38, Info                  CSI    00001411 [SR] Verifying 100 components
2017-04-26 19:24:38, Info                  CSI    00001412 [SR] Beginning Verify and Repair transaction
2017-04-26 19:24:42, Info                  CSI    0000148d [SR] Verify complete
2017-04-26 19:24:42, Info                  CSI    0000148e [SR] Verifying 100 components
2017-04-26 19:24:42, Info                  CSI    0000148f [SR] Beginning Verify and Repair transaction
2017-04-26 19:24:46, Info                  CSI    00001553 [SR] Verify complete
2017-04-26 19:24:46, Info                  CSI    00001554 [SR] Verifying 100 components
2017-04-26 19:24:46, Info                  CSI    00001555 [SR] Beginning Verify and Repair transaction
2017-04-26 19:24:52, Info                  CSI    000015bd [SR] Verify complete
2017-04-26 19:24:52, Info                  CSI    000015be [SR] Verifying 100 components
2017-04-26 19:24:52, Info                  CSI    000015bf [SR] Beginning Verify and Repair transaction
2017-04-26 19:24:57, Info                  CSI    00001624 [SR] Verify complete
2017-04-26 19:24:58, Info                  CSI    00001625 [SR] Verifying 100 components
2017-04-26 19:24:58, Info                  CSI    00001626 [SR] Beginning Verify and Repair transaction
2017-04-26 19:25:00, Info                  CSI    0000168b [SR] Verify complete
2017-04-26 19:25:00, Info                  CSI    0000168c [SR] Verifying 100 components
2017-04-26 19:25:00, Info                  CSI    0000168d [SR] Beginning Verify and Repair transaction
2017-04-26 19:25:07, Info                  CSI    000016f4 [SR] Verify complete
2017-04-26 19:25:07, Info                  CSI    000016f5 [SR] Verifying 100 components
2017-04-26 19:25:07, Info                  CSI    000016f6 [SR] Beginning Verify and Repair transaction
2017-04-26 19:25:15, Info                  CSI    0000175d [SR] Verify complete
2017-04-26 19:25:15, Info                  CSI    0000175e [SR] Verifying 100 components
2017-04-26 19:25:15, Info                  CSI    0000175f [SR] Beginning Verify and Repair transaction
2017-04-26 19:25:22, Info                  CSI    00001805 [SR] Verify complete
2017-04-26 19:25:22, Info                  CSI    00001806 [SR] Verifying 100 components
2017-04-26 19:25:22, Info                  CSI    00001807 [SR] Beginning Verify and Repair transaction
2017-04-26 19:25:29, Info                  CSI    0000189d [SR] Verify complete
2017-04-26 19:25:29, Info                  CSI    0000189e [SR] Verifying 100 components
2017-04-26 19:25:29, Info                  CSI    0000189f [SR] Beginning Verify and Repair transaction
2017-04-26 19:25:35, Info                  CSI    0000193e [SR] Verify complete
2017-04-26 19:25:35, Info                  CSI    0000193f [SR] Verifying 100 components
2017-04-26 19:25:35, Info                  CSI    00001940 [SR] Beginning Verify and Repair transaction
2017-04-26 19:25:45, Info                  CSI    000019af [SR] Verify complete
2017-04-26 19:25:45, Info                  CSI    000019b0 [SR] Verifying 100 components
2017-04-26 19:25:45, Info                  CSI    000019b1 [SR] Beginning Verify and Repair transaction
2017-04-26 19:25:51, Info                  CSI    00001a23 [SR] Verify complete
2017-04-26 19:25:51, Info                  CSI    00001a24 [SR] Verifying 100 components
2017-04-26 19:25:51, Info                  CSI    00001a25 [SR] Beginning Verify and Repair transaction
2017-04-26 19:25:56, Info                  CSI    00001aa7 [SR] Verify complete
2017-04-26 19:25:56, Info                  CSI    00001aa8 [SR] Verifying 100 components
2017-04-26 19:25:56, Info                  CSI    00001aa9 [SR] Beginning Verify and Repair transaction
2017-04-26 19:26:00, Info                  CSI    00001b1e [SR] Verify complete
2017-04-26 19:26:00, Info                  CSI    00001b1f [SR] Verifying 100 components
2017-04-26 19:26:00, Info                  CSI    00001b20 [SR] Beginning Verify and Repair transaction
2017-04-26 19:26:05, Info                  CSI    00001b88 [SR] Verify complete
2017-04-26 19:26:05, Info                  CSI    00001b89 [SR] Verifying 100 components
2017-04-26 19:26:05, Info                  CSI    00001b8a [SR] Beginning Verify and Repair transaction
2017-04-26 19:26:10, Info                  CSI    00001bf0 [SR] Verify complete
2017-04-26 19:26:10, Info                  CSI    00001bf1 [SR] Verifying 100 components
2017-04-26 19:26:10, Info                  CSI    00001bf2 [SR] Beginning Verify and Repair transaction
2017-04-26 19:26:14, Info                  CSI    00001c5d [SR] Verify complete
2017-04-26 19:26:15, Info                  CSI    00001c5e [SR] Verifying 100 components
2017-04-26 19:26:15, Info                  CSI    00001c5f [SR] Beginning Verify and Repair transaction
2017-04-26 19:26:19, Info                  CSI    00001cd2 [SR] Verify complete
2017-04-26 19:26:19, Info                  CSI    00001cd3 [SR] Verifying 100 components
2017-04-26 19:26:19, Info                  CSI    00001cd4 [SR] Beginning Verify and Repair transaction
2017-04-26 19:26:26, Info                  CSI    00001d5f [SR] Verify complete
2017-04-26 19:26:26, Info                  CSI    00001d60 [SR] Verifying 100 components
2017-04-26 19:26:26, Info                  CSI    00001d61 [SR] Beginning Verify and Repair transaction
2017-04-26 19:26:34, Info                  CSI    00001e06 [SR] Verify complete
2017-04-26 19:26:34, Info                  CSI    00001e07 [SR] Verifying 100 components
2017-04-26 19:26:34, Info                  CSI    00001e08 [SR] Beginning Verify and Repair transaction
2017-04-26 19:26:47, Info                  CSI    00001ea1 [SR] Verify complete
2017-04-26 19:26:47, Info                  CSI    00001ea2 [SR] Verifying 100 components
2017-04-26 19:26:47, Info                  CSI    00001ea3 [SR] Beginning Verify and Repair transaction
2017-04-26 19:26:51, Info                  CSI    00001f15 [SR] Verify complete
2017-04-26 19:26:51, Info                  CSI    00001f16 [SR] Verifying 100 components
2017-04-26 19:26:51, Info                  CSI    00001f17 [SR] Beginning Verify and Repair transaction
2017-04-26 19:26:55, Info                  CSI    00001f83 [SR] Verify complete
2017-04-26 19:26:55, Info                  CSI    00001f84 [SR] Verifying 100 components
2017-04-26 19:26:55, Info                  CSI    00001f85 [SR] Beginning Verify and Repair transaction
2017-04-26 19:27:03, Info                  CSI    0000200c [SR] Verify complete
2017-04-26 19:27:03, Info                  CSI    0000200d [SR] Verifying 100 components
2017-04-26 19:27:03, Info                  CSI    0000200e [SR] Beginning Verify and Repair transaction
2017-04-26 19:27:07, Info                  CSI    00002077 [SR] Verify complete
2017-04-26 19:27:08, Info                  CSI    00002078 [SR] Verifying 100 components
2017-04-26 19:27:08, Info                  CSI    00002079 [SR] Beginning Verify and Repair transaction
2017-04-26 19:27:10, Info                  CSI    000020de [SR] Verify complete
2017-04-26 19:27:10, Info                  CSI    000020df [SR] Verifying 100 components
2017-04-26 19:27:10, Info                  CSI    000020e0 [SR] Beginning Verify and Repair transaction
2017-04-26 19:27:15, Info                  CSI    00002152 [SR] Verify complete
2017-04-26 19:27:15, Info                  CSI    00002153 [SR] Verifying 100 components
2017-04-26 19:27:15, Info                  CSI    00002154 [SR] Beginning Verify and Repair transaction
2017-04-26 19:27:23, Info                  CSI    000021cc [SR] Verify complete
2017-04-26 19:27:23, Info                  CSI    000021cd [SR] Verifying 100 components
2017-04-26 19:27:23, Info                  CSI    000021ce [SR] Beginning Verify and Repair transaction
2017-04-26 19:27:31, Info                  CSI    00002250 [SR] Verify complete
2017-04-26 19:27:31, Info                  CSI    00002251 [SR] Verifying 100 components
2017-04-26 19:27:31, Info                  CSI    00002252 [SR] Beginning Verify and Repair transaction
2017-04-26 19:27:36, Info                  CSI    000022bf [SR] Verify complete
2017-04-26 19:27:36, Info                  CSI    000022c0 [SR] Verifying 100 components
2017-04-26 19:27:36, Info                  CSI    000022c1 [SR] Beginning Verify and Repair transaction
2017-04-26 19:27:40, Info                  CSI    00002332 [SR] Verify complete
2017-04-26 19:27:41, Info                  CSI    00002333 [SR] Verifying 100 components
2017-04-26 19:27:41, Info                  CSI    00002334 [SR] Beginning Verify and Repair transaction
2017-04-26 19:27:47, Info                  CSI    000023cb [SR] Verify complete
2017-04-26 19:27:47, Info                  CSI    000023cc [SR] Verifying 100 components
2017-04-26 19:27:47, Info                  CSI    000023cd [SR] Beginning Verify and Repair transaction
2017-04-26 19:27:55, Info                  CSI    00002446 [SR] Verify complete
2017-04-26 19:27:55, Info                  CSI    00002447 [SR] Verifying 100 components
2017-04-26 19:27:55, Info                  CSI    00002448 [SR] Beginning Verify and Repair transaction
2017-04-26 19:28:02, Info                  CSI    000024d0 [SR] Verify complete
2017-04-26 19:28:02, Info                  CSI    000024d1 [SR] Verifying 100 components
2017-04-26 19:28:02, Info                  CSI    000024d2 [SR] Beginning Verify and Repair transaction
2017-04-26 19:28:05, Info                  CSI    00002537 [SR] Verify complete
2017-04-26 19:28:05, Info                  CSI    00002538 [SR] Verifying 100 components
2017-04-26 19:28:05, Info                  CSI    00002539 [SR] Beginning Verify and Repair transaction
2017-04-26 19:28:11, Info                  CSI    000025a4 [SR] Verify complete
2017-04-26 19:28:11, Info                  CSI    000025a5 [SR] Verifying 100 components
2017-04-26 19:28:11, Info                  CSI    000025a6 [SR] Beginning Verify and Repair transaction
2017-04-26 19:28:24, Info                  CSI    0000262e [SR] Verify complete
2017-04-26 19:28:24, Info                  CSI    0000262f [SR] Verifying 100 components
2017-04-26 19:28:24, Info                  CSI    00002630 [SR] Beginning Verify and Repair transaction
2017-04-26 19:28:30, Info                  CSI    000026ad [SR] Verify complete
2017-04-26 19:28:30, Info                  CSI    000026ae [SR] Verifying 100 components
2017-04-26 19:28:30, Info                  CSI    000026af [SR] Beginning Verify and Repair transaction
2017-04-26 19:28:35, Info                  CSI    00002720 [SR] Verify complete
2017-04-26 19:28:35, Info                  CSI    00002721 [SR] Verifying 100 components
2017-04-26 19:28:35, Info                  CSI    00002722 [SR] Beginning Verify and Repair transaction
2017-04-26 19:28:38, Info                  CSI    0000278b [SR] Verify complete
2017-04-26 19:28:38, Info                  CSI    0000278c [SR] Verifying 100 components
2017-04-26 19:28:38, Info                  CSI    0000278d [SR] Beginning Verify and Repair transaction
2017-04-26 19:28:42, Info                  CSI    00002802 [SR] Verify complete
2017-04-26 19:28:42, Info                  CSI    00002803 [SR] Verifying 100 components
2017-04-26 19:28:42, Info                  CSI    00002804 [SR] Beginning Verify and Repair transaction
2017-04-26 19:28:48, Info                  CSI    000028a0 [SR] Verify complete
2017-04-26 19:28:48, Info                  CSI    000028a1 [SR] Verifying 100 components
2017-04-26 19:28:48, Info                  CSI    000028a2 [SR] Beginning Verify and Repair transaction
2017-04-26 19:28:51, Info                  CSI    00002907 [SR] Verify complete
2017-04-26 19:28:51, Info                  CSI    00002908 [SR] Verifying 100 components
2017-04-26 19:28:51, Info                  CSI    00002909 [SR] Beginning Verify and Repair transaction
2017-04-26 19:28:55, Info                  CSI    00002974 [SR] Verify complete
2017-04-26 19:28:55, Info                  CSI    00002975 [SR] Verifying 100 components
2017-04-26 19:28:55, Info                  CSI    00002976 [SR] Beginning Verify and Repair transaction
2017-04-26 19:29:00, Info                  CSI    000029f0 [SR] Verify complete
2017-04-26 19:29:00, Info                  CSI    000029f1 [SR] Verifying 100 components
2017-04-26 19:29:00, Info                  CSI    000029f2 [SR] Beginning Verify and Repair transaction
2017-04-26 19:29:04, Info                  CSI    00002a67 [SR] Verify complete
2017-04-26 19:29:04, Info                  CSI    00002a68 [SR] Verifying 100 components
2017-04-26 19:29:04, Info                  CSI    00002a69 [SR] Beginning Verify and Repair transaction
2017-04-26 19:29:08, Info                  CSI    00002ad6 [SR] Verify complete
2017-04-26 19:29:08, Info                  CSI    00002ad7 [SR] Verifying 100 components
2017-04-26 19:29:08, Info                  CSI    00002ad8 [SR] Beginning Verify and Repair transaction
2017-04-26 19:29:15, Info                  CSI    00002b74 [SR] Verify complete
2017-04-26 19:29:15, Info                  CSI    00002b75 [SR] Verifying 100 components
2017-04-26 19:29:15, Info                  CSI    00002b76 [SR] Beginning Verify and Repair transaction
2017-04-26 19:29:36, Info                  CSI    00002c0b [SR] Verify complete
2017-04-26 19:29:36, Info                  CSI    00002c0c [SR] Verifying 100 components
2017-04-26 19:29:36, Info                  CSI    00002c0d [SR] Beginning Verify and Repair transaction
2017-04-26 19:29:41, Info                  CSI    00002c7c [SR] Verify complete
2017-04-26 19:29:41, Info                  CSI    00002c7d [SR] Verifying 100 components
2017-04-26 19:29:41, Info                  CSI    00002c7e [SR] Beginning Verify and Repair transaction
2017-04-26 19:29:45, Info                  CSI    00002ce6 [SR] Verify complete
2017-04-26 19:29:45, Info                  CSI    00002ce7 [SR] Verifying 100 components
2017-04-26 19:29:45, Info                  CSI    00002ce8 [SR] Beginning Verify and Repair transaction
2017-04-26 19:29:49, Info                  CSI    00002d53 [SR] Verify complete
2017-04-26 19:29:49, Info                  CSI    00002d54 [SR] Verifying 100 components
2017-04-26 19:29:49, Info                  CSI    00002d55 [SR] Beginning Verify and Repair transaction
2017-04-26 19:29:54, Info                  CSI    00002dc6 [SR] Verify complete
2017-04-26 19:29:54, Info                  CSI    00002dc7 [SR] Verifying 100 components
2017-04-26 19:29:54, Info                  CSI    00002dc8 [SR] Beginning Verify and Repair transaction
2017-04-26 19:29:58, Info                  CSI    00002e35 [SR] Verify complete
2017-04-26 19:29:58, Info                  CSI    00002e36 [SR] Verifying 100 components
2017-04-26 19:29:58, Info                  CSI    00002e37 [SR] Beginning Verify and Repair transaction
2017-04-26 19:30:02, Info                  CSI    00002ea6 [SR] Verify complete
2017-04-26 19:30:02, Info                  CSI    00002ea7 [SR] Verifying 100 components
2017-04-26 19:30:02, Info                  CSI    00002ea8 [SR] Beginning Verify and Repair transaction
2017-04-26 19:30:05, Info                  CSI    00002f0f [SR] Verify complete
2017-04-26 19:30:06, Info                  CSI    00002f10 [SR] Verifying 100 components
2017-04-26 19:30:06, Info                  CSI    00002f11 [SR] Beginning Verify and Repair transaction
2017-04-26 19:30:12, Info                  CSI    00002f8b [SR] Verify complete
2017-04-26 19:30:12, Info                  CSI    00002f8c [SR] Verifying 100 components
2017-04-26 19:30:12, Info                  CSI    00002f8d [SR] Beginning Verify and Repair transaction
2017-04-26 19:30:17, Info                  CSI    00003000 [SR] Verify complete
2017-04-26 19:30:17, Info                  CSI    00003001 [SR] Verifying 100 components
2017-04-26 19:30:17, Info                  CSI    00003002 [SR] Beginning Verify and Repair transaction
2017-04-26 19:30:23, Info                  CSI    00003071 [SR] Verify complete
2017-04-26 19:30:23, Info                  CSI    00003072 [SR] Verifying 100 components
2017-04-26 19:30:23, Info                  CSI    00003073 [SR] Beginning Verify and Repair transaction
2017-04-26 19:30:32, Info                  CSI    00003119 [SR] Verify complete
2017-04-26 19:30:32, Info                  CSI    0000311a [SR] Verifying 100 components
2017-04-26 19:30:32, Info                  CSI    0000311b [SR] Beginning Verify and Repair transaction
2017-04-26 19:30:42, Info                  CSI    0000319c [SR] Verify complete
2017-04-26 19:30:42, Info                  CSI    0000319d [SR] Verifying 100 components
2017-04-26 19:30:42, Info                  CSI    0000319e [SR] Beginning Verify and Repair transaction
2017-04-26 19:30:47, Info                  CSI    00003206 [SR] Verify complete
2017-04-26 19:30:48, Info                  CSI    00003207 [SR] Verifying 100 components
2017-04-26 19:30:48, Info                  CSI    00003208 [SR] Beginning Verify and Repair transaction
2017-04-26 19:30:53, Info                  CSI    0000327f [SR] Verify complete
2017-04-26 19:30:53, Info                  CSI    00003280 [SR] Verifying 100 components
2017-04-26 19:30:53, Info                  CSI    00003281 [SR] Beginning Verify and Repair transaction
2017-04-26 19:30:59, Info                  CSI    000032ef [SR] Verify complete
2017-04-26 19:30:59, Info                  CSI    000032f0 [SR] Verifying 100 components
2017-04-26 19:30:59, Info                  CSI    000032f1 [SR] Beginning Verify and Repair transaction
2017-04-26 19:31:05, Info                  CSI    00003361 [SR] Verify complete
2017-04-26 19:31:05, Info                  CSI    00003362 [SR] Verifying 100 components
2017-04-26 19:31:05, Info                  CSI    00003363 [SR] Beginning Verify and Repair transaction
2017-04-26 19:31:10, Info                  CSI    000033c9 [SR] Verify complete
2017-04-26 19:31:10, Info                  CSI    000033ca [SR] Verifying 100 components
2017-04-26 19:31:10, Info                  CSI    000033cb [SR] Beginning Verify and Repair transaction
2017-04-26 19:31:14, Info                  CSI    00003436 [SR] Verify complete
2017-04-26 19:31:14, Info                  CSI    00003437 [SR] Verifying 100 components
2017-04-26 19:31:14, Info                  CSI    00003438 [SR] Beginning Verify and Repair transaction
2017-04-26 19:31:22, Info                  CSI    000034b1 [SR] Verify complete
2017-04-26 19:31:22, Info                  CSI    000034b2 [SR] Verifying 100 components
2017-04-26 19:31:22, Info                  CSI    000034b3 [SR] Beginning Verify and Repair transaction
2017-04-26 19:31:27, Info                  CSI    00003529 [SR] Verify complete
2017-04-26 19:31:27, Info                  CSI    0000352a [SR] Verifying 100 components
2017-04-26 19:31:27, Info                  CSI    0000352b [SR] Beginning Verify and Repair transaction
2017-04-26 19:31:32, Info                  CSI    000035a0 [SR] Verify complete
2017-04-26 19:31:32, Info                  CSI    000035a1 [SR] Verifying 100 components
2017-04-26 19:31:32, Info                  CSI    000035a2 [SR] Beginning Verify and Repair transaction
2017-04-26 19:31:35, Info                  CSI    00003612 [SR] Verify complete
2017-04-26 19:31:36, Info                  CSI    00003613 [SR] Verifying 100 components
2017-04-26 19:31:36, Info                  CSI    00003614 [SR] Beginning Verify and Repair transaction
2017-04-26 19:31:40, Info                  CSI    00003688 [SR] Verify complete
2017-04-26 19:31:40, Info                  CSI    00003689 [SR] Verifying 100 components
2017-04-26 19:31:40, Info                  CSI    0000368a [SR] Beginning Verify and Repair transaction
2017-04-26 19:31:47, Info                  CSI    000036f4 [SR] Verify complete
2017-04-26 19:31:47, Info                  CSI    000036f5 [SR] Verifying 100 components
2017-04-26 19:31:47, Info                  CSI    000036f6 [SR] Beginning Verify and Repair transaction
2017-04-26 19:31:52, Info                  CSI    0000375b [SR] Verify complete
2017-04-26 19:31:52, Info                  CSI    0000375c [SR] Verifying 100 components
2017-04-26 19:31:52, Info                  CSI    0000375d [SR] Beginning Verify and Repair transaction
2017-04-26 19:31:59, Info                  CSI    000037ce [SR] Verify complete
2017-04-26 19:31:59, Info                  CSI    000037cf [SR] Verifying 100 components
2017-04-26 19:31:59, Info                  CSI    000037d0 [SR] Beginning Verify and Repair transaction
2017-04-26 19:32:11, Info                  CSI    000038eb [SR] Verify complete
2017-04-26 19:32:11, Info                  CSI    000038ec [SR] Verifying 100 components
2017-04-26 19:32:11, Info                  CSI    000038ed [SR] Beginning Verify and Repair transaction
2017-04-26 19:32:16, Info                  CSI    00003956 [SR] Verify complete
2017-04-26 19:32:16, Info                  CSI    00003957 [SR] Verifying 100 components
2017-04-26 19:32:16, Info                  CSI    00003958 [SR] Beginning Verify and Repair transaction
2017-04-26 19:32:22, Info                  CSI    000039da [SR] Verify complete
2017-04-26 19:32:23, Info                  CSI    000039db [SR] Verifying 100 components
2017-04-26 19:32:23, Info                  CSI    000039dc [SR] Beginning Verify and Repair transaction
2017-04-26 19:32:25, Info                  CSI    00003a41 [SR] Verify complete
2017-04-26 19:32:26, Info                  CSI    00003a42 [SR] Verifying 100 components
2017-04-26 19:32:26, Info                  CSI    00003a43 [SR] Beginning Verify and Repair transaction
2017-04-26 19:32:31, Info                  CSI    00003aa8 [SR] Verify complete
2017-04-26 19:32:31, Info                  CSI    00003aa9 [SR] Verifying 100 components
2017-04-26 19:32:31, Info                  CSI    00003aaa [SR] Beginning Verify and Repair transaction
2017-04-26 19:32:36, Info                  CSI    00003b11 [SR] Verify complete
2017-04-26 19:32:37, Info                  CSI    00003b12 [SR] Verifying 100 components
2017-04-26 19:32:37, Info                  CSI    00003b13 [SR] Beginning Verify and Repair transaction
2017-04-26 19:32:42, Info                  CSI    00003b78 [SR] Verify complete
2017-04-26 19:32:42, Info                  CSI    00003b79 [SR] Verifying 100 components
2017-04-26 19:32:42, Info                  CSI    00003b7a [SR] Beginning Verify and Repair transaction
2017-04-26 19:32:48, Info                  CSI    00003be0 [SR] Verify complete
2017-04-26 19:32:48, Info                  CSI    00003be1 [SR] Verifying 100 components
2017-04-26 19:32:48, Info                  CSI    00003be2 [SR] Beginning Verify and Repair transaction
2017-04-26 19:32:52, Info                  CSI    00003c47 [SR] Verify complete
2017-04-26 19:32:52, Info                  CSI    00003c48 [SR] Verifying 100 components
2017-04-26 19:32:52, Info                  CSI    00003c49 [SR] Beginning Verify and Repair transaction
2017-04-26 19:32:57, Info                  CSI    00003caf [SR] Verify complete
2017-04-26 19:32:57, Info                  CSI    00003cb0 [SR] Verifying 100 components
2017-04-26 19:32:57, Info                  CSI    00003cb1 [SR] Beginning Verify and Repair transaction
2017-04-26 19:33:01, Info                  CSI    00003d16 [SR] Verify complete
2017-04-26 19:33:01, Info                  CSI    00003d17 [SR] Verifying 100 components
2017-04-26 19:33:01, Info                  CSI    00003d18 [SR] Beginning Verify and Repair transaction
2017-04-26 19:33:04, Info                  CSI    00003d7d [SR] Verify complete
2017-04-26 19:33:04, Info                  CSI    00003d7e [SR] Verifying 100 components
2017-04-26 19:33:04, Info                  CSI    00003d7f [SR] Beginning Verify and Repair transaction
2017-04-26 19:33:09, Info                  CSI    00003de6 [SR] Verify complete
2017-04-26 19:33:09, Info                  CSI    00003de7 [SR] Verifying 100 components
2017-04-26 19:33:09, Info                  CSI    00003de8 [SR] Beginning Verify and Repair transaction
2017-04-26 19:33:14, Info                  CSI    00003e73 [SR] Verify complete
2017-04-26 19:33:14, Info                  CSI    00003e74 [SR] Verifying 100 components
2017-04-26 19:33:14, Info                  CSI    00003e75 [SR] Beginning Verify and Repair transaction
2017-04-26 19:33:18, Info                  CSI    00003eda [SR] Verify complete
2017-04-26 19:33:18, Info                  CSI    00003edb [SR] Verifying 100 components
2017-04-26 19:33:18, Info                  CSI    00003edc [SR] Beginning Verify and Repair transaction
2017-04-26 19:33:26, Info                  CSI    00003f49 [SR] Verify complete
2017-04-26 19:33:26, Info                  CSI    00003f4a [SR] Verifying 100 components
2017-04-26 19:33:26, Info                  CSI    00003f4b [SR] Beginning Verify and Repair transaction
2017-04-26 19:33:38, Info                  CSI    00003fb0 [SR] Verify complete
2017-04-26 19:33:38, Info                  CSI    00003fb1 [SR] Verifying 100 components
2017-04-26 19:33:38, Info                  CSI    00003fb2 [SR] Beginning Verify and Repair transaction
2017-04-26 19:33:44, Info                  CSI    00004017 [SR] Verify complete
2017-04-26 19:33:44, Info                  CSI    00004018 [SR] Verifying 100 components
2017-04-26 19:33:44, Info                  CSI    00004019 [SR] Beginning Verify and Repair transaction
2017-04-26 19:33:49, Info                  CSI    0000407f [SR] Verify complete
2017-04-26 19:33:49, Info                  CSI    00004080 [SR] Verifying 100 components
2017-04-26 19:33:49, Info                  CSI    00004081 [SR] Beginning Verify and Repair transaction
2017-04-26 19:33:52, Info                  CSI    000040e6 [SR] Verify complete
2017-04-26 19:33:52, Info                  CSI    000040e7 [SR] Verifying 100 components
2017-04-26 19:33:52, Info                  CSI    000040e8 [SR] Beginning Verify and Repair transaction
2017-04-26 19:34:03, Info                  CSI    0000414f [SR] Verify complete
2017-04-26 19:34:03, Info                  CSI    00004150 [SR] Verifying 100 components
2017-04-26 19:34:03, Info                  CSI    00004151 [SR] Beginning Verify and Repair transaction
2017-04-26 19:34:09, Info                  CSI    000041bd [SR] Verify complete
2017-04-26 19:34:09, Info                  CSI    000041be [SR] Verifying 100 components
2017-04-26 19:34:09, Info                  CSI    000041bf [SR] Beginning Verify and Repair transaction
2017-04-26 19:34:15, Info                  CSI    00004224 [SR] Verify complete
2017-04-26 19:34:15, Info                  CSI    00004225 [SR] Verifying 100 components
2017-04-26 19:34:15, Info                  CSI    00004226 [SR] Beginning Verify and Repair transaction
2017-04-26 19:34:19, Info                  CSI    0000428b [SR] Verify complete
2017-04-26 19:34:19, Info                  CSI    0000428c [SR] Verifying 100 components
2017-04-26 19:34:19, Info                  CSI    0000428d [SR] Beginning Verify and Repair transaction
2017-04-26 19:34:23, Info                  CSI    000042fc [SR] Verify complete
2017-04-26 19:34:23, Info                  CSI    000042fd [SR] Verifying 100 components
2017-04-26 19:34:23, Info                  CSI    000042fe [SR] Beginning Verify and Repair transaction
2017-04-26 19:34:31, Info                  CSI    00004379 [SR] Verify complete
2017-04-26 19:34:31, Info                  CSI    0000437a [SR] Verifying 100 components
2017-04-26 19:34:31, Info                  CSI    0000437b [SR] Beginning Verify and Repair transaction
2017-04-26 19:34:38, Info                  CSI    000043e0 [SR] Verify complete
2017-04-26 19:34:38, Info                  CSI    000043e1 [SR] Verifying 100 components
2017-04-26 19:34:38, Info                  CSI    000043e2 [SR] Beginning Verify and Repair transaction
2017-04-26 19:34:45, Info                  CSI    00004447 [SR] Verify complete
2017-04-26 19:34:45, Info                  CSI    00004448 [SR] Verifying 100 components
2017-04-26 19:34:45, Info                  CSI    00004449 [SR] Beginning Verify and Repair transaction
2017-04-26 19:34:52, Info                  CSI    000044ae [SR] Verify complete
2017-04-26 19:34:53, Info                  CSI    000044af [SR] Verifying 100 components
2017-04-26 19:34:53, Info                  CSI    000044b0 [SR] Beginning Verify and Repair transaction
2017-04-26 19:35:01, Info                  CSI    00004515 [SR] Verify complete
2017-04-26 19:35:02, Info                  CSI    00004516 [SR] Verifying 100 components
2017-04-26 19:35:02, Info                  CSI    00004517 [SR] Beginning Verify and Repair transaction
2017-04-26 19:35:09, Info                  CSI    0000457f [SR] Verify complete
2017-04-26 19:35:09, Info                  CSI    00004580 [SR] Verifying 100 components
2017-04-26 19:35:09, Info                  CSI    00004581 [SR] Beginning Verify and Repair transaction
2017-04-26 19:35:15, Info                  CSI    000045f4 [SR] Verify complete
2017-04-26 19:35:16, Info                  CSI    000045f5 [SR] Verifying 100 components
2017-04-26 19:35:16, Info                  CSI    000045f6 [SR] Beginning Verify and Repair transaction
2017-04-26 19:35:20, Info                  CSI    00004661 [SR] Verify complete
2017-04-26 19:35:20, Info                  CSI    00004662 [SR] Verifying 100 components
2017-04-26 19:35:20, Info                  CSI    00004663 [SR] Beginning Verify and Repair transaction
2017-04-26 19:35:26, Info                  CSI    000046dd [SR] Verify complete
2017-04-26 19:35:26, Info                  CSI    000046de [SR] Verifying 100 components
2017-04-26 19:35:26, Info                  CSI    000046df [SR] Beginning Verify and Repair transaction
2017-04-26 19:35:32, Info                  CSI    0000474f [SR] Verify complete
2017-04-26 19:35:32, Info                  CSI    00004750 [SR] Verifying 100 components
2017-04-26 19:35:32, Info                  CSI    00004751 [SR] Beginning Verify and Repair transaction
2017-04-26 19:35:39, Info                  CSI    000047c1 [SR] Verify complete
2017-04-26 19:35:39, Info                  CSI    000047c2 [SR] Verifying 100 components
2017-04-26 19:35:39, Info                  CSI    000047c3 [SR] Beginning Verify and Repair transaction
2017-04-26 19:35:46, Info                  CSI    0000483a [SR] Verify complete
2017-04-26 19:35:46, Info                  CSI    0000483b [SR] Verifying 100 components
2017-04-26 19:35:46, Info                  CSI    0000483c [SR] Beginning Verify and Repair transaction
2017-04-26 19:35:50, Info                  CSI    000048a2 [SR] Verify complete
2017-04-26 19:35:50, Info                  CSI    000048a3 [SR] Verifying 100 components
2017-04-26 19:35:50, Info                  CSI    000048a4 [SR] Beginning Verify and Repair transaction
2017-04-26 19:35:52, Info                  CSI    00004909 [SR] Verify complete
2017-04-26 19:35:53, Info                  CSI    0000490a [SR] Verifying 100 components
2017-04-26 19:35:53, Info                  CSI    0000490b [SR] Beginning Verify and Repair transaction
2017-04-26 19:36:00, Info                  CSI    00004983 [SR] Verify complete
2017-04-26 19:36:00, Info                  CSI    00004984 [SR] Verifying 100 components
2017-04-26 19:36:00, Info                  CSI    00004985 [SR] Beginning Verify and Repair transaction
2017-04-26 19:36:07, Info                  CSI    00004a1a [SR] Verify complete
2017-04-26 19:36:08, Info                  CSI    00004a1b [SR] Verifying 100 components
2017-04-26 19:36:08, Info                  CSI    00004a1c [SR] Beginning Verify and Repair transaction
2017-04-26 19:36:16, Info                  CSI    00004a86 [SR] Verify complete
2017-04-26 19:36:16, Info                  CSI    00004a87 [SR] Verifying 100 components
2017-04-26 19:36:16, Info                  CSI    00004a88 [SR] Beginning Verify and Repair transaction
2017-04-26 19:36:24, Info                  CSI    00004b13 [SR] Verify complete
2017-04-26 19:36:24, Info                  CSI    00004b14 [SR] Verifying 100 components
2017-04-26 19:36:24, Info                  CSI    00004b15 [SR] Beginning Verify and Repair transaction
2017-04-26 19:36:31, Info                  CSI    00004b97 [SR] Verify complete
2017-04-26 19:36:31, Info                  CSI    00004b98 [SR] Verifying 100 components
2017-04-26 19:36:31, Info                  CSI    00004b99 [SR] Beginning Verify and Repair transaction
2017-04-26 19:36:36, Info                  CSI    00004c0b [SR] Verify complete
2017-04-26 19:36:36, Info                  CSI    00004c0c [SR] Verifying 100 components
2017-04-26 19:36:36, Info                  CSI    00004c0d [SR] Beginning Verify and Repair transaction
2017-04-26 19:36:42, Info                  CSI    00004c7f [SR] Verify complete
2017-04-26 19:36:42, Info                  CSI    00004c80 [SR] Verifying 100 components
2017-04-26 19:36:42, Info                  CSI    00004c81 [SR] Beginning Verify and Repair transaction
2017-04-26 19:36:48, Info                  CSI    00004cf2 [SR] Verify complete
2017-04-26 19:36:48, Info                  CSI    00004cf3 [SR] Verifying 100 components
2017-04-26 19:36:48, Info                  CSI    00004cf4 [SR] Beginning Verify and Repair transaction
2017-04-26 19:36:55, Info                  CSI    00004d5a [SR] Verify complete
2017-04-26 19:36:55, Info                  CSI    00004d5b [SR] Verifying 100 components
2017-04-26 19:36:55, Info                  CSI    00004d5c [SR] Beginning Verify and Repair transaction
2017-04-26 19:37:02, Info                  CSI    00004dd8 [SR] Verify complete
2017-04-26 19:37:02, Info                  CSI    00004dd9 [SR] Verifying 100 components
2017-04-26 19:37:02, Info                  CSI    00004dda [SR] Beginning Verify and Repair transaction
2017-04-26 19:37:10, Info                  CSI    00004e4f [SR] Verify complete
2017-04-26 19:37:10, Info                  CSI    00004e50 [SR] Verifying 100 components
2017-04-26 19:37:10, Info                  CSI    00004e51 [SR] Beginning Verify and Repair transaction
2017-04-26 19:37:16, Info                  CSI    00004ecb [SR] Verify complete
2017-04-26 19:37:16, Info                  CSI    00004ecc [SR] Verifying 100 components
2017-04-26 19:37:16, Info                  CSI    00004ecd [SR] Beginning Verify and Repair transaction
2017-04-26 19:37:22, Info                  CSI    00004f38 [SR] Verify complete
2017-04-26 19:37:23, Info                  CSI    00004f39 [SR] Verifying 100 components
2017-04-26 19:37:23, Info                  CSI    00004f3a [SR] Beginning Verify and Repair transaction
2017-04-26 19:37:34, Info                  CSI    0000503d [SR] Verify complete
2017-04-26 19:37:34, Info                  CSI    0000503e [SR] Verifying 100 components
2017-04-26 19:37:34, Info                  CSI    0000503f [SR] Beginning Verify and Repair transaction
2017-04-26 19:37:40, Info                  CSI    000050ea [SR] Verify complete
2017-04-26 19:37:40, Info                  CSI    000050eb [SR] Verifying 100 components
2017-04-26 19:37:40, Info                  CSI    000050ec [SR] Beginning Verify and Repair transaction
2017-04-26 19:37:46, Info                  CSI    00005154 [SR] Verify complete
2017-04-26 19:37:46, Info                  CSI    00005155 [SR] Verifying 100 components
2017-04-26 19:37:46, Info                  CSI    00005156 [SR] Beginning Verify and Repair transaction
2017-04-26 19:37:51, Info                  CSI    000051bf [SR] Verify complete
2017-04-26 19:37:51, Info                  CSI    000051c0 [SR] Verifying 100 components
2017-04-26 19:37:51, Info                  CSI    000051c1 [SR] Beginning Verify and Repair transaction
2017-04-26 19:37:57, Info                  CSI    00005243 [SR] Verify complete
2017-04-26 19:37:57, Info                  CSI    00005244 [SR] Verifying 100 components
2017-04-26 19:37:57, Info                  CSI    00005245 [SR] Beginning Verify and Repair transaction
2017-04-26 19:38:03, Info                  CSI    000052da [SR] Verify complete
2017-04-26 19:38:04, Info                  CSI    000052db [SR] Verifying 100 components
2017-04-26 19:38:04, Info                  CSI    000052dc [SR] Beginning Verify and Repair transaction
2017-04-26 19:38:09, Info                  CSI    00005345 [SR] Verify complete
2017-04-26 19:38:09, Info                  CSI    00005346 [SR] Verifying 100 components
2017-04-26 19:38:09, Info                  CSI    00005347 [SR] Beginning Verify and Repair transaction
2017-04-26 19:38:14, Info                  CSI    000053b6 [SR] Verify complete
2017-04-26 19:38:14, Info                  CSI    000053b7 [SR] Verifying 100 components
2017-04-26 19:38:14, Info                  CSI    000053b8 [SR] Beginning Verify and Repair transaction
2017-04-26 19:38:19, Info                  CSI    00005430 [SR] Verify complete
2017-04-26 19:38:19, Info                  CSI    00005431 [SR] Verifying 100 components
2017-04-26 19:38:19, Info                  CSI    00005432 [SR] Beginning Verify and Repair transaction
2017-04-26 19:38:26, Info                  CSI    000054b9 [SR] Verify complete
2017-04-26 19:38:26, Info                  CSI    000054ba [SR] Verifying 100 components
2017-04-26 19:38:26, Info                  CSI    000054bb [SR] Beginning Verify and Repair transaction
2017-04-26 19:38:34, Info                  CSI    00005532 [SR] Verify complete
2017-04-26 19:38:34, Info                  CSI    00005533 [SR] Verifying 100 components
2017-04-26 19:38:34, Info                  CSI    00005534 [SR] Beginning Verify and Repair transaction
2017-04-26 19:38:40, Info                  CSI    000055a8 [SR] Verify complete
2017-04-26 19:38:40, Info                  CSI    000055a9 [SR] Verifying 100 components
2017-04-26 19:38:40, Info                  CSI    000055aa [SR] Beginning Verify and Repair transaction
2017-04-26 19:38:44, Info                  CSI    00005616 [SR] Verify complete
2017-04-26 19:38:44, Info                  CSI    00005617 [SR] Verifying 100 components
2017-04-26 19:38:44, Info                  CSI    00005618 [SR] Beginning Verify and Repair transaction
2017-04-26 19:38:49, Info                  CSI    00005680 [SR] Verify complete
2017-04-26 19:38:49, Info                  CSI    00005681 [SR] Verifying 100 components
2017-04-26 19:38:49, Info                  CSI    00005682 [SR] Beginning Verify and Repair transaction
2017-04-26 19:38:54, Info                  CSI    000056eb [SR] Verify complete
2017-04-26 19:38:54, Info                  CSI    000056ec [SR] Verifying 100 components
2017-04-26 19:38:54, Info                  CSI    000056ed [SR] Beginning Verify and Repair transaction
2017-04-26 19:38:59, Info                  CSI    0000577e [SR] Verify complete
2017-04-26 19:38:59, Info                  CSI    0000577f [SR] Verifying 100 components
2017-04-26 19:38:59, Info                  CSI    00005780 [SR] Beginning Verify and Repair transaction
2017-04-26 19:39:03, Info                  CSI    000057e7 [SR] Verify complete
2017-04-26 19:39:03, Info                  CSI    000057e8 [SR] Verifying 100 components
2017-04-26 19:39:03, Info                  CSI    000057e9 [SR] Beginning Verify and Repair transaction
2017-04-26 19:39:07, Info                  CSI    00005852 [SR] Verify complete
2017-04-26 19:39:07, Info                  CSI    00005853 [SR] Verifying 100 components
2017-04-26 19:39:07, Info                  CSI    00005854 [SR] Beginning Verify and Repair transaction
2017-04-26 19:39:12, Info                  CSI    000058bb [SR] Verify complete
2017-04-26 19:39:12, Info                  CSI    000058bc [SR] Verifying 100 components
2017-04-26 19:39:12, Info                  CSI    000058bd [SR] Beginning Verify and Repair transaction
2017-04-26 19:39:17, Info                  CSI    0000592a [SR] Verify complete
2017-04-26 19:39:17, Info                  CSI    0000592b [SR] Verifying 100 components
2017-04-26 19:39:17, Info                  CSI    0000592c [SR] Beginning Verify and Repair transaction
2017-04-26 19:39:22, Info                  CSI    00005994 [SR] Verify complete
2017-04-26 19:39:22, Info                  CSI    00005995 [SR] Verifying 100 components
2017-04-26 19:39:22, Info                  CSI    00005996 [SR] Beginning Verify and Repair transaction
2017-04-26 19:39:26, Info                  CSI    000059fe [SR] Verify complete
2017-04-26 19:39:26, Info                  CSI    000059ff [SR] Verifying 100 components
2017-04-26 19:39:26, Info                  CSI    00005a00 [SR] Beginning Verify and Repair transaction
2017-04-26 19:39:30, Info                  CSI    00005a69 [SR] Verify complete
2017-04-26 19:39:30, Info                  CSI    00005a6a [SR] Verifying 100 components
2017-04-26 19:39:30, Info                  CSI    00005a6b [SR] Beginning Verify and Repair transaction
2017-04-26 19:39:37, Info                  CSI    00005ae0 [SR] Verify complete
2017-04-26 19:39:37, Info                  CSI    00005ae1 [SR] Verifying 100 components
2017-04-26 19:39:37, Info                  CSI    00005ae2 [SR] Beginning Verify and Repair transaction
2017-04-26 19:39:41, Info                  CSI    00005b49 [SR] Verify complete
2017-04-26 19:39:41, Info                  CSI    00005b4a [SR] Verifying 100 components
2017-04-26 19:39:41, Info                  CSI    00005b4b [SR] Beginning Verify and Repair transaction
2017-04-26 19:39:48, Info                  CSI    00005bb1 [SR] Verify complete
2017-04-26 19:39:48, Info                  CSI    00005bb2 [SR] Verifying 100 components
2017-04-26 19:39:48, Info                  CSI    00005bb3 [SR] Beginning Verify and Repair transaction
2017-04-26 19:39:53, Info                  CSI    00005c18 [SR] Verify complete
2017-04-26 19:39:53, Info                  CSI    00005c19 [SR] Verifying 100 components
2017-04-26 19:39:53, Info                  CSI    00005c1a [SR] Beginning Verify and Repair transaction
2017-04-26 19:39:59, Info                  CSI    00005c7f [SR] Verify complete
2017-04-26 19:39:59, Info                  CSI    00005c80 [SR] Verifying 100 components
2017-04-26 19:39:59, Info                  CSI    00005c81 [SR] Beginning Verify and Repair transaction
2017-04-26 19:40:03, Info                  CSI    00005ce7 [SR] Verify complete
2017-04-26 19:40:03, Info                  CSI    00005ce8 [SR] Verifying 100 components
2017-04-26 19:40:03, Info                  CSI    00005ce9 [SR] Beginning Verify and Repair transaction
2017-04-26 19:40:07, Info                  CSI    00005d4f [SR] Verify complete
2017-04-26 19:40:07, Info                  CSI    00005d50 [SR] Verifying 100 components
2017-04-26 19:40:07, Info                  CSI    00005d51 [SR] Beginning Verify and Repair transaction
2017-04-26 19:40:15, Info                  CSI    00005db6 [SR] Verify complete
2017-04-26 19:40:15, Info                  CSI    00005db7 [SR] Verifying 33 components
2017-04-26 19:40:15, Info                  CSI    00005db8 [SR] Beginning Verify and Repair transaction
2017-04-26 19:40:16, Info                  CSI    00005dda [SR] Verify complete
2017-04-26 19:40:16, Info                  CSI    00005ddb [SR] Repairing 0 components
2017-04-26 19:40:16, Info                  CSI    00005ddc [SR] Beginning Verify and Repair transaction
2017-04-26 19:40:16, Info                  CSI    00005ddd [SR] Repair complete

 

View log for system.

 

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 27/04/2017 11:04:25

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 26/04/2017 16:51:22
Type: Critical Category: 173
Event: 142 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error is caused because the system stopped responding and the hardware watchdog triggered a system reset.

Log: 'System' Date/Time: 27/03/2017 11:44:29
Type: Critical Category: 173
Event: 142 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error is caused because the system stopped responding and the hardware watchdog triggered a system reset.

Log: 'System' Date/Time: 27/03/2017 11:44:29
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 16/01/2017 16:11:45
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 05/10/2016 19:23:55
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 27/04/2017 06:14:08
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 27/04/2017 06:12:33
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {8D8F4F83-3594-4F07-8369-FC3C3CAE4919}  and APPID  {F72671A9-012C-4725-9D2F-2A4D32D65169}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 26/04/2017 19:03:39
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 26/04/2017 18:54:41
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {8D8F4F83-3594-4F07-8369-FC3C3CAE4919}  and APPID  {F72671A9-012C-4725-9D2F-2A4D32D65169}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 26/04/2017 18:53:17
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 26/04/2017 18:11:33
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {8D8F4F83-3594-4F07-8369-FC3C3CAE4919}  and APPID  {F72671A9-012C-4725-9D2F-2A4D32D65169}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 26/04/2017 17:05:08
Type: Error Category: 0
Event: 55 Source: Ntfs
A corruption was discovered in the file system structure on volume C:.  A corruption was found in a file system index structure.  The file reference number is 0x9000000000009.  The name of the file is "<unable to determine file name>".  The corrupted index attribute is ":$SDH:$INDEX_ALLOCATION".

Log: 'System' Date/Time: 26/04/2017 17:04:57
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 26/04/2017 17:03:40
Type: Error Category: 0
Event: 55 Source: Ntfs
A corruption was discovered in the file system structure on volume C:.  A corruption was found in a file system index structure.  The file reference number is 0x9000000000009.  The name of the file is "<unable to determine file name>".  The corrupted index attribute is ":$SDH:$INDEX_ALLOCATION".

Log: 'System' Date/Time: 26/04/2017 17:03:40
Type: Error Category: 0
Event: 55 Source: Ntfs
A corruption was discovered in the file system structure on volume ??.  A corruption was found in a file system index structure.  The file reference number is 0x9000000000009.  The name of the file is "<unable to determine file name>".  The corrupted index attribute is ":$SII:$INDEX_ALLOCATION".

Log: 'System' Date/Time: 26/04/2017 17:03:39
Type: Error Category: 0
Event: 55 Source: Ntfs
A corruption was discovered in the file system structure on volume ??.  A corruption was found in a file system index structure.  The file reference number is 0x9000000000009.  The name of the file is "<unable to determine file name>".  The corrupted index attribute is ":$SII:$INDEX_ALLOCATION".

Log: 'System' Date/Time: 26/04/2017 17:03:38
Type: Error Category: 0
Event: 55 Source: Ntfs
A corruption was discovered in the file system structure on volume ??.  A corruption was found in a file system index structure.  The file reference number is 0x9000000000009.  The name of the file is "<unable to determine file name>".  The corrupted index attribute is ":$SII:$INDEX_ALLOCATION".

Log: 'System' Date/Time: 26/04/2017 17:03:38
Type: Error Category: 0
Event: 55 Source: Ntfs
A corruption was discovered in the file system structure on volume ??.  A corruption was found in a file system index structure.  The file reference number is 0x9000000000009.  The name of the file is "<unable to determine file name>".  The corrupted index attribute is ":$SII:$INDEX_ALLOCATION".

Log: 'System' Date/Time: 26/04/2017 17:03:37
Type: Error Category: 0
Event: 55 Source: Ntfs
A corruption was discovered in the file system structure on volume ??.  A corruption was found in a file system index structure.  The file reference number is 0x9000000000009.  The name of the file is "<unable to determine file name>".  The corrupted index attribute is ":$SII:$INDEX_ALLOCATION".

Log: 'System' Date/Time: 26/04/2017 17:03:36
Type: Error Category: 0
Event: 55 Source: Ntfs
A corruption was discovered in the file system structure on volume ??.  A corruption was found in a file system index structure.  The file reference number is 0x9000000000009.  The name of the file is "<unable to determine file name>".  The corrupted index attribute is ":$SII:$INDEX_ALLOCATION".

Log: 'System' Date/Time: 26/04/2017 17:03:36
Type: Error Category: 0
Event: 55 Source: Ntfs
A corruption was discovered in the file system structure on volume ??.  A corruption was found in a file system index structure.  The file reference number is 0x9000000000009.  The name of the file is "<unable to determine file name>".  The corrupted index attribute is ":$SII:$INDEX_ALLOCATION".

Log: 'System' Date/Time: 26/04/2017 17:03:35
Type: Error Category: 0
Event: 55 Source: Ntfs
A corruption was discovered in the file system structure on volume ??.  A corruption was found in a file system index structure.  The file reference number is 0x9000000000009.  The name of the file is "<unable to determine file name>".  The corrupted index attribute is ":$SII:$INDEX_ALLOCATION".

Log: 'System' Date/Time: 26/04/2017 17:03:34
Type: Error Category: 0
Event: 55 Source: Ntfs
A corruption was discovered in the file system structure on volume ??.  A corruption was found in a file system index structure.  The file reference number is 0x9000000000009.  The name of the file is "<unable to determine file name>".  The corrupted index attribute is ":$SII:$INDEX_ALLOCATION".

Log: 'System' Date/Time: 26/04/2017 17:03:34
Type: Error Category: 0
Event: 55 Source: Ntfs
A corruption was discovered in the file system structure on volume ??.  A corruption was found in a file system index structure.  The file reference number is 0x9000000000009.  The name of the file is "<unable to determine file name>".  The corrupted index attribute is ":$SII:$INDEX_ALLOCATION".

Log: 'System' Date/Time: 26/04/2017 17:03:30
Type: Error Category: 0
Event: 55 Source: Ntfs
A corruption was discovered in the file system structure on volume ??.  A corruption was found in a file system index structure.  The file reference number is 0x9000000000009.  The name of the file is "<unable to determine file name>".  The corrupted index attribute is ":$SII:$INDEX_ALLOCATION".

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 26/04/2017 23:50:20
Type: Warning Category: 0
Event: 4 Source: Microsoft-Windows-FilterManager
File System Filter 'wcifs' (Version 10.0, ?2016?-?09?-?15T17:42:03.000000000Z) failed to attach to volume '\Device\HarddiskVolumeShadowCopy1'.  The filter returned a non-standard final status of 0xC000000D.  This filter and/or its supporting applications should handle this condition.  If this condition persists, contact the vendor.

Log: 'System' Date/Time: 26/04/2017 23:50:16
Type: Warning Category: 0
Event: 4 Source: Microsoft-Windows-FilterManager
File System Filter 'wcifs' (Version 10.0, ?2016?-?09?-?15T17:42:03.000000000Z) failed to attach to volume '\Device\HarddiskVolumeShadowCopy1'.  The filter returned a non-standard final status of 0xC000000D.  This filter and/or its supporting applications should handle this condition.  If this condition persists, contact the vendor.

Log: 'System' Date/Time: 26/04/2017 23:50:13
Type: Warning Category: 0
Event: 4 Source: Microsoft-Windows-FilterManager
File System Filter 'wcifs' (Version 10.0, ?2016?-?09?-?15T17:42:03.000000000Z) failed to attach to volume '\Device\HarddiskVolumeShadowCopy1'.  The filter returned a non-standard final status of 0xC000000D.  This filter and/or its supporting applications should handle this condition.  If this condition persists, contact the vendor.

Log: 'System' Date/Time: 26/04/2017 22:38:53
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address B8-76-3F-49-E1-08 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv6 0x00000000).

Log: 'System' Date/Time: 26/04/2017 22:38:53
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address B8-76-3F-49-E1-08 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv4 0x00000000).

Log: 'System' Date/Time: 26/04/2017 18:54:24
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address B8-76-3F-49-E1-08 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv6 0x00000000).

Log: 'System' Date/Time: 26/04/2017 18:54:24
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address B8-76-3F-49-E1-08 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv4 0x00000000).

Log: 'System' Date/Time: 26/04/2017 18:53:30
Type: Warning Category: 0
Event: 16393 Source: Microsoft-Windows-Bits-Client
BITS has encountered an error communicating with an Internet Gateway Device.  Please check that the device is functioning properly. BITS will not attempt to use this device until the next system reboot. Error code: 0x800706D9.

Log: 'System' Date/Time: 26/04/2017 18:10:50
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address B8-76-3F-49-E1-08 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv4 0x00000000).

Log: 'System' Date/Time: 26/04/2017 18:10:50
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address B8-76-3F-49-E1-08 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv6 0x00000000).

Log: 'System' Date/Time: 26/04/2017 17:05:06
Type: Warning Category: 0
Event: 16393 Source: Microsoft-Windows-Bits-Client
BITS has encountered an error communicating with an Internet Gateway Device.  Please check that the device is functioning properly. BITS will not attempt to use this device until the next system reboot. Error code: 0x800706D9.

Log: 'System' Date/Time: 26/04/2017 17:01:20
Type: Warning Category: 0
Event: 24 Source: Volsnap
There was insufficient disk space on volume C: to grow the shadow copy storage for shadow copies of C:.  As a result of this failure all shadow copies of volume C: are at risk of being deleted.

Log: 'System' Date/Time: 26/04/2017 16:58:17
Type: Warning Category: 0
Event: 98 Source: Microsoft-Windows-Ntfs
Volume C: (\Device\HarddiskVolume4) requires an Online Scan.  An Online Scan will automatically run as part of the next scheduled maintenance task.  Alternatively you may run "CHKDSK /SCAN" locally via the command line, or run "REPAIR-VOLUME <drive:> -SCAN" locally or remotely via PowerShell.

Log: 'System' Date/Time: 26/04/2017 16:57:41
Type: Warning Category: 0
Event: 4 Source: Microsoft-Windows-FilterManager
File System Filter 'wcifs' (Version 10.0, ?2016?-?09?-?15T17:42:03.000000000Z) failed to attach to volume '\Device\HarddiskVolumeShadowCopy5'.  The filter returned a non-standard final status of 0xC000000D.  This filter and/or its supporting applications should handle this condition.  If this condition persists, contact the vendor.

Log: 'System' Date/Time: 26/04/2017 16:51:49
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address B8-76-3F-49-E1-08 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv4 0x00000000).

Log: 'System' Date/Time: 26/04/2017 16:51:49
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address B8-76-3F-49-E1-08 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv6 0x00000000).

Log: 'System' Date/Time: 26/04/2017 14:10:27
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name isatap.Home timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 26/04/2017 14:10:27
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name win10.ipv6.microsoft.com. timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 26/04/2017 13:47:59
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address B8-76-3F-49-E1-08 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv4 0x00000000).

Log: 'System' Date/Time: 26/04/2017 13:47:59
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address B8-76-3F-49-E1-08 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv6 0x00000000).

 

 

Application log.

 

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 27/04/2017 11:04:25

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 26/04/2017 16:51:22
Type: Critical Category: 173
Event: 142 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error is caused because the system stopped responding and the hardware watchdog triggered a system reset.

Log: 'System' Date/Time: 27/03/2017 11:44:29
Type: Critical Category: 173
Event: 142 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error is caused because the system stopped responding and the hardware watchdog triggered a system reset.

Log: 'System' Date/Time: 27/03/2017 11:44:29
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 16/01/2017 16:11:45
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 05/10/2016 19:23:55
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 27/04/2017 06:14:08
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 27/04/2017 06:12:33
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {8D8F4F83-3594-4F07-8369-FC3C3CAE4919}  and APPID  {F72671A9-012C-4725-9D2F-2A4D32D65169}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 26/04/2017 19:03:39
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 26/04/2017 18:54:41
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {8D8F4F83-3594-4F07-8369-FC3C3CAE4919}  and APPID  {F72671A9-012C-4725-9D2F-2A4D32D65169}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 26/04/2017 18:53:17
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 26/04/2017 18:11:33
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {8D8F4F83-3594-4F07-8369-FC3C3CAE4919}  and APPID  {F72671A9-012C-4725-9D2F-2A4D32D65169}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 26/04/2017 17:05:08
Type: Error Category: 0
Event: 55 Source: Ntfs
A corruption was discovered in the file system structure on volume C:.  A corruption was found in a file system index structure.  The file reference number is 0x9000000000009.  The name of the file is "<unable to determine file name>".  The corrupted index attribute is ":$SDH:$INDEX_ALLOCATION".

Log: 'System' Date/Time: 26/04/2017 17:04:57
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 26/04/2017 17:03:40
Type: Error Category: 0
Event: 55 Source: Ntfs
A corruption was discovered in the file system structure on volume C:.  A corruption was found in a file system index structure.  The file reference number is 0x9000000000009.  The name of the file is "<unable to determine file name>".  The corrupted index attribute is ":$SDH:$INDEX_ALLOCATION".

Log: 'System' Date/Time: 26/04/2017 17:03:40
Type: Error Category: 0
Event: 55 Source: Ntfs
A corruption was discovered in the file system structure on volume ??.  A corruption was found in a file system index structure.  The file reference number is 0x9000000000009.  The name of the file is "<unable to determine file name>".  The corrupted index attribute is ":$SII:$INDEX_ALLOCATION".

Log: 'System' Date/Time: 26/04/2017 17:03:39
Type: Error Category: 0
Event: 55 Source: Ntfs
A corruption was discovered in the file system structure on volume ??.  A corruption was found in a file system index structure.  The file reference number is 0x9000000000009.  The name of the file is "<unable to determine file name>".  The corrupted index attribute is ":$SII:$INDEX_ALLOCATION".

Log: 'System' Date/Time: 26/04/2017 17:03:38
Type: Error Category: 0
Event: 55 Source: Ntfs
A corruption was discovered in the file system structure on volume ??.  A corruption was found in a file system index structure.  The file reference number is 0x9000000000009.  The name of the file is "<unable to determine file name>".  The corrupted index attribute is ":$SII:$INDEX_ALLOCATION".

Log: 'System' Date/Time: 26/04/2017 17:03:38
Type: Error Category: 0
Event: 55 Source: Ntfs
A corruption was discovered in the file system structure on volume ??.  A corruption was found in a file system index structure.  The file reference number is 0x9000000000009.  The name of the file is "<unable to determine file name>".  The corrupted index attribute is ":$SII:$INDEX_ALLOCATION".

Log: 'System' Date/Time: 26/04/2017 17:03:37
Type: Error Category: 0
Event: 55 Source: Ntfs
A corruption was discovered in the file system structure on volume ??.  A corruption was found in a file system index structure.  The file reference number is 0x9000000000009.  The name of the file is "<unable to determine file name>".  The corrupted index attribute is ":$SII:$INDEX_ALLOCATION".

Log: 'System' Date/Time: 26/04/2017 17:03:36
Type: Error Category: 0
Event: 55 Source: Ntfs
A corruption was discovered in the file system structure on volume ??.  A corruption was found in a file system index structure.  The file reference number is 0x9000000000009.  The name of the file is "<unable to determine file name>".  The corrupted index attribute is ":$SII:$INDEX_ALLOCATION".

Log: 'System' Date/Time: 26/04/2017 17:03:36
Type: Error Category: 0
Event: 55 Source: Ntfs
A corruption was discovered in the file system structure on volume ??.  A corruption was found in a file system index structure.  The file reference number is 0x9000000000009.  The name of the file is "<unable to determine file name>".  The corrupted index attribute is ":$SII:$INDEX_ALLOCATION".

Log: 'System' Date/Time: 26/04/2017 17:03:35
Type: Error Category: 0
Event: 55 Source: Ntfs
A corruption was discovered in the file system structure on volume ??.  A corruption was found in a file system index structure.  The file reference number is 0x9000000000009.  The name of the file is "<unable to determine file name>".  The corrupted index attribute is ":$SII:$INDEX_ALLOCATION".

Log: 'System' Date/Time: 26/04/2017 17:03:34
Type: Error Category: 0
Event: 55 Source: Ntfs
A corruption was discovered in the file system structure on volume ??.  A corruption was found in a file system index structure.  The file reference number is 0x9000000000009.  The name of the file is "<unable to determine file name>".  The corrupted index attribute is ":$SII:$INDEX_ALLOCATION".

Log: 'System' Date/Time: 26/04/2017 17:03:34
Type: Error Category: 0
Event: 55 Source: Ntfs
A corruption was discovered in the file system structure on volume ??.  A corruption was found in a file system index structure.  The file reference number is 0x9000000000009.  The name of the file is "<unable to determine file name>".  The corrupted index attribute is ":$SII:$INDEX_ALLOCATION".

Log: 'System' Date/Time: 26/04/2017 17:03:30
Type: Error Category: 0
Event: 55 Source: Ntfs
A corruption was discovered in the file system structure on volume ??.  A corruption was found in a file system index structure.  The file reference number is 0x9000000000009.  The name of the file is "<unable to determine file name>".  The corrupted index attribute is ":$SII:$INDEX_ALLOCATION".

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 26/04/2017 23:50:20
Type: Warning Category: 0
Event: 4 Source: Microsoft-Windows-FilterManager
File System Filter 'wcifs' (Version 10.0, ?2016?-?09?-?15T17:42:03.000000000Z) failed to attach to volume '\Device\HarddiskVolumeShadowCopy1'.  The filter returned a non-standard final status of 0xC000000D.  This filter and/or its supporting applications should handle this condition.  If this condition persists, contact the vendor.

Log: 'System' Date/Time: 26/04/2017 23:50:16
Type: Warning Category: 0
Event: 4 Source: Microsoft-Windows-FilterManager
File System Filter 'wcifs' (Version 10.0, ?2016?-?09?-?15T17:42:03.000000000Z) failed to attach to volume '\Device\HarddiskVolumeShadowCopy1'.  The filter returned a non-standard final status of 0xC000000D.  This filter and/or its supporting applications should handle this condition.  If this condition persists, contact the vendor.

Log: 'System' Date/Time: 26/04/2017 23:50:13
Type: Warning Category: 0
Event: 4 Source: Microsoft-Windows-FilterManager
File System Filter 'wcifs' (Version 10.0, ?2016?-?09?-?15T17:42:03.000000000Z) failed to attach to volume '\Device\HarddiskVolumeShadowCopy1'.  The filter returned a non-standard final status of 0xC000000D.  This filter and/or its supporting applications should handle this condition.  If this condition persists, contact the vendor.

Log: 'System' Date/Time: 26/04/2017 22:38:53
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address B8-76-3F-49-E1-08 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv6 0x00000000).

Log: 'System' Date/Time: 26/04/2017 22:38:53
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address B8-76-3F-49-E1-08 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv4 0x00000000).

Log: 'System' Date/Time: 26/04/2017 18:54:24
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address B8-76-3F-49-E1-08 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv6 0x00000000).

Log: 'System' Date/Time: 26/04/2017 18:54:24
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address B8-76-3F-49-E1-08 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv4 0x00000000).

Log: 'System' Date/Time: 26/04/2017 18:53:30
Type: Warning Category: 0
Event: 16393 Source: Microsoft-Windows-Bits-Client
BITS has encountered an error communicating with an Internet Gateway Device.  Please check that the device is functioning properly. BITS will not attempt to use this device until the next system reboot. Error code: 0x800706D9.

Log: 'System' Date/Time: 26/04/2017 18:10:50
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address B8-76-3F-49-E1-08 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv4 0x00000000).

Log: 'System' Date/Time: 26/04/2017 18:10:50
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address B8-76-3F-49-E1-08 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv6 0x00000000).

Log: 'System' Date/Time: 26/04/2017 17:05:06
Type: Warning Category: 0
Event: 16393 Source: Microsoft-Windows-Bits-Client
BITS has encountered an error communicating with an Internet Gateway Device.  Please check that the device is functioning properly. BITS will not attempt to use this device until the next system reboot. Error code: 0x800706D9.

Log: 'System' Date/Time: 26/04/2017 17:01:20
Type: Warning Category: 0
Event: 24 Source: Volsnap
There was insufficient disk space on volume C: to grow the shadow copy storage for shadow copies of C:.  As a result of this failure all shadow copies of volume C: are at risk of being deleted.

Log: 'System' Date/Time: 26/04/2017 16:58:17
Type: Warning Category: 0
Event: 98 Source: Microsoft-Windows-Ntfs
Volume C: (\Device\HarddiskVolume4) requires an Online Scan.  An Online Scan will automatically run as part of the next scheduled maintenance task.  Alternatively you may run "CHKDSK /SCAN" locally via the command line, or run "REPAIR-VOLUME <drive:> -SCAN" locally or remotely via PowerShell.

Log: 'System' Date/Time: 26/04/2017 16:57:41
Type: Warning Category: 0
Event: 4 Source: Microsoft-Windows-FilterManager
File System Filter 'wcifs' (Version 10.0, ?2016?-?09?-?15T17:42:03.000000000Z) failed to attach to volume '\Device\HarddiskVolumeShadowCopy5'.  The filter returned a non-standard final status of 0xC000000D.  This filter and/or its supporting applications should handle this condition.  If this condition persists, contact the vendor.

Log: 'System' Date/Time: 26/04/2017 16:51:49
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address B8-76-3F-49-E1-08 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv4 0x00000000).

Log: 'System' Date/Time: 26/04/2017 16:51:49
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address B8-76-3F-49-E1-08 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv6 0x00000000).

Log: 'System' Date/Time: 26/04/2017 14:10:27
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name isatap.Home timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 26/04/2017 14:10:27
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name win10.ipv6.microsoft.com. timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 26/04/2017 13:47:59
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address B8-76-3F-49-E1-08 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv4 0x00000000).

Log: 'System' Date/Time: 26/04/2017 13:47:59
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address B8-76-3F-49-E1-08 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv6 0x00000000).

 

 

Process explorer log.

 

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 94.88 0 K 4 K 0   
procexp64.exe 1.82 43,844 K 68,904 K 7964 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
Interrupts 0.64 0 K 0 K n/a Hardware Interrupts and DPCs  
dwm.exe 0.46 40,588 K 49,592 K 996 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
lsass.exe 0.38 8,900 K 18,132 K 736 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows Publisher
WDAppManager.exe 0.37 64,184 K 67,600 K 6272 WD App Manager Western Digital Technologies, Inc. (Verified) WESTERN DIGITAL TECHNOLOGIES
csrss.exe 0.25 2,048 K 7,140 K 592 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
System 0.22 128 K 700 K 4   
svchost.exe 0.22 86,188 K 94,572 K 80 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
iexplore.exe 0.14 23,780 K 68,788 K 9288 Internet Explorer Microsoft Corporation (Verified) Microsoft Corporation
WDBackupService.exe 0.10 34,080 K 39,496 K 6696 WDBackupService Western Digital Technologies, Inc. (Verified) WESTERN DIGITAL TECHNOLOGIES
WDDMStatus.exe 0.10 14,220 K 24,064 K 2412 WD Quick View Western Digital Technologies, Inc. (Verified) Western Digital Technologies
ns.exe 0.07 181,496 K 21,600 K 2288 Norton Security Symantec Corporation (Verified) Symantec Corporation
rpdsvc.exe 0.05 29,232 K 22,460 K 2328 RealTimes Desktop Service RealNetworks, Inc. (Verified) RealNetworks
WDDriveService.exe 0.03 8,656 K 16,304 K 2344 WD Drive Service Western Digital Technologies, Inc. (Verified) Western Digital Technologies
svchost.exe 0.03 9,932 K 21,880 K 1388 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
explorer.exe 0.02 38,104 K 94,684 K 5564 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
AppleMobileDeviceService.exe 0.02 3,340 K 12,016 K 2096 MobileDeviceService Apple Inc. (Verified) Apple Inc.
stacsv64.exe 0.02 2,468 K 9,896 K 1504 IDT PC Audio IDT, Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher
iexplore.exe 0.02 111,148 K 118,864 K 8860 Internet Explorer Microsoft Corporation (Verified) Microsoft Corporation
LMS.exe 0.02 1,720 K 5,964 K 2564 Local Manageability Service Intel Corporation (Verified) Intel Corporation
svchost.exe 0.02 7,068 K 22,992 K 2204 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.01 41,956 K 70,260 K 408 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.01 9,268 K 23,316 K 824 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.01 5,764 K 11,968 K 896 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.01 4,320 K 11,252 K 2932 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
iexplore.exe 0.01 159,692 K 201,032 K 3884 Internet Explorer Microsoft Corporation (Verified) Microsoft Corporation
WDDriveAutoUnlock.exe 0.01 1,980 K 10,424 K 7140 WD Drive Auto Unlock Western Digital Technologies, Inc. (Verified) Western Digital Technologies
taskhostw.exe 0.01 8,708 K 21,392 K 5584 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 2,380 K 9,608 K 1596 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
CLMLSvc_P2G8.exe < 0.01 2,532 K 1,272 K 2828 CyberLink MediaLibray Service CyberLink (Verified) CyberLink
OfficeClickToRun.exe < 0.01 37,844 K 52,132 K 2088 Microsoft Office Click-to-Run (PreSxS) Microsoft Corporation (Verified) Microsoft Corporation
svchost.exe < 0.01 4,560 K 14,684 K 1868 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
SearchIndexer.exe < 0.01 36,732 K 38,704 K 2904 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
sihost.exe < 0.01 5,760 K 21,408 K 3580 Shell Infrastructure Host Microsoft Corporation (Verified) Microsoft Windows
SynTPEnh.exe < 0.01 6,004 K 19,560 K 5028 Synaptics TouchPad 64-bit Enhancements Synaptics Incorporated (Verified) Synaptics Incorporated
iCloudPhotos.exe < 0.01 15,680 K 36,764 K 6292 iCloud Photo Library Apple Inc. (Verified) Apple Inc.
ns.exe < 0.01 17,868 K 9,716 K 3204 Norton Security Symantec Corporation (Verified) Symantec Corporation
AppleIEDAV.exe < 0.01 4,392 K 14,776 K 9356 Apple IE DAV Apple Inc. (Verified) Apple Inc.
csrss.exe < 0.01 1,792 K 5,088 K 516 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
hpservice.exe < 0.01 1,272 K 5,716 K 1644 HpService Hewlett-Packard Company (Verified) Hewlett-Packard Company
WmiPrvSE.exe  2,404 K 9,208 K 7624 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe  2,200 K 9,692 K 668 Windows Log-on Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe  1,124 K 5,032 K 584 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows Publisher
WDDriveUtilitiesHelper.exe  2,772 K 11,740 K 5512 WD Drive Utilities Helper Western Digital Technologies, Inc. (Verified) Western Digital Technologies
UNS.exe  3,276 K 13,036 K 4044 User Notification Service Intel Corporation (Verified) Intel Corporation
SynTPHelper.exe  908 K 4,508 K 2472 Synaptics Pointing Device Helper Synaptics Incorporated (Verified) Synaptics Incorporated
SynTPEnhService.exe  1,024 K 4,316 K 2320 64-bit Synaptics Pointing Enhance Service Synaptics Incorporated (Verified) Synaptics Incorporated
svchost.exe  11,872 K 28,136 K 1284 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  15,412 K 26,016 K 84 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  7,264 K 21,012 K 2360 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  15,320 K 29,160 K 936 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  3,740 K 13,064 K 1744 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  7,428 K 28,364 K 5308 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  3,964 K 10,464 K 2212 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,756 K 11,084 K 2364 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  1,592 K 6,716 K 3028 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
sttray64.exe  3,164 K 11,436 K 1200 IDT PC Audio IDT, Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher
spoolsv.exe  6,896 K 17,404 K 1320 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smss.exe  416 K 1,196 K 344 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows Publisher
smartscreen.exe  8,356 K 14,700 K 2496 SmartScreen Microsoft Corporation (Verified) Microsoft Windows
ShellExperienceHost.exe Suspended 24,632 K 55,672 K 6700 Windows Shell Experience Host Microsoft Corporation (Verified) Microsoft Windows
services.exe  3,532 K 7,420 K 712 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows Publisher
secd.exe  4,756 K 18,164 K 7040 Apple Security Manager Apple, Inc. (Verified) Apple Inc.
SearchUI.exe Suspended 44,436 K 88,660 K 9432 Search and Cortana application Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe  14,340 K 54,724 K 2296 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RIconMan.exe  2,136 K 8,220 K 2416 Realtek Card Reader Patch Tool. Realsil Microelectronics Inc. (No signature was present in the subject) Realsil Microelectronics Inc.
RemindersServer.exe Suspended 8,200 K 16,416 K 1616 Reminders WinRT OOP Server Microsoft Corporation (Verified) Microsoft Windows
RealPlayerUpdateSvc.exe  4,292 K 10,064 K 2312   (Verified) RealNetworks
procexp.exe  3,412 K 10,284 K 32 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
PresentationFontCache.exe  28,544 K 25,156 K 6032 PresentationFontCache.exe Microsoft Corporation (Verified) Microsoft Corporation
PDVD10Serv.exe  1,484 K 8,268 K 6900 PowerDVD RC Service CyberLink Corp. (Verified) CyberLink Corp.
notepad.exe  2,428 K 14,216 K 8020 Notepad Microsoft Corporation (Verified) Microsoft Windows
notepad.exe  2,704 K 14,964 K 3388 Notepad Microsoft Corporation (Verified) Microsoft Windows
notepad.exe  12,436 K 37,684 K 5152 Notepad Microsoft Corporation (Verified) Microsoft Windows
notepad.exe  3,352 K 13,768 K 6928 Notepad Microsoft Corporation (Verified) Microsoft Windows
notepad.exe  2,560 K 14,944 K 9024 Notepad Microsoft Corporation (Verified) Microsoft Windows
Memory Compression  132 K 49,044 K 2612   
mDNSResponder.exe  1,724 K 6,468 K 2080 Bonjour Service Apple Inc. (Verified) Apple Inc.
Jhi_service.exe  1,244 K 6,084 K 2104 Intel® Dynamic Application Loader Host Interface Intel Corporation (Verified) Intel Corporation
IntelMeFWService.exe  944 K 5,032 K 2516 Intel® ME Service Intel Corporation (Verified) Intel Corporation
igfxTray.exe  8,308 K 14,020 K 3596 igfxTray Module Intel Corporation (Verified) Intel® pGFX
igfxHK.exe  5,316 K 10,944 K 5372 igfxHK Module Intel Corporation (Verified) Intel® pGFX
igfxEM.exe  7,644 K 15,372 K 428 igfxEM Module Intel Corporation (Verified) Intel® pGFX
igfxCUIService.exe  1,696 K 8,528 K 1380 igfxCUIService Module Intel Corporation (Verified) Intel® pGFX
iCloudServices.exe  33,068 K 55,224 K 1472 iCloud Services Apple Inc. (Verified) Apple Inc.
iCloudDrive.exe  12,688 K 31,520 K 6196 iCloud Drive Apple Inc. (Verified) Apple Inc.
hpwuschd2.exe  1,120 K 6,016 K 7000 hpwuSchd Application Hewlett-Packard (Verified) Hewlett-Packard Company
HPWMISVC.exe  1,312 K 6,072 K 2220 HP Quick Launch WMI Service Hewlett-Packard Development Company, L.P. (Verified) Hewlett-Packard Company
HPSupportSolutionsFrameworkService.exe  36,804 K 39,684 K 836 HP Support Solutions Framework Service HP Inc. (Verified) HP Inc.
hpqwmiex.exe  1,768 K 9,208 K 7564 HP Software Framework WMI Service Hewlett-Packard Company (Verified) Hewlett-Packard Company
HeciServer.exe  1,476 K 7,196 K 2236 Intel® Capability Licensing Service Interface Intel® Corporation (Verified) Intel® Upgrade Service
fontdrvhost.exe  1,136 K 3,992 K 9332 Usermode Font Driver Host Microsoft Corporation (Verified) Microsoft Windows
FlashUtil_ActiveX.exe  4,572 K 13,020 K 7872 Adobe® Flash® Player Utility Adobe Systems Incorporated (Verified) Microsoft Windows Third Party Application Component
dllhost.exe  1,548 K 7,032 K 8708 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
dllhost.exe  1,944 K 10,004 K 2844 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
dasHost.exe  4,840 K 15,204 K 1740 Device Association Framework Provider Host Microsoft Corporation (Verified) Microsoft Windows
CoolSense.exe  1,996 K 940 K 4952 HP CoolSense Hewlett-Packard Development Company, L.P. (Verified) Hewlett-Packard Company
conhost.exe  1,308 K 5,800 K 6676 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
conhost.exe  2,208 K 11,852 K 4296 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
cmd.exe  2,612 K 2,988 K 8552 Windows Command Processor Microsoft Corporation (Verified) Microsoft Windows
backgroundTaskHost.exe Suspended 5,824 K 22,060 K 5164 Background Task Host Microsoft Corporation (Verified) Microsoft Windows
armsvc.exe  1,336 K 6,308 K 2228 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems
APSDaemon.exe  4,876 K 16,916 K 6376 Apple Push Apple Inc. (Verified) Apple Inc.
ApplePhotoStreamsDownloader.exe  7,420 K 25,892 K 7048 iCloud Photo Stream Downloader Apple Inc. (Verified) Apple Inc.
ApplePhotoStreams.exe  10,304 K 34,868 K 2872 iCloud Photo Stream Apple Inc. (Verified) Apple Inc.

Attached Files


Edited by o0hope0o, 27 April 2017 - 04:44 AM.

  • 0

#5
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,725 posts
  • MVP

Speccy isn't very happy with your hard drive:

 

BB
                                            Attribute name    Reported Uncorrectable Errors
                                            Real value    8,590,000,128
                                            Current    100
                                            Worst    100
                                            Threshold    0
                                            Raw Value    0000010000
                                            Status    Good
                                        BC
                                            Attribute name    Command Timeout
                                            Real value    30,065,754,122
                                            Current    100
                                            Worst    99
                                            Threshold    0
                                            Raw Value    00000F000A
                                            Status    Good
                                        ...
                                        BF
                                            Attribute name    G-sense error rate
                                            Real value    1,256
                                            Current    96
                                            Worst    96
                                            Threshold    0
                                            Raw Value    00000004E8
                                            Status    Good

 

                                      

 

 

The G-Sense error rate parameter indicates it has been dropped hard.  Command Timeouts cause delays as the system has to rerequest data.  Reported Uncorrectable Errors is nothing you want.  It may be time to clone the drive and replace it. 

 

Let's see a new FRST scan with addition.txt checked.  Post both logs.


  • 0

#6
o0hope0o

o0hope0o

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

Here's my logs.  I think maybe I might need to treat myself to new one, it is a few years old.

Thank you for your super fast help.

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-04-2017
Ran by hope (27-04-2017 12:18:33)
Running from C:\Users\hope\Desktop\Spyware help
Windows 10 Home Version 1607 (X64) (2016-09-25 12:41:03)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-570208440-388758986-1359718189-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-570208440-388758986-1359718189-503 - Limited - Disabled)
Guest (S-1-5-21-570208440-388758986-1359718189-501 - Limited - Disabled)
hope (S-1-5-21-570208440-388758986-1359718189-1001 - Administrator - Enabled) => C:\Users\hope

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Security (Enabled - Up to date) {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security (Enabled - Up to date) {8B15A0D7-38AE-74BB-CE13-B9D7D5768117}
FW: Norton Security (Enabled) {084FC016-54FB-7A6D-DFFC-2B9050228CD1}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7 Wonders II (x32 Version: 2.2.0.98 - WildTangent) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{05E07D23-91E9-4E70-A4CC-EF505088F967}) (Version: 5.4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{741291DA-2B34-4D44-8FB6-58EDE21261D8}) (Version: 5.4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{DB18F1C0-846F-46F5-A074-5B97C8AF5C8E}) (Version: 10.3.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Blackboard Collaborate Launcher (HKLM-x32\...\{AEED1D32-C837-405A-8009-6660E3883C9E}) (Version: 1.6.4.0 - Blackboard)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Connected Music powered by Universal Music Group version 1.0 (HKLM-x32\...\{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1) (Version: 1.0 - Snowite)
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Crazy Chicken Soccer (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4.6515 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.4.2928 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.2.3317 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2527 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.3.2817 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.8.5511 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.6.6119 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DivX Setup (HKLM\...\DivX Setup) (Version: 3.0.0.125 - DivX, LLC)
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Photos Backup (HKU\S-1-5-21-570208440-388758986-1359718189-1001\...\Google Photos Backup) (Version: 1.1.2.13 - Google, Inc.)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-570208440-388758986-1359718189-1001\...\HPConnectedMusic) (Version: 1.1 (build 59) hp - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{E2C8D0C2-1C97-4C05-939A-5B13A0FE655C}) (Version: 2.20.31 - Hewlett-Packard Company)
HP Deskjet 2540 series Basic Device Software (HKLM\...\{6A79CD11-0C1C-4E24-A8C6-46A02F680346}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Deskjet 2540 series Help (HKLM-x32\...\{4539575D-C09D-4E71-B207-0F2D6BD74DA2}) (Version: 30.0.0 - Hewlett Packard)
HP Documentation (HKLM-x32\...\{1AC082E0-049D-4C5C-9ECF-9473AD5A949D}) (Version: 1.1.0.0 - Hewlett-Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.16432 - HP)
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.4.14.41 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.6.14.19 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
iCloud (HKLM\...\{7F40A9A7-B3BE-4EA8-B052-60449F6C3C02}) (Version: 6.2.1.67 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{164600BE-9CEC-44E6-9B38-2B12D5FE2342}) (Version: 12.6.0.100 - Apple Inc.)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest II (x32 Version: 2.2.0.97 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Artifacts (x32 Version: 2.2.0.110 - WildTangent) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7167.2060 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.7167.2060 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-570208440-388758986-1359718189-1001\...\OneDriveSetup.exe) (Version: 17.3.6799.0327 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
Norton Security (HKLM-x32\...\NS) (Version: 22.9.1.12 - Symantec Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7341.2032 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7341.2032 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7341.2032 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Pixillion Image Converter (HKLM-x32\...\Pixillion) (Version: 3.04 - NCH Software)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Product Improvement Study for HP Deskjet 2540 series (HKLM\...\{DF34643B-A745-430C-B27B-A48F853C81E4}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.2.0 - Ralink)
Ranch Rush 2 - Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
RealDownloader (x32 Version: 18.1.7.343 - RealNetworks) Hidden
RealDownloader (x32 Version: 18.1.7.343 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (RealTimes) (HKLM-x32\...\RealPlayer 18.1) (Version: 18.1.7 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Sense (HKLM-x32\...\Sense) (Version: Build 187 - The Open University) <==== ATTENTION
Sky Go Download Player (HKU\S-1-5-21-570208440-388758986-1359718189-1001\...\54448661.go.sky.com) (Version:  - go.sky.com)
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.98 - Synaptics Incorporated)
Titanbet Poker UK (HKU\S-1-5-21-570208440-388758986-1359718189-1001\...\Titanbet.co.uk) (Version:  - )
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
vc2012_redist (x32 Version: 1.0.0.0 - Realnetworks) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Video Downloader (x32 Version: 18.1.7 - RealNetworks) Hidden
Virtual Families (x32 Version: 2.2.0.98 - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.3 - VideoLAN)
vs2015_redist x64 (Version: 1.0.0.0 - Realnetworks) Hidden
vs2015_redist x86 (x32 Version: 1.0.0.0 - Realnetworks) Hidden
WD Backup (HKLM-x32\...\{a8c9535a-ecd9-4172-a330-0cb5ff9dbed9}) (Version: 1.5.5953.19614 - Western Digital Technologies, Inc.)
WD Backup (x32 Version: 1.5.5953.19614 - Western Digital Technologies, Inc) Hidden
WD Drive Utilities (HKLM-x32\...\{eab1fb93-61fb-48de-b815-b4e9b68d2ef1}) (Version: 1.3.2.2 - Western Digital Technologies, Inc.)
WD Drive Utilities (x32 Version: 1.3.2.2 - Western Digital Technologies, Inc.) Hidden
WD Quick View (HKLM-x32\...\{965D28B5-3C86-41FD-994E-D6376815C9B3}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{249644e6-451a-4a5c-bd5c-21eeb9eec79d}) (Version: 1.3.1.2 - Western Digital Technologies, Inc.)
WD Security (x32 Version: 1.3.1.2 - Western Digital Technologies, Inc.) Hidden
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.6 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version:  - Yahoo Inc.)
ZoneAlarm Antivirus (x32 Version: 14.1.011.000 - Check Point Software Technologies Ltd.) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-570208440-388758986-1359718189-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-570208440-388758986-1359718189-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\hope\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-570208440-388758986-1359718189-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\hope\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00EA02AE-2B40-4A54-BA35-FB256333C6F7} - System32\Tasks\Norton Security\Norton Security Error Analyzer => C:\Program Files (x86)\Norton Security\Engine\22.9.1.12\SymErr.exe [2017-02-20] (Symantec Corporation)
Task: {06FF19FA-7B50-47BF-AA07-F9F5F0C18CB2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {094CD275-5C71-4753-B57E-5566CA859498} - \Microsoft\Windows\SideShow\AutoWake -> No File <==== ATTENTION
Task: {0D001C02-3B04-4E55-8EF3-A66772431420} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
Task: {0F6DBBD1-1FA5-490B-A482-1F43FCC689E6} - \Microsoft\Windows\SideShow\SystemDataProviders -> No File <==== ATTENTION
Task: {127E7245-C62A-4F5B-B50E-145F3E74FF16} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display -> No File <==== ATTENTION
Task: {157D426F-294C-4D4B-BDF8-9324FBD39F87} - \CLMLSvc_P2G8 -> No File <==== ATTENTION
Task: {1A4230A2-E136-4936-9B22-DDF624BB8332} - \Microsoft\Windows\IME\SQM data sender -> No File <==== ATTENTION
Task: {1E8C5C2C-44FA-4974-B6EB-1BD1E4DB8D18} - \Optimize Start Menu Cache Files-S-1-5-21-570208440-388758986-1359718189-1001 -> No File <==== ATTENTION
Task: {23FF5B52-CB56-44EF-AD8B-A9376EC20D5F} - System32\Tasks\Norton Security\Norton Security Error Processor => C:\Program Files (x86)\Norton Security\Engine\22.9.1.12\SymErr.exe [2017-02-20] (Symantec Corporation)
Task: {25DB0C8A-03DA-4521-A2F0-4C45F7F23935} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-570208440-388758986-1359718189-1001UA => C:\Users\hope\AppData\Local\Google\Update\GoogleUpdate.exe [2017-03-10] (Google Inc.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - \Microsoft\Windows\Workplace Join\Automatic-Workplace-Join -> No File <==== ATTENTION
Task: {3760D593-C9D4-4A4C-AB62-9B67620CF782} - \Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources -> No File <==== ATTENTION
Task: {3A1BBFFA-5A7A-4EF2-9CE3-62296A62CDD3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {3DCAFC04-965B-489A-920C-8ED1E23A7E7E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {46BA70BC-2D26-4895-AA57-C0A0B42F519C} - \RealTimes (32-bit)  -> No File <==== ATTENTION
Task: {489F2310-5578-4699-9210-68DED7950C7D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-02-02] (Adobe Systems Incorporated)
Task: {4AB423B9-A92D-4BD2-9728-214ECDC16348} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot -> No File <==== ATTENTION
Task: {4BF6C6D2-8F84-44B7-8008-0F5FAFEF79C6} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-570208440-388758986-1359718189-1001 => C:\program files (x86)\real\realplayer\RealDownloader\RealUpgrade.exe [2017-03-14] (RealNetworks, Inc.)
Task: {5343E0DF-163E-422F-B163-1CF5FBB57996} - \{B4ED0CB6-FF19-4F82-BC6D-C0585C68705C} -> No File <==== ATTENTION
Task: {574E858B-105C-45D3-AB95-EEA470728472} - \CreateChoiceProcessTask -> No File <==== ATTENTION
Task: {5A3FB241-0B11-4EA5-BC66-0D9F1B406040} - \Microsoft\Windows\Customer Experience Improvement Program\BthSQM -> No File <==== ATTENTION
Task: {6106DCD7-8EEF-40EC-BE33-B0FDB4351D6F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {62892DFB-B003-4708-9C90-54B7C4FFC82C} - \Microsoft\Windows\UpdateOrchestrator\Policy Install -> No File <==== ATTENTION
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - \Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task -> No File <==== ATTENTION
Task: {6F5747E6-3D03-4DCC-BA56-92954FB51DD3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {73212267-69BC-49F4-950E-E49259FE7E06} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {743CFB83-0F84-4CDF-B7B1-4243C600CBCB} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {7AC2E127-E4C2-49FF-996E-53EF955C940B} - \AVGPCTuneUp_Task_BkGndMaintenance -> No File <==== ATTENTION
Task: {7CF000F8-6CF2-4894-8A8C-567B5D1EFCA7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {81BC65E8-06FD-4C8B-B5A9-246F9740F55D} - \Microsoft\Windows\WindowsUpdate\AUScheduledInstall -> No File <==== ATTENTION
Task: {81D3B086-4C43-40AA-A13A-97E4DE1B17BF} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {86056263-EA16-49CE-956E-13DE753FF71C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - \Microsoft\Windows\SkyDrive\Routine Maintenance Task -> No File <==== ATTENTION
Task: {8B6759EE-1C08-4B8F-955C-774AB5A6544E} - \Microsoft\Windows\SideShow\SessionAgent -> No File <==== ATTENTION
Task: {9115B171-DD66-49E2-AB59-BCF80E4F262A} - \Synaptics TouchPad Enhancements -> No File <==== ATTENTION
Task: {91EE41F1-437D-4100-8D65-7CF20CAB258F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {933A444A-819A-40E8-85ED-490C2DB537E5} - \Microsoft\Windows Live\SOXE\Extractor Definitions Update Task -> No File <==== ATTENTION
Task: {A1805C79-604A-456A-8D2E-8685AF895363} - \Microsoft\Windows\WindowsUpdate\AUFirmwareInstall -> No File <==== ATTENTION
Task: {A5A8CE60-934F-4BF6-BC73-71A9C519289B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-04-06] (HP Inc.)
Task: {AACC3A46-628B-4AE0-BE2C-76D40DC8293B} - \CLVDLauncher -> No File <==== ATTENTION
Task: {B43B0CDB-ECBE-44A0-A265-583EAB46B443} - System32\Tasks\RealDownloader Update Check => C:\program files (x86)\real\realplayer\RealDownloader\downloader2.exe [2017-03-14] ()
Task: {B5871E2F-408C-44D8-AF59-84F00C8AEE8D} - \Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon -> No File <==== ATTENTION
Task: {BB569C30-2735-4124-A44C-1623B09FC6A9} - \Microsoft\Windows\Shell\FamilySafetyUpload -> No File <==== ATTENTION
Task: {BDD77D1A-F9D9-4742-A105-6C16B8A2C81D} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-570208440-388758986-1359718189-1001 => C:\program files (x86)\real\realplayer\RealDownloader\RealUpgrade.exe [2017-03-14] (RealNetworks, Inc.)
Task: {BEBB457A-DA7B-49A8-B314-EBBCB80DBCD3} - \MirageAgent -> No File <==== ATTENTION
Task: {C0A93ECC-ADCA-44CE-B744-A9EFB134FC8E} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security\Engine\22.9.1.12\WSCStub.exe [2017-03-16] (Symantec Corporation)
Task: {C4AE3C3E-C327-4689-B6FD-C11FB31AE88B} - \Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler -> No File <==== ATTENTION
Task: {C9DCF59E-6B97-4C0C-8641-B8261089C8CA} - \Microsoft\Windows\MobilePC\HotStart -> No File <==== ATTENTION
Task: {CC7A5F3B-F861-43ED-A34C-FF8646D3858B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {CDB6A6D2-480B-4B19-8201-7CF320187B0E} - System32\Tasks\DivXUpdate => C:\Program Files (x86)\Common Files\DivX Shared\Qt4.8\DivXUpdate.exe [2016-11-11] (DivX, LLC)
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - \Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor -> No File <==== ATTENTION
Task: {CE424F68-B674-4DBF-89AD-1BB5B4D3F954} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {CE83BCF9-1949-4102-809D-66D445643CE7} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {D16B39B0-EEB7-4440-A0FC-CDA48D73E551} - \HPCustParticipation HP Deskjet 2540 series -> No File <==== ATTENTION
Task: {D5F9572E-9BCB-47B3-9F4F-6FFA9C6F8827} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2017-03-15] (Oracle Corporation)
Task: {DB21EF32-6BA9-4118-BBC1-BC4FF48961E5} - \Microsoft\Windows\SideShow\GadgetManager -> No File <==== ATTENTION
Task: {E11110B7-2421-4C49-B335-CE53EFD752BE} - System32\Tasks\Norton Security\Norton Security Autofix => C:\Program Files (x86)\Norton Security\Engine\22.9.1.12\SymErr.exe [2017-02-20] (Symantec Corporation)
Task: {E2F0EF29-5289-4FBE-810B-500D41FEA60C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-570208440-388758986-1359718189-1001Core => C:\Users\hope\AppData\Local\Google\Update\GoogleUpdate.exe [2017-03-10] (Google Inc.)
Task: {E729C222-0BD6-430A-821F-B13005108462} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-04-01] (HP Inc.)
Task: {EB99B3D0-1771-48BE-98BC-DB6DB740801D} - \Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start -> No File <==== ATTENTION
Task: {F3A4BC5C-8E93-4CF8-9941-045133106B81} - \Microsoft\Windows\WindowsUpdate\AUSessionConnect -> No File <==== ATTENTION
Task: {F628B57F-C658-4442-ABC1-66F0977AECBB} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {F8BC94FF-3998-4B32-8128-CF2182CDB3EC} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {FB3A4E4E-5EFC-479D-BD54-0159792211F5} - \Microsoft\Windows\WindowsUpdate\Scheduled Start With Network -> No File <==== ATTENTION
Task: {FE8AF828-A1EB-4BA9-851B-62F02DCBE2C1} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForhope.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\hope\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-04-13 21:58 - 2017-03-28 07:22 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-03-16 17:08 - 2017-03-16 17:08 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-03-14 21:44 - 2017-03-14 21:44 - 00035104 _____ () C:\program files (x86)\real\realplayer\UpdateService\RealPlayerUpdateSvc.exe
2017-04-13 21:58 - 2017-03-28 07:22 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-24 16:55 - 2016-09-05 15:50 - 08921800 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-09-25 13:48 - 2016-09-25 13:48 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-15 14:46 - 2017-03-04 07:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-15 14:47 - 2017-03-04 07:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-15 14:47 - 2017-03-04 07:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-15 14:47 - 2017-03-04 07:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-04-13 21:57 - 2017-03-28 06:07 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-04-13 21:57 - 2017-03-28 06:08 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-04-13 21:58 - 2017-03-28 06:11 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-03-14 21:44 - 2017-03-14 21:44 - 00040248 _____ () C:\program files (x86)\real\realplayer\UpdateService\DL2UpdatePlugin.dll
2017-03-14 21:44 - 2017-03-14 21:44 - 00042296 _____ () C:\program files (x86)\real\realplayer\UpdateService\RealDownloaderUpdatePlugin.dll
2017-03-14 21:43 - 2017-03-14 21:43 - 00039752 _____ () C:\program files (x86)\real\realplayer\UpdateService\VideoDLUpdatePlugin.dll
2012-12-29 00:05 - 2012-06-25 19:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-06-28 23:15 - 2012-06-08 04:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 11:34 - 2012-06-08 11:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2017-03-16 17:09 - 2017-03-16 17:09 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-01 18:13 - 2016-09-01 18:13 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2017-03-16 17:08 - 2017-03-16 17:08 - 00189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-570208440-388758986-1359718189-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-570208440-388758986-1359718189-1001\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-570208440-388758986-1359718189-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\hope\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "RealTimes.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "HP Quick Launch"
HKLM\...\StartupApproved\Run32: => "ZoneAlarm"
HKLM\...\StartupApproved\Run32: => "TkBellExe"
HKLM\...\StartupApproved\Run32: => "DivXMediaServer"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKLM\...\StartupApproved\Run32: => "RealDownloader"
HKU\S-1-5-21-570208440-388758986-1359718189-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-570208440-388758986-1359718189-1001\...\StartupApproved\Run: => "Google Photos Backup"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{45AF4ED5-8474-46DF-AADE-89108F0D1492}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{9D362B49-91DA-48DE-90E5-14A0B83AEDAE}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{C6C96C1D-BCB7-41C5-B583-56E9DA7C5660}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{E8BED55D-51C2-40D5-B5FF-65C230AE18A3}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{019CE4D5-B8C0-4730-AAEE-27DDA908CF95}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{FE630604-4876-40D9-B39E-521FA682542B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{F9AC6840-B94A-4D0D-A57B-21470EACBE9C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0BD58C84-79D6-48C0-999A-66478F5DACDD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CE073E4C-4378-45C0-9AB3-35DF8F952231}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6B9B41BD-740D-45BC-9B26-A75C3DC1F6CB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{98B97539-B54E-4C8E-9A3B-526F81A62758}] => (Allow) LPort=1900
FirewallRules: [{54DEBB77-390E-48BF-92F6-B577C334E4B0}] => (Allow) LPort=2869
FirewallRules: [{435FE520-3357-4E2B-A580-297B84A30114}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{6B828A61-64DC-424B-9097-A4BC4972BD0B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{D55270E8-858F-4641-ACBC-CE8AAA932A9F}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetup.exe
FirewallRules: [{BAA854DB-3FC0-4C38-8DF1-315800C0B18F}] => (Allow) LPort=5357
FirewallRules: [{91950B90-026C-4F43-A324-538049879458}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{6227134E-979F-4C22-A94C-9A12A5CB9F31}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0D70D979-9D90-4139-888B-E7DAB4C4B187}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{352DC1DA-5BF8-4777-A264-572E6AD236CB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1E2B3B10-8D4F-4D2A-878D-9951350A7926}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{577F621B-B888-4226-8074-BE9FA278F799}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{B85559E4-DA46-4E2A-9E08-3033E1535C0E}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [TCP Query User{77DDA0DA-DE57-4595-9444-1E8A97BBC633}C:\users\hope\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_80\bin\javaw.exe] => (Block) C:\users\hope\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_80\bin\javaw.exe
FirewallRules: [UDP Query User{82EA02C4-8450-4496-89D4-AD60074BF1D0}C:\users\hope\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_80\bin\javaw.exe] => (Block) C:\users\hope\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_80\bin\javaw.exe
FirewallRules: [{63FA06DF-0CB3-41F1-9002-433B9869DBE6}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{C7E29C46-81AE-4DC8-86BD-739058692414}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Restore Points =========================

27-04-2017 00:49:45 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (04/27/2017 11:42:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPPU.exe, version: 1.0.0.0, time stamp: 0x50079e34
Faulting module name: d2d1.dll, version: 10.0.14393.693, time stamp: 0x585a03fd
Exception code: 0xc0000005
Fault offset: 0x00322865
Faulting process ID: 0x16b0
Faulting application start time: 0x01d2bf43012b6080
Faulting application path: C:\Program Files (x86)\Hewlett-Packard\HP Utility Center\HPPU.exe
Faulting module path: C:\WINDOWS\SYSTEM32\d2d1.dll
Report ID: 6ef30f7a-054c-46dd-bd2e-dfd24e5e7143
Faulting package full name:
Faulting package-relative application ID:

Error: (04/27/2017 11:41:48 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (04/27/2017 11:32:34 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (04/27/2017 11:32:11 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (04/27/2017 11:27:19 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HOPE)
Description: Activation of application Microsoft.Windows.Cortana_cw5n1h2txyewy!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023174 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (04/27/2017 11:11:37 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HOPE)
Description: Activation of application Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (04/27/2017 11:11:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.14393.447, time stamp: 0x5819bf85
Faulting module name: CoreUIComponents.dll, version: 0.0.0.0, time stamp: 0x58d9eaac
Exception code: 0xc0000005
Fault offset: 0x0000000000072834
Faulting process ID: 0x1234
Faulting application start time: 0x01d2bf3ea4ea16f3
Faulting application path: C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Faulting module path: C:\WINDOWS\system32\CoreUIComponents.dll
Report ID: ef72ca8e-e4e7-4e9f-b912-677ad775bd50
Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.14393.1066_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App

Error: (04/27/2017 03:37:37 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (04/27/2017 12:49:56 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (04/26/2017 08:01:15 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

System errors:
=============
Error: (04/27/2017 12:16:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/27/2017 07:14:08 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/27/2017 07:12:33 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/26/2017 08:03:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/26/2017 07:54:41 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/26/2017 07:53:17 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/26/2017 07:11:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/26/2017 06:05:08 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume C:.

A corruption was found in a file system index structure.  The file reference number is 0x9000000000009.  The name of the file is "<unable to determine file name>".  The corrupted index attribute is ":$SDH:$INDEX_ALLOCATION".

Error: (04/26/2017 06:04:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/26/2017 06:03:40 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume C:.

A corruption was found in a file system index structure.  The file reference number is 0x9000000000009.  The name of the file is "<unable to determine file name>".  The corrupted index attribute is ":$SDH:$INDEX_ALLOCATION".

==================== Memory info ===========================

Processor: Intel® Core™ i3-3110M CPU @ 2.40GHz
Percentage of memory in use: 45%
Total physical RAM: 6036.27 MB
Available physical RAM: 3291.16 MB
Total Virtual: 6996.27 MB
Available Virtual: 4344.29 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:676.57 GB) (Free:595.32 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:20.12 GB) (Free:2.45 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 5B88DBE8)

Partition: GPT.

==================== End of Addition.txt ============================

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-04-2017
Ran by hope (administrator) on HOPE (27-04-2017 12:18:01)
Running from C:\Users\hope\Desktop\Spyware help
Loaded Profiles: hope (Available Profiles: hope)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.9.1.12\ns.exe
() C:\Program Files (x86)\Real\RealPlayer\UpdateService\RealPlayerUpdateSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.9.1.12\ns.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\WDAppManager.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\Plugins\WD Backup\App\WDBackupService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RealDownloader\realdownloader264.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-06-26] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954352 2016-04-28] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-03-22] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67896 2017-03-16] (Apple Inc.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-04-10] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [1046496 2016-11-11] (DivX, LLC)
HKLM-x32\...\Run: [WDAppManager] => C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe [21384 2016-04-19] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1761120 2015-12-07] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1890664 2016-01-14] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-02-12] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [352648 2017-03-22] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => C:\program files (x86)\real\realplayer\RealDownloader\downloader2.exe [738032 2017-03-14] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKU\S-1-5-21-570208440-388758986-1359718189-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-03-16] (Apple Inc.)
HKU\S-1-5-21-570208440-388758986-1359718189-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2017-03-16] (Apple Inc.)
HKU\S-1-5-21-570208440-388758986-1359718189-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-03-16] (Apple Inc.)
HKU\S-1-5-21-570208440-388758986-1359718189-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-570208440-388758986-1359718189-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2017-03-16] (Apple Inc.)
HKU\S-1-5-21-570208440-388758986-1359718189-1001\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1092920 2017-02-08] (Apple Inc.)
HKU\S-1-5-21-570208440-388758986-1359718189-1001\...\Run: [Google Update] => C:\Users\hope\AppData\Local\Google\Update\1.3.33.3\GoogleUpdateCore.exe [599632 2017-04-15] (Google Inc.)
HKU\S-1-5-21-570208440-388758986-1359718189-1001\...\Run: [Google Photos Backup] => C:\Users\hope\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3790936 2016-04-08] (Google, Inc)
HKU\S-1-5-21-570208440-388758986-1359718189-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [806400 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine\22.9.1.12\buShell.dll [2017-03-16] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine\22.9.1.12\buShell.dll [2017-03-16] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine\22.9.1.12\buShell.dll [2017-03-16] (Symantec Corporation)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine32\22.9.1.12\buShell.dll [2017-03-16] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine32\22.9.1.12\buShell.dll [2017-03-16] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine32\22.9.1.12\buShell.dll [2017-03-16] (Symantec Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2017-03-22]
ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)
GroupPolicy: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{25cb897e-ecc4-4c56-b12a-36e4abc70a43}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{88b0ed29-1d74-4dc0-a7c7-51ab64641ff6}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_znealrm_16_17&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0BzzyByCtA0FyEzy0EtCtD0A0FyB0BtBtN0D0Tzu0StCyDyBzztN1L2XzutAtFtBtCtFtCtFtCtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyBzytAtC0B0DtCyBtGtA0A0EyEtGtBtC0B0BtGtBzyyB0EtGtA0ByCyDyC0DyEtAyB0E0F0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0E0FtCyD0Azy0FtGzyyCzy0AtGyEyC0CtAtGzy0CzytDtGtCtDtBtCyDtB0BtDyC0A0D0E2QtN0A0LzuyE%26cr%3D749370036%26a%3Dwncy_znealrm_16_17%26os_ver%3D6.3%26os%3DWindows%2B8.1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT13/2
HKU\S-1-5-21-570208440-388758986-1359718189-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/
HKU\S-1-5-21-570208440-388758986-1359718189-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT13/2
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_znealrm_16_17&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0BzzyByCtA0FyEzy0EtCtD0A0FyB0BtBtN0D0Tzu0StCyDyBzztN1L2XzutAtFtBtCtFtCtFtCtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyBzytAtC0B0DtCyBtGtA0A0EyEtGtBtC0B0BtGtBzyyB0EtGtA0ByCyDyC0DyEtAyB0E0F0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0E0FtCyD0Azy0FtGzyyCzy0AtGyEyC0CtAtGzy0CzytDtGtCtDtBtCyDtB0BtDyC0A0D0E2QtN0A0LzuyE%26cr%3D749370036%26a%3Dwncy_znealrm_16_17%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_znealrm_16_17&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0BzzyByCtA0FyEzy0EtCtD0A0FyB0BtBtN0D0Tzu0StCyDyBzztN1L2XzutAtFtBtCtFtCtFtCtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyBzytAtC0B0DtCyBtGtA0A0EyEtGtBtC0B0BtGtBzyyB0EtGtA0ByCyDyC0DyEtAyB0E0F0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0E0FtCyD0Azy0FtGzyyCzy0AtGyEyC0CtAtGzy0CzytDtGtCtDtBtCyDtB0BtDyC0A0D0E2QtN0A0LzuyE%26cr%3D749370036%26a%3Dwncy_znealrm_16_17%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {AE91E442-9680-40CB-BFB4-24E56AC73A67} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {AE91E442-9680-40CB-BFB4-24E56AC73A67} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-570208440-388758986-1359718189-1001 -> DefaultScope {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=1002180&geo=GB&ver=22&locale=en_GB&guid=3EE20A19-FA05-4F9D-9DDD-D3F1B0CB92C9&doi=2016-09-01&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-570208440-388758986-1359718189-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-570208440-388758986-1359718189-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D101115-A60FA26CFB78147A880F&form=CONBDF&conlogo=CT3332038&q={searchTerms}
SearchScopes: HKU\S-1-5-21-570208440-388758986-1359718189-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-570208440-388758986-1359718189-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={F4516B7C-522E-4176-BC5B-7EAE7B54467D}&mid=7b14d574a70f47cf9d41a50fe661a66c-ca1da5b917d2c34b5e1c53b72f6858a58bfa5970&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516piz&pr=fr&d=2016-09-02 11:14:50&v=4.3.5.160&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-570208440-388758986-1359718189-1001 -> {9FB217FF-3F34-4C05-8127-8B29188E6F34} URL = hxxps://uk.search.yahoo.com/search?p={searchTerms}&intl=uk&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle
SearchScopes: HKU\S-1-5-21-570208440-388758986-1359718189-1001 -> {AE91E442-9680-40CB-BFB4-24E56AC73A67} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-570208440-388758986-1359718189-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=1002180&geo=GB&ver=22&locale=en_GB&guid=3EE20A19-FA05-4F9D-9DDD-D3F1B0CB92C9&doi=2016-09-01&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-570208440-388758986-1359718189-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-570208440-388758986-1359718189-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\program files (x86)\real\realplayer\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2017-03-14] (RealDownloader)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-09-05] (Microsoft Corporation)
BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.9.1.12\coIEPlg.dll [2017-03-16] (Symantec Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-09-05] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\program files (x86)\real\realplayer\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2017-03-14] (RealDownloader)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-09-05] (Microsoft Corporation)
BHO-x32: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine32\22.9.1.12\coIEPlg.dll [2017-03-16] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-04-27] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-09-05] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-27] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.9.1.12\coIEPlg.dll [2017-03-16] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine32\22.9.1.12\coIEPlg.dll [2017-03-16] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-570208440-388758986-1359718189-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.9.1.12\coIEPlg.dll [2017-03-16] (Symantec Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-05] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-05] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-05] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-05] (Microsoft Corporation)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.7.1.32\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.7.1.32\coFFAddon [2017-04-06]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.7.1.32\coFFAddon
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw.dll [2012-04-26] (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2016-11-14] (DivX, LLC)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-09-05] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-09-05] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=18.1.7.343 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2017-03-22] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=18.1.7.343 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2017-03-22] (RealPlayer)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2014-11-05] (RocketLife, LLP)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-570208440-388758986-1359718189-1001: @tools.google.com/Google Update;version=3 -> C:\Users\hope\AppData\Local\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-570208440-388758986-1359718189-1001: @tools.google.com/Google Update;version=9 -> C:\Users\hope\AppData\Local\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-15] (Google Inc.)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.9.1.12\Exts\Chrome.crx [2017-03-24]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.9.1.12\Exts\Chrome.crx [2017-03-24]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-03-17] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3035848 2016-09-15] (Microsoft Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [33640 2017-04-07] (HP Inc.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-14] (Realsil Microelectronics Inc.) [File not signed]
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 NS; C:\Program Files (x86)\Norton Security\Engine\22.9.1.12\NS.exe [326160 2017-03-16] (Symantec Corporation)
R2 RealPlayerUpdateSvc; C:\program files (x86)\real\realplayer\UpdateService\RealPlayerUpdateSvc.exe [35104 2017-03-14] ()
R2 RealTimes Desktop Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [987408 2017-03-22] (RealNetworks, Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [253960 2016-04-28] (Synaptics Incorporated)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [308088 2015-12-07] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2017-03-28] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2017-03-28] (Microsoft Corporation)
S3 WD Backup Drive Helper; C:\WINDOWS\SysWoW64\dllhost.exe /Processid:{4AB831D3-8315-414C-8A7A-303105288D0B}
S3 WD Backup Snapshot; C:\WINDOWS\SysWoW64\dllhost.exe /Processid:{302480DF-3AC5-4400-BE7B-DD77AF93B6DD}

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.7.1.32\Definitions\BASHDefs\20170424.001\BHDrvx64.sys [1831064 2017-04-06] (Symantec Corporation)
R1 ccSet_NS; C:\WINDOWS\system32\drivers\NSx64\1609010.00C\ccSetx64.sys [174240 2017-02-20] (Symantec Corporation)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497312 2017-01-26] (Symantec Corporation)
U3 EraserUtilDrvI29; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI29.sys [156824 2017-04-13] (Symantec Corporation)
S3 FTDIBUS; C:\WINDOWS\system32\drivers\ftdibus.sys [118160 2016-10-04] (Future Technology Devices International Ltd.)
S3 FTSER2K; C:\WINDOWS\system32\drivers\ftser2k.sys [88752 2016-10-04] ()
R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.7.1.32\Definitions\IPSDefs\20170426.001\IDSvia64.sys [1036440 2017-04-26] (Symantec Corporation)
R0 KL1; C:\WINDOWS\System32\DRIVERS\kl1.sys [478392 2015-11-03] (Kaspersky Lab ZAO)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [30328 2015-11-03] (Kaspersky Lab)
S3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [172920 2015-11-03] (AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\system32\DRIVERS\klhk.sys [227512 2015-11-03] (AO Kaspersky Lab)
S1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [917880 2015-11-03] (AO Kaspersky Lab)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 netr28x; C:\WINDOWS\system32\DRIVERS\netr28x.sys [2554528 2015-06-12] (MediaTek Inc.)
S3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [52904 2016-04-28] (Synaptics Incorporated)
R3 SRTSP; C:\WINDOWS\System32\Drivers\NSx64\1609010.00C\SRTSP64.SYS [770200 2017-03-16] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\NSx64\1609010.00C\SRTSPX64.SYS [49312 2017-03-16] (Symantec Corporation)
S3 SWDUMon; C:\WINDOWS\system32\DRIVERS\SWDUMon.sys [25608 2016-09-02] (SlimWare Utilities, Inc.)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NSx64\1609010.00C\SYMEFASI64.SYS [1716896 2017-02-20] (Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\NSx64\1609010.00C\SymELAM.sys [24616 2017-02-20] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [102608 2017-02-26] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\NSx64\1609010.00C\Ironx64.SYS [291480 2017-02-20] (Symantec Corporation)
R1 SymNetS; C:\WINDOWS\System32\Drivers\NSx64\1609010.00C\SYMNETS.SYS [567512 2017-02-20] (Symantec Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-27 11:41 - 2017-04-27 11:42 - 00000000 ____D C:\Users\hope\Desktop\Spyware help
2017-04-27 11:31 - 2017-04-27 11:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2017-04-27 11:31 - 2017-04-27 11:31 - 00000000 ____D C:\Program Files\Speccy
2017-04-27 11:19 - 2017-04-27 11:19 - 00034784 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2017-04-27 11:04 - 2017-04-27 11:04 - 00018024 _____ C:\VEW.txt
2017-04-26 20:02 - 2017-04-27 11:00 - 00057681 _____ C:\junk.txt
2017-04-26 18:04 - 2017-04-26 18:04 - 00000046 _____ C:\Users\hope\Desktop\window keys.txt
2017-04-26 14:48 - 2017-04-26 14:48 - 00000000 ____D C:\WINDOWS\Panther
2017-04-26 13:29 - 2017-04-26 13:29 - 00003798 _____ C:\WINDOWS\System32\Tasks\Java Platform SE Auto Updater
2017-04-26 12:15 - 2017-04-27 12:18 - 00000000 ____D C:\FRST
2017-04-26 11:57 - 2017-04-26 11:57 - 00388608 _____ (Trend Micro Inc.) C:\Users\hope\Downloads\HijackThis.exe
2017-04-26 11:24 - 2017-04-26 11:24 - 00000000 ____D C:\Users\hope\AppData\Local\AdAwareUpdater
2017-04-26 11:23 - 2017-04-26 11:23 - 02558896 _____ C:\Users\hope\Downloads\Adaware_Installer.exe
2017-04-26 11:18 - 2017-04-26 11:18 - 03449296 _____ (AVG Technologies CZ, s.r.o.) C:\Users\hope\Downloads\Antivirus_Free_1892.exe
2017-04-26 11:18 - 2017-04-26 11:18 - 00000000 ____D C:\ProgramData\adaware
2017-04-21 22:06 - 2017-04-26 09:49 - 00000338 _____ C:\WINDOWS\Tasks\HPCeeScheduleForhope.job
2017-04-16 20:28 - 2017-04-01 19:52 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-04-16 20:28 - 2017-04-01 19:52 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-04-13 21:59 - 2017-03-28 08:10 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-04-13 21:59 - 2017-03-28 08:10 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-04-13 21:59 - 2017-03-28 07:21 - 00167848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2017-04-13 21:59 - 2017-03-28 07:19 - 00601712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-04-13 21:59 - 2017-03-28 07:15 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-04-13 21:59 - 2017-03-28 07:07 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-04-13 21:59 - 2017-03-28 07:05 - 08168512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-04-13 21:59 - 2017-03-28 07:05 - 01504056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-04-13 21:59 - 2017-03-28 07:04 - 05721808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-04-13 21:59 - 2017-03-28 07:04 - 02262776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-04-13 21:59 - 2017-03-28 07:04 - 01431232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-04-13 21:59 - 2017-03-28 07:04 - 00975744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-04-13 21:59 - 2017-03-28 07:04 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-04-13 21:59 - 2017-03-28 07:04 - 00277344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-04-13 21:59 - 2017-03-28 07:04 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll
2017-04-13 21:59 - 2017-03-28 07:04 - 00116568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-04-13 21:59 - 2017-03-28 07:02 - 01980768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2017-04-13 21:59 - 2017-03-28 07:02 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2017-04-13 21:59 - 2017-03-28 07:02 - 00576408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-04-13 21:59 - 2017-03-28 06:59 - 06667520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-04-13 21:59 - 2017-03-28 06:59 - 04023008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-04-13 21:59 - 2017-03-28 06:58 - 20967840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-04-13 21:59 - 2017-03-28 06:58 - 01851688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-04-13 21:59 - 2017-03-28 06:58 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-04-13 21:59 - 2017-03-28 06:58 - 01344448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2017-04-13 21:59 - 2017-03-28 06:58 - 01277856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-04-13 21:59 - 2017-03-28 06:58 - 01202936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-04-13 21:59 - 2017-03-28 06:58 - 00981888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-04-13 21:59 - 2017-03-28 06:58 - 00961192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-04-13 21:59 - 2017-03-28 06:53 - 01414728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-04-13 21:59 - 2017-03-28 06:53 - 00545944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-04-13 21:59 - 2017-03-28 06:52 - 00306800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll
2017-04-13 21:59 - 2017-03-28 06:48 - 05685760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-04-13 21:59 - 2017-03-28 06:42 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-04-13 21:59 - 2017-03-28 06:42 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2017-04-13 21:59 - 2017-03-28 06:41 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-04-13 21:59 - 2017-03-28 06:40 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2017-04-13 21:59 - 2017-03-28 06:40 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthManagerProxy.dll
2017-04-13 21:59 - 2017-03-28 06:40 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-04-13 21:59 - 2017-03-28 06:39 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Radios.dll
2017-04-13 21:59 - 2017-03-28 06:39 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-04-13 21:59 - 2017-03-28 06:38 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll
2017-04-13 21:59 - 2017-03-28 06:38 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
2017-04-13 21:59 - 2017-03-28 06:37 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unimdm.tsp
2017-04-13 21:59 - 2017-03-28 06:37 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apds.dll
2017-04-13 21:59 - 2017-03-28 06:37 - 00177664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2017-04-13 21:59 - 2017-03-28 06:37 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2017-04-13 21:59 - 2017-03-28 06:37 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.HostName.dll
2017-04-13 21:59 - 2017-03-28 06:37 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.SystemManagement.dll
2017-04-13 21:59 - 2017-03-28 06:37 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-04-13 21:59 - 2017-03-28 06:36 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ipsecsnp.dll
2017-04-13 21:59 - 2017-03-28 06:36 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2017-04-13 21:59 - 2017-03-28 06:36 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinRtTracing.dll
2017-04-13 21:59 - 2017-03-28 06:36 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.SerialCommunication.dll
2017-04-13 21:59 - 2017-03-28 06:36 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-04-13 21:59 - 2017-03-28 06:36 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2017-04-13 21:59 - 2017-03-28 06:36 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.ServiceDiscovery.Dnssd.dll
2017-04-13 21:59 - 2017-03-28 06:36 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.UserDeviceAssociation.dll
2017-04-13 21:59 - 2017-03-28 06:36 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicDisplay.sys
2017-04-13 21:59 - 2017-03-28 06:35 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-04-13 21:59 - 2017-03-28 06:35 - 00392192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.Input.dll
2017-04-13 21:59 - 2017-03-28 06:35 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.LowLevel.dll
2017-04-13 21:59 - 2017-03-28 06:35 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.XboxLive.Storage.dll
2017-04-13 21:59 - 2017-03-28 06:35 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-04-13 21:59 - 2017-03-28 06:35 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2017-04-13 21:59 - 2017-03-28 06:35 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-04-13 21:59 - 2017-03-28 06:35 - 00142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFi.dll
2017-04-13 21:59 - 2017-03-28 06:35 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2017-04-13 21:59 - 2017-03-28 06:35 - 00113152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Lights.dll
2017-04-13 21:59 - 2017-03-28 06:35 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll
2017-04-13 21:59 - 2017-03-28 06:34 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2017-04-13 21:59 - 2017-03-28 06:34 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-04-13 21:59 - 2017-03-28 06:34 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBroker.dll
2017-04-13 21:59 - 2017-03-28 06:34 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Core.dll
2017-04-13 21:59 - 2017-03-28 06:33 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll
2017-04-13 21:59 - 2017-03-28 06:33 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Import.dll
2017-04-13 21:59 - 2017-03-28 06:33 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-04-13 21:59 - 2017-03-28 06:33 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.AllJoyn.dll
2017-04-13 21:59 - 2017-03-28 06:33 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.XboxLive.Storage.dll
2017-04-13 21:59 - 2017-03-28 06:33 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ipsmsnap.dll
2017-04-13 21:59 - 2017-03-28 06:33 - 00265728 _____ C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll
2017-04-13 21:59 - 2017-03-28 06:33 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinRtTracing.dll
2017-04-13 21:59 - 2017-03-28 06:33 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Core.dll
2017-04-13 21:59 - 2017-03-28 06:32 - 01243136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.FaceAnalysis.dll
2017-04-13 21:59 - 2017-03-28 06:32 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.SmartCards.dll
2017-04-13 21:59 - 2017-03-28 06:32 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Wallet.dll
2017-04-13 21:59 - 2017-03-28 06:32 - 00386048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFiDirect.dll
2017-04-13 21:59 - 2017-03-28 06:32 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2017-04-13 21:59 - 2017-03-28 06:32 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2017-04-13 21:59 - 2017-03-28 06:32 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-04-13 21:59 - 2017-03-28 06:32 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2017-04-13 21:59 - 2017-03-28 06:32 - 00271360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2017-04-13 21:59 - 2017-03-28 06:32 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-04-13 21:59 - 2017-03-28 06:32 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WwaApi.dll
2017-04-13 21:59 - 2017-03-28 06:32 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vaultcli.dll
2017-04-13 21:59 - 2017-03-28 06:32 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2017-04-13 21:59 - 2017-03-28 06:32 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2017-04-13 21:59 - 2017-03-28 06:32 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2017-04-13 21:59 - 2017-03-28 06:32 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2017-04-13 21:59 - 2017-03-28 06:31 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-04-13 21:59 - 2017-03-28 06:31 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mbsmsapi.dll
2017-04-13 21:59 - 2017-03-28 06:31 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2017-04-13 21:59 - 2017-03-28 06:31 - 00390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2017-04-13 21:59 - 2017-03-28 06:30 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebcamUi.dll
2017-04-13 21:59 - 2017-03-28 06:30 - 00819200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll
2017-04-13 21:59 - 2017-03-28 06:30 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NaturalLanguage6.dll
2017-04-13 21:59 - 2017-03-28 06:30 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sbe.dll
2017-04-13 21:59 - 2017-03-28 06:30 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Picker.dll
2017-04-13 21:59 - 2017-03-28 06:30 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-04-13 21:59 - 2017-03-28 06:29 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Ocr.dll
2017-04-13 21:59 - 2017-03-28 06:29 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2017-04-13 21:59 - 2017-03-28 06:29 - 00314368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2017-04-13 21:59 - 2017-03-28 06:29 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-04-13 21:59 - 2017-03-28 06:29 - 00238080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2017-04-13 21:59 - 2017-03-28 06:28 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-04-13 21:59 - 2017-03-28 06:28 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2017-04-13 21:59 - 2017-03-28 06:28 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Wallet.dll
2017-04-13 21:59 - 2017-03-28 06:28 - 00551936 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-04-13 21:59 - 2017-03-28 06:28 - 00500224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll
2017-04-13 21:59 - 2017-03-28 06:28 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-04-13 21:59 - 2017-03-28 06:27 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2017-04-13 21:59 - 2017-03-28 06:27 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CryptoWinRT.dll
2017-04-13 21:59 - 2017-03-28 06:27 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WwaApi.dll
2017-04-13 21:59 - 2017-03-28 06:26 - 01534464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.3D.dll
2017-04-13 21:59 - 2017-03-28 06:26 - 00642048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll
2017-04-13 21:59 - 2017-03-28 06:26 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dll
2017-04-13 21:59 - 2017-03-28 06:26 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-04-13 21:59 - 2017-03-28 06:25 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2017-04-13 21:59 - 2017-03-28 06:25 - 01196544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2017-04-13 21:59 - 2017-03-28 06:25 - 00963584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebcamUi.dll
2017-04-13 21:59 - 2017-03-28 06:25 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2017-04-13 21:59 - 2017-03-28 06:24 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-04-13 21:59 - 2017-03-28 06:24 - 04614656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-04-13 21:59 - 2017-03-28 06:24 - 00901120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2017-04-13 21:59 - 2017-03-28 06:24 - 00675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2017-04-13 21:59 - 2017-03-28 06:23 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-04-13 21:59 - 2017-03-28 06:23 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-04-13 21:59 - 2017-03-28 06:23 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2017-04-13 21:59 - 2017-03-28 06:23 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2017-04-13 21:59 - 2017-03-28 06:22 - 00516096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2017-04-13 21:59 - 2017-03-28 06:22 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTMediaFrame.dll
2017-04-13 21:59 - 2017-03-28 06:22 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enrollmentapi.dll
2017-04-13 21:59 - 2017-03-28 06:21 - 01077760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll
2017-04-13 21:59 - 2017-03-28 06:20 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-04-13 21:59 - 2017-03-28 06:20 - 00795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MiracastReceiver.dll
2017-04-13 21:59 - 2017-03-28 06:20 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-04-13 21:59 - 2017-03-28 06:19 - 00746496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcprx.dll
2017-04-13 21:59 - 2017-03-28 06:19 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-04-13 21:59 - 2017-03-28 06:19 - 00343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2017-04-13 21:59 - 2017-03-28 06:19 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2017-04-13 21:59 - 2017-03-28 06:19 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dialclient.dll
2017-04-13 21:59 - 2017-03-28 06:18 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-04-13 21:59 - 2017-03-28 06:17 - 06109696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-04-13 21:59 - 2017-03-28 06:17 - 00895488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2017-04-13 21:59 - 2017-03-28 06:17 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToReceiver.dll
2017-04-13 21:59 - 2017-03-28 06:17 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-04-13 21:59 - 2017-03-28 06:16 - 03198464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2017-04-13 21:59 - 2017-03-28 06:16 - 01221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2017-04-13 21:59 - 2017-03-28 06:16 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll
2017-04-13 21:59 - 2017-03-28 06:15 - 01247232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2017-04-13 21:59 - 2017-03-28 06:14 - 07468544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-04-13 21:59 - 2017-03-28 06:14 - 03520512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2017-04-13 21:59 - 2017-03-28 06:14 - 01080320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Ocr.dll
2017-04-13 21:59 - 2017-03-28 06:14 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-04-13 21:59 - 2017-03-28 06:14 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-04-13 21:59 - 2017-03-28 06:14 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Geolocation.dll
2017-04-13 21:59 - 2017-03-28 06:14 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
2017-04-13 21:59 - 2017-03-28 06:13 - 04596224 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2017-04-13 21:59 - 2017-03-28 06:13 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-04-13 21:59 - 2017-03-28 06:13 - 01656320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Perception.dll
2017-04-13 21:59 - 2017-03-28 06:13 - 01232384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll
2017-04-13 21:59 - 2017-03-28 06:13 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2017-04-13 21:59 - 2017-03-28 06:13 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-04-13 21:59 - 2017-03-28 06:13 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-04-13 21:59 - 2017-03-28 06:12 - 02682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2017-04-13 21:59 - 2017-03-28 06:12 - 01013248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2017-04-13 21:59 - 2017-03-28 06:12 - 01004544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2017-04-13 21:59 - 2017-03-28 06:12 - 00862208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-04-13 21:59 - 2017-03-28 06:12 - 00827904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-04-13 21:59 - 2017-03-28 06:12 - 00691200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-04-13 21:59 - 2017-03-28 06:12 - 00654336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2017-04-13 21:59 - 2017-03-28 06:12 - 00620544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-04-13 21:59 - 2017-03-28 06:12 - 00598528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2017-04-13 21:59 - 2017-03-28 06:12 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2017-04-13 21:59 - 2017-03-28 06:12 - 00542208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2017-04-13 21:59 - 2017-03-28 06:12 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll
2017-04-13 21:59 - 2017-03-28 06:11 - 02994176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-04-13 21:59 - 2017-03-28 06:11 - 02646528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-04-13 21:59 - 2017-03-28 06:11 - 01600000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-04-13 21:59 - 2017-03-28 06:11 - 01576448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2017-04-13 21:59 - 2017-03-28 06:11 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Phone.dll
2017-04-13 21:59 - 2017-03-28 06:11 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2017-04-13 21:59 - 2017-03-28 06:10 - 02483200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-04-13 21:59 - 2017-03-28 06:10 - 02424320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Perception.dll
2017-04-13 21:59 - 2017-03-28 06:10 - 01424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2017-04-13 21:59 - 2017-03-28 06:10 - 01266176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2017-04-13 21:59 - 2017-03-28 06:10 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-04-13 21:59 - 2017-03-28 06:09 - 03106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2017-04-13 21:59 - 2017-03-28 06:09 - 01369088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll
2017-04-13 21:59 - 2017-03-28 06:08 - 01564160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-04-13 21:59 - 2017-03-28 06:08 - 00783360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2017-04-13 21:59 - 2017-03-28 06:08 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RADCUI.dll
2017-04-13 21:59 - 2017-03-28 05:48 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-04-13 21:59 - 2017-03-16 05:38 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CompPkgSup.dll
2017-04-13 21:58 - 2017-03-28 07:32 - 00198856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2017-04-13 21:58 - 2017-03-28 07:29 - 02213248 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-04-13 21:58 - 2017-03-28 07:28 - 07786336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-04-13 21:58 - 2017-03-28 07:28 - 00773720 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-04-13 21:58 - 2017-03-28 07:26 - 00603488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2017-04-13 21:58 - 2017-03-28 07:26 - 00218520 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2017-04-13 21:58 - 2017-03-28 07:22 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-04-13 21:58 - 2017-03-28 07:20 - 01181024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-04-13 21:58 - 2017-03-28 07:18 - 01705976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-04-13 21:58 - 2017-03-28 07:12 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-04-13 21:58 - 2017-03-28 07:11 - 02187616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-04-13 21:58 - 2017-03-28 07:11 - 01860288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-04-13 21:58 - 2017-03-28 07:11 - 01738560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-04-13 21:58 - 2017-03-28 07:11 - 00402784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-04-13 21:58 - 2017-03-28 07:11 - 00360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2017-04-13 21:58 - 2017-03-28 07:10 - 07220184 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-04-13 21:58 - 2017-03-28 07:10 - 02758648 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-04-13 21:58 - 2017-03-28 07:10 - 01293152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-04-13 21:58 - 2017-03-28 07:10 - 01157008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-04-13 21:58 - 2017-03-28 07:09 - 00097128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Credentials.UI.CredentialPicker.dll
2017-04-13 21:58 - 2017-03-28 07:06 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-04-13 21:58 - 2017-03-28 07:05 - 22221368 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-04-13 21:58 - 2017-03-28 07:05 - 04260576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-04-13 21:58 - 2017-03-28 07:05 - 01988048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-04-13 21:58 - 2017-03-28 07:05 - 01848584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2017-04-13 21:58 - 2017-03-28 07:05 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-04-13 21:58 - 2017-03-28 07:05 - 01302136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-04-13 21:58 - 2017-03-28 07:05 - 01072248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-04-13 21:58 - 2017-03-28 07:04 - 01276760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-04-13 21:58 - 2017-03-28 07:04 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-04-13 21:58 - 2017-03-28 07:04 - 00160088 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2017-04-13 21:58 - 2017-03-28 06:59 - 02533728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-04-13 21:58 - 2017-03-28 06:58 - 00387872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-04-13 21:58 - 2017-03-28 06:41 - 00372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-04-13 21:58 - 2017-03-28 06:38 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-04-13 21:58 - 2017-03-28 06:37 - 22568960 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-04-13 21:58 - 2017-03-28 06:37 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-04-13 21:58 - 2017-03-28 06:36 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdpRelayTransport.dll
2017-04-13 21:58 - 2017-03-28 06:35 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-04-13 21:58 - 2017-03-28 06:35 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-04-13 21:58 - 2017-03-28 06:34 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\unimdm.tsp
2017-04-13 21:58 - 2017-03-28 06:34 - 00113664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.ServiceDiscovery.Dnssd.dll
2017-04-13 21:58 - 2017-03-28 06:33 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-04-13 21:58 - 2017-03-28 06:32 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-04-13 21:58 - 2017-03-28 06:32 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-04-13 21:58 - 2017-03-28 06:31 - 00418304 _____ C:\WINDOWS\system32\Windows.Perception.Stub.dll
2017-04-13 21:58 - 2017-03-28 06:31 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-04-13 21:58 - 2017-03-28 06:31 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-04-13 21:58 - 2017-03-28 06:31 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SmartCards.Phone.dll
2017-04-13 21:58 - 2017-03-28 06:31 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2017-04-13 21:58 - 2017-03-28 06:31 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-04-13 21:58 - 2017-03-28 06:31 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SerialCommunication.dll
2017-04-13 21:58 - 2017-03-28 06:31 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Lights.dll
2017-04-13 21:58 - 2017-03-28 06:30 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-04-13 21:58 - 2017-03-28 06:30 - 00692224 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
2017-04-13 21:58 - 2017-03-28 06:30 - 00568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.LowLevel.dll
2017-04-13 21:58 - 2017-03-28 06:30 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFiDirect.dll
2017-04-13 21:58 - 2017-03-28 06:30 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-04-13 21:58 - 2017-03-28 06:30 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafpos.dll
2017-04-13 21:58 - 2017-03-28 06:29 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SmartCards.dll
2017-04-13 21:58 - 2017-03-28 06:29 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2017-04-13 21:58 - 2017-03-28 06:29 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-04-13 21:58 - 2017-03-28 06:29 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-04-13 21:58 - 2017-03-28 06:29 - 00293888 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-04-13 21:58 - 2017-03-28 06:29 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll
2017-04-13 21:58 - 2017-03-28 06:29 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-04-13 21:58 - 2017-03-28 06:29 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2017-04-13 21:58 - 2017-03-28 06:28 - 00456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2017-04-13 21:58 - 2017-03-28 06:28 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-04-13 21:58 - 2017-03-28 06:28 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Picker.dll
2017-04-13 21:58 - 2017-03-28 06:28 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2017-04-13 21:58 - 2017-03-28 06:27 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.PointOfService.dll
2017-04-13 21:58 - 2017-03-28 06:27 - 00671744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mbsmsapi.dll
2017-04-13 21:58 - 2017-03-28 06:27 - 00472064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2017-04-13 21:58 - 2017-03-28 06:27 - 00441856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
2017-04-13 21:58 - 2017-03-28 06:26 - 01145344 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2017-04-13 21:58 - 2017-03-28 06:26 - 00549376 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-04-13 21:58 - 2017-03-28 06:26 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2017-04-13 21:58 - 2017-03-28 06:26 - 00284160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-04-13 21:58 - 2017-03-28 06:25 - 18364928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-04-13 21:58 - 2017-03-28 06:24 - 19416576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-04-13 21:58 - 2017-03-28 06:24 - 06288384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-04-13 21:58 - 2017-03-28 06:24 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2017-04-13 21:58 - 2017-03-28 06:23 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-04-13 21:58 - 2017-03-28 06:23 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-04-13 21:58 - 2017-03-28 06:22 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2017-04-13 21:58 - 2017-03-28 06:21 - 23681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-04-13 21:58 - 2017-03-28 06:21 - 03778048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-04-13 21:58 - 2017-03-28 06:21 - 01589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2017-04-13 21:58 - 2017-03-28 06:21 - 01403392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Editing.dll
2017-04-13 21:58 - 2017-03-28 06:21 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTMediaFrame.dll
2017-04-13 21:58 - 2017-03-28 06:20 - 01105408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MiracastReceiver.dll
2017-04-13 21:58 - 2017-03-28 06:19 - 07655424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-04-13 21:58 - 2017-03-28 06:19 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-04-13 21:58 - 2017-03-28 06:19 - 00442368 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2017-04-13 21:58 - 2017-03-28 06:18 - 12181504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-04-13 21:58 - 2017-03-28 06:18 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-04-13 21:58 - 2017-03-28 06:18 - 01078784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2017-04-13 21:58 - 2017-03-28 06:18 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2017-04-13 21:58 - 2017-03-28 06:17 - 13087232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-04-13 21:58 - 2017-03-28 06:16 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2017-04-13 21:58 - 2017-03-28 06:15 - 02390016 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-04-13 21:58 - 2017-03-28 06:15 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2017-04-13 21:58 - 2017-03-28 06:15 - 00937984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-04-13 21:58 - 2017-03-28 06:15 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2017-04-13 21:58 - 2017-03-28 06:15 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Geolocation.dll
2017-04-13 21:58 - 2017-03-28 06:15 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2017-04-13 21:58 - 2017-03-28 06:14 - 08126976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-04-13 21:58 - 2017-03-28 06:14 - 00975872 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-04-13 21:58 - 2017-03-28 06:14 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-04-13 21:58 - 2017-03-28 06:14 - 00913920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2017-04-13 21:58 - 2017-03-28 06:14 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2017-04-13 21:58 - 2017-03-28 06:14 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-04-13 21:58 - 2017-03-28 06:13 - 06045184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-04-13 21:58 - 2017-03-28 06:13 - 02095616 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-04-13 21:58 - 2017-03-28 06:13 - 00759296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-04-13 21:58 - 2017-03-28 06:13 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-04-13 21:58 - 2017-03-28 06:13 - 00611328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.dll
2017-04-13 21:58 - 2017-03-28 06:12 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-04-13 21:58 - 2017-03-28 06:12 - 02026496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-04-13 21:58 - 2017-03-28 06:12 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2017-04-13 21:58 - 2017-03-28 06:11 - 01981440 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-04-13 21:58 - 2017-03-28 06:11 - 01275392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2017-04-13 21:58 - 2017-03-28 06:11 - 00765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2017-04-13 21:58 - 2017-03-28 06:10 - 08076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-04-13 21:58 - 2017-03-28 06:10 - 01783296 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-04-13 21:58 - 2017-03-28 06:10 - 01637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-04-13 21:58 - 2017-03-28 06:10 - 00875520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-04-13 21:58 - 2017-03-28 06:10 - 00774656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2017-04-13 21:58 - 2017-03-28 06:09 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-04-13 21:58 - 2017-03-28 06:09 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-04-13 21:58 - 2017-03-28 06:09 - 01328640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2017-04-13 21:58 - 2017-03-28 06:09 - 01131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-04-13 21:58 - 2017-03-28 06:08 - 02895872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-04-13 21:58 - 2017-03-28 06:07 - 00908800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2017-04-13 21:58 - 2017-03-28 06:07 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2017-04-13 21:58 - 2017-03-28 06:07 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2017-04-13 21:58 - 2017-03-28 06:06 - 00999424 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-04-13 21:58 - 2017-03-28 06:06 - 00924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2017-04-13 21:58 - 2017-03-28 06:05 - 01633792 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-04-13 21:57 - 2017-03-28 07:36 - 01617760 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-04-13 21:57 - 2017-03-28 07:36 - 01294688 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-04-13 21:57 - 2017-03-28 07:36 - 00565088 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-04-13 21:57 - 2017-03-28 07:36 - 00343904 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-04-13 21:57 - 2017-03-28 07:36 - 00142176 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-04-13 21:57 - 2017-03-28 07:35 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-04-13 21:57 - 2017-03-28 07:20 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-04-13 21:57 - 2017-03-28 07:10 - 00178528 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll
2017-04-13 21:57 - 2017-03-28 07:10 - 00146776 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-04-13 21:57 - 2017-03-28 07:09 - 02446704 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2017-04-13 21:57 - 2017-03-28 07:09 - 00682816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-04-13 21:57 - 2017-03-28 07:09 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-04-13 21:57 - 2017-03-28 07:08 - 01267504 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2017-04-13 21:57 - 2017-03-28 07:08 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-04-13 21:57 - 2017-03-28 07:08 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-04-13 21:57 - 2017-03-28 07:04 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-04-13 21:57 - 2017-03-28 07:00 - 01569184 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-04-13 21:57 - 2017-03-28 07:00 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-04-13 21:57 - 2017-03-28 06:58 - 00372440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2017-04-13 21:57 - 2017-03-28 06:44 - 07216640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-04-13 21:57 - 2017-03-28 06:38 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-04-13 21:57 - 2017-03-28 06:38 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-04-13 21:57 - 2017-03-28 06:37 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManagerProxy.dll
2017-04-13 21:57 - 2017-03-28 06:37 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DdcWnsListener.dll
2017-04-13 21:57 - 2017-03-28 06:36 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-04-13 21:57 - 2017-03-28 06:36 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-04-13 21:57 - 2017-03-28 06:36 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-04-13 21:57 - 2017-03-28 06:35 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2017-04-13 21:57 - 2017-03-28 06:35 - 00156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.Client.dll
2017-04-13 21:57 - 2017-03-28 06:35 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.SystemManagement.dll
2017-04-13 21:57 - 2017-03-28 06:35 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Printers.dll
2017-04-13 21:57 - 2017-03-28 06:34 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.SyncEngine.dll
2017-04-13 21:57 - 2017-03-28 06:34 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2017-04-13 21:57 - 2017-03-28 06:34 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_ClosedCaptioning.dll
2017-04-13 21:57 - 2017-03-28 06:34 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
2017-04-13 21:57 - 2017-03-28 06:33 - 00196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.dll
2017-04-13 21:57 - 2017-03-28 06:33 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFi.dll
2017-04-13 21:57 - 2017-03-28 06:33 - 00182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceDirectoryClient.dll
2017-04-13 21:57 - 2017-03-28 06:33 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2017-04-13 21:57 - 2017-03-28 06:33 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll
2017-04-13 21:57 - 2017-03-28 06:33 - 00082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.UserDeviceAssociation.dll
2017-04-13 21:57 - 2017-03-28 06:32 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-04-13 21:57 - 2017-03-28 06:32 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Radios.dll
2017-04-13 21:57 - 2017-03-28 06:31 - 00547840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Input.dll
2017-04-13 21:57 - 2017-03-28 06:31 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-04-13 21:57 - 2017-03-28 06:31 - 00276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-04-13 21:57 - 2017-03-28 06:31 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2017-04-13 21:57 - 2017-03-28 06:31 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-04-13 21:57 - 2017-03-28 06:31 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-04-13 21:57 - 2017-03-28 06:30 - 00651264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.AllJoyn.dll
2017-04-13 21:57 - 2017-03-28 06:30 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2017-04-13 21:57 - 2017-03-28 06:30 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-04-13 21:57 - 2017-03-28 06:29 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Import.dll
2017-04-13 21:57 - 2017-03-28 06:29 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2017-04-13 21:57 - 2017-03-28 06:29 - 00379904 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2017-04-13 21:57 - 2017-03-28 06:29 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-04-13 21:57 - 2017-03-28 06:29 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
2017-04-13 21:57 - 2017-03-28 06:29 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2017-04-13 21:57 - 2017-03-28 06:29 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-04-13 21:57 - 2017-03-28 06:29 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
2017-04-13 21:57 - 2017-03-28 06:29 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-04-13 21:57 - 2017-03-28 06:28 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-04-13 21:57 - 2017-03-28 06:28 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-04-13 21:57 - 2017-03-28 06:28 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-04-13 21:57 - 2017-03-28 06:28 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2017-04-13 21:57 - 2017-03-28 06:27 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2017-04-13 21:57 - 2017-03-28 06:27 - 00645120 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2017-04-13 21:57 - 2017-03-28 06:27 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-04-13 21:57 - 2017-03-28 06:27 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-04-13 21:57 - 2017-03-28 06:26 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2017-04-13 21:57 - 2017-03-28 06:25 - 01010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-04-13 21:57 - 2017-03-28 06:25 - 00966144 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbe.dll
2017-04-13 21:57 - 2017-03-28 06:25 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2017-04-13 21:57 - 2017-03-28 06:25 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-04-13 21:57 - 2017-03-28 06:25 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-04-13 21:57 - 2017-03-28 06:24 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-04-13 21:57 - 2017-03-28 06:23 - 09130496 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-04-13 21:57 - 2017-03-28 06:23 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManMigrationPlugin.dll
2017-04-13 21:57 - 2017-03-28 06:21 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CastLaunch.dll
2017-04-13 21:57 - 2017-03-28 06:20 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-04-13 21:57 - 2017-03-28 06:19 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2017-04-13 21:57 - 2017-03-28 06:19 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2017-04-13 21:57 - 2017-03-28 06:17 - 05114368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2017-04-13 21:57 - 2017-03-28 06:17 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-04-13 21:57 - 2017-03-28 06:17 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll
2017-04-13 21:57 - 2017-03-28 06:16 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
2017-04-13 21:57 - 2017-03-28 06:16 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-04-13 21:57 - 2017-03-28 06:15 - 00945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-04-13 21:57 - 2017-03-28 06:15 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2017-04-13 21:57 - 2017-03-28 06:14 - 01692160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-04-13 21:57 - 2017-03-28 06:14 - 01643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2017-04-13 21:57 - 2017-03-28 06:14 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-04-13 21:57 - 2017-03-28 06:13 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-04-13 21:57 - 2017-03-28 06:13 - 01359872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-04-13 21:57 - 2017-03-28 06:13 - 01040896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NaturalLanguage6.dll
2017-04-13 21:57 - 2017-03-28 06:13 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Midi.dll
2017-04-13 21:57 - 2017-03-28 06:12 - 02208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.3D.dll
2017-04-13 21:57 - 2017-03-28 06:12 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-04-13 21:57 - 2017-03-28 06:12 - 00376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
2017-04-13 21:57 - 2017-03-28 06:11 - 02914816 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-04-13 21:57 - 2017-03-28 06:10 - 02316288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-04-13 21:57 - 2017-03-28 06:10 - 01586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2017-04-13 21:57 - 2017-03-28 06:10 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-04-13 21:57 - 2017-03-28 06:09 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-04-13 21:57 - 2017-03-28 06:09 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2017-04-13 21:57 - 2017-03-28 06:08 - 03612672 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-04-13 21:57 - 2017-03-28 06:08 - 03542016 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2017-04-13 21:57 - 2017-03-28 06:08 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2017-04-13 21:57 - 2017-03-28 06:06 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-04-13 21:57 - 2017-03-18 17:50 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-04-13 21:57 - 2017-03-18 17:35 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-04-13 21:57 - 2017-03-16 05:47 - 00038768 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompPkgSup.dll
2017-04-06 11:03 - 2017-04-06 12:18 - 00000000 ____D C:\Users\hope\Desktop\TMA06 Useful
2017-03-29 12:20 - 2017-03-29 12:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2017-03-29 12:17 - 2017-03-29 12:17 - 00001822 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-03-29 12:17 - 2017-03-29 12:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-03-29 12:16 - 2017-03-29 12:17 - 00000000 ____D C:\Program Files\iTunes
2017-03-29 12:16 - 2017-03-29 12:16 - 00000000 ____D C:\Program Files\iPod

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-27 11:42 - 2013-08-08 21:27 - 00000000 ____D C:\Users\hope\AppData\Local\CrashDumps
2017-04-27 11:11 - 2013-06-24 20:14 - 00000000 ____D C:\Users\hope\AppData\Local\VirtualStore
2017-04-27 11:04 - 2016-11-02 12:30 - 00000000 ____D C:\ProgramData\Oracle
2017-04-27 11:04 - 2016-11-02 12:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-04-27 11:04 - 2016-11-02 12:30 - 00000000 ____D C:\Program Files (x86)\Java
2017-04-27 11:03 - 2016-11-02 12:30 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-04-27 11:00 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-04-27 11:00 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-04-27 10:57 - 2016-09-25 12:56 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-04-27 07:13 - 2014-11-17 17:45 - 00000000 ___RD C:\Users\hope\iCloudDrive
2017-04-27 07:12 - 2016-04-29 16:03 - 00000000 __SHD C:\Users\hope\IntelGraphicsProfiles
2017-04-27 05:19 - 2017-02-26 18:44 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Security
2017-04-27 00:53 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\rescache
2017-04-27 00:00 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2017-04-26 23:38 - 2016-09-25 13:24 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-04-26 20:03 - 2016-07-16 07:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-04-26 20:01 - 2016-09-25 13:03 - 01361258 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-04-26 17:59 - 2016-09-25 13:57 - 00004140 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{DFDA9706-9189-4B15-8EFC-3A4F26AD6E23}
2017-04-26 17:55 - 2016-09-14 10:46 - 00002369 _____ C:\Users\Public\Desktop\Norton Security.lnk
2017-04-26 15:01 - 2016-09-02 11:09 - 00000000 ____D C:\Program Files (x86)\AVG
2017-04-26 15:01 - 2016-09-02 11:08 - 00000000 ____D C:\Users\hope\AppData\Local\AvgSetupLog
2017-04-26 15:01 - 2016-09-02 11:08 - 00000000 ____D C:\ProgramData\Avg
2017-04-26 14:55 - 2017-01-27 10:57 - 00003266 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-04-26 14:54 - 2015-01-21 17:13 - 00000000 ____D C:\Users\hope\AppData\Roaming\HpUpdate
2017-04-26 14:53 - 2016-04-29 16:23 - 00002394 _____ C:\Users\hope\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-04-26 14:53 - 2014-05-21 18:02 - 00000000 __RDO C:\Users\hope\SkyDrive
2017-04-26 14:51 - 2016-07-16 07:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-04-26 14:47 - 2016-04-29 16:21 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-04-26 13:29 - 2017-01-16 17:12 - 00000000 ____D C:\WINDOWS\Minidump
2017-04-26 13:29 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-04-26 13:29 - 2013-06-25 21:20 - 00000000 ____D C:\Users\hope\AppData\Roaming\hpqlog
2017-04-26 13:29 - 2013-06-24 22:02 - 00000000 ____D C:\Users\hope\Documents\Youcam
2017-04-26 13:29 - 2012-09-11 18:29 - 00000000 ____D C:\ProgramData\Temp
2017-04-26 12:35 - 2016-04-29 16:22 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-04-26 12:35 - 2016-03-26 21:01 - 00000620 _____ C:\WINDOWS\wininit.ini
2017-04-26 11:28 - 2016-09-02 11:14 - 00000000 ____D C:\Users\hope\AppData\Roaming\AVG
2017-04-23 11:23 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-04-23 11:23 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-04-22 21:12 - 2013-06-24 20:14 - 00000000 ____D C:\Users\hope\AppData\Local\Packages
2017-04-21 21:57 - 2016-10-04 13:58 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-04-21 21:56 - 2016-10-04 13:57 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-04-16 20:55 - 2015-10-11 17:25 - 00433768 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService64.dll
2017-04-16 20:55 - 2015-10-11 17:25 - 00353384 _____ (Lavasoft Limited) C:\WINDOWS\SysWOW64\LavasoftTcpService.dll
2017-04-16 20:44 - 2016-02-13 18:32 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-04-16 20:25 - 2016-09-25 12:55 - 00357608 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-04-16 20:25 - 2016-05-02 11:58 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-04-16 20:25 - 2016-05-02 11:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-04-16 20:22 - 2016-07-16 12:47 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-04-16 20:22 - 2016-07-16 12:47 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-04-16 20:22 - 2016-07-16 12:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-04-16 20:22 - 2016-07-16 12:47 - 00000000 ___RD C:\Program Files\Windows Defender
2017-04-16 20:22 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2017-04-16 20:22 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2017-04-16 20:22 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\setup
2017-04-16 20:22 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\en-GB
2017-04-16 20:22 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-04-16 20:22 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-04-16 20:22 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-04-16 20:22 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-04-16 20:22 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-04-16 20:22 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-04-15 23:17 - 2013-08-18 22:08 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-04-15 23:13 - 2016-05-02 11:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-04-15 23:13 - 2013-07-02 22:06 - 148601744 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-04-15 23:09 - 2017-03-10 14:43 - 00003670 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-570208440-388758986-1359718189-1001UA
2017-04-15 23:09 - 2017-03-10 14:43 - 00003402 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-570208440-388758986-1359718189-1001Core
2017-03-29 14:03 - 2016-11-04 13:08 - 00000000 ____D C:\Users\hope\AppData\Local\DDB3242D-A786-4195-9B35-31C71003A3D3.aplzod
2017-03-29 12:21 - 2016-09-25 13:02 - 01312088 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2017-03-28 07:20 - 2016-09-25 12:58 - 02717184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll

==================== Files in the root of some directories =======

2016-04-28 15:47 - 2016-04-30 11:47 - 0000103 _____ () C:\Users\hope\AppData\Roaming\WB.CFG
2015-01-21 17:11 - 2015-01-21 17:11 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-12-29 00:24 - 2012-12-29 00:24 - 0000595 _____ () C:\ProgramData\CyberlinkOutput.txt

Some files in TEMP:
====================
2017-04-27 11:02 - 2017-04-27 11:02 - 0739904 _____ (Oracle Corporation) C:\Users\hope\AppData\Local\Temp\jre-8u131-windows-au.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-04-25 11:48

==================== End of FRST.txt ============================


  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,725 posts
  • MVP

Download the attached fixlist.txt to the same location as FRST


 

Run FRST and press Fix
A fix log will be generated please post that
 

After letting FRST Fix things, see if you can now uninstall

ZoneAlarm Antivirus (x32 Version: 14.1.011.000 - Check Point Software Technologies Ltd.)

I don't see it active so it's no big deal if it doesn't want to uninstall.

 

 

Download the Kaspersky Removal Tool:

 

https://support.kasp...?el=1464#block1

 

The download is hidden under

How to use the tool 

Click on the plus sign to the right and it will show the download and explain how to unzip it and run it

 

Reboot if the tool doesn't do it for you

 

 

Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.

 

How is it running now?

As your drive may be failing I would save any data you don't want to lose.

For what it is worth, changing out a drive is not difficult.  The only tool required is a small Phillips screwdriver.  On a laptop you also need a USB to SATA adapter.  Amazon carries them in the US for ~ $12. 


StarTech USB 3.0 to 2.5" SATA III Hard Drive Adapter Cable w/ UASP - SATA to USB 3.0 Converter for SSD/HDD - Hard Drive Adapter Cable
 

 

then you need a new drive at least as big as what you have now:

 

Hitachi HTS541075A9E680
                    Manufacturer    Hitachi
                    Product Family    Travelstar
                    Series Prefix    Standard
                    Model Capacity For This Specific Drive    750GB
                    ...
                    SATA type    SATA-II 3.0Gb/s

 

 

 

Avoid Seagate drives.  They do not last.  I prefer Western Digital Blacks.  They have a longer warranty and they are normally error free.  They do cost a bit more

This one would work:

WD Black 750GB Performance Mobile Hard Disk Drive - 7200 RPM SATA 6 Gb/s 16MB Cache 9.5 MM 2.5 Inch - WD7500BPKX

It's on Amazon US for ~$57

The blue version

WD Blue 750GB Mobile Hard Disk Drive - 5400 RPM SATA 6 Gb/s 9.5 MM 2.5 Inch - WD7500BPVX
is $49

 

Once you have the parts then you need a cloning program:

http://www.backup-ut...e-software.html

Download and install it.

 

Plug the adapter into a USB drive.  Then once Windows detects it go into Disk Management and set the drive up as GPT (not MBR)

(I like to also check it's S.M.A.R.T. attributes with Speccy to make sure it's error free.  It's rare to get a bad drive but it does happen.)

Run AOMEI and make sure you are clear on which is the source and which is the destination and in a few hours it will finish. 

Go back into Disk Management and verify that both drives now look the same as far as partitions go.  Shut it down and swap the drive out. 

 

It should boot up with the new drive.  IF for some reason it doesn't you can reswap the drives and try again.


  • 0

#8
o0hope0o

o0hope0o

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

Hi

 

Ive managed to unistall Zone alarm.  What do you need me to do with the Kaspersky remover?

 

Cheers


  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,725 posts
  • MVP

I need you to run it per the instructions on the Kaspersky page.  (There is a line: 

How to use the tool

 

with a + on the right.  Click on the + and it will open up with instructions.  Follow the instruction to remove the last vestiges of Kaspersky.  These are shown in your FRST log under Drivers:

 
R0 KL1; C:\WINDOWS\System32\DRIVERS\kl1.sys [478392 2015-11-03] (Kaspersky Lab ZAO)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [30328 2015-11-03] (Kaspersky Lab)
S3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [172920 2015-11-03] (AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\system32\DRIVERS\klhk.sys [227512 2015-11-03] (AO Kaspersky Lab)
S1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [917880 2015-11-03] (AO Kaspersky Lab)

 

 

 

 

 

I could have tried to remove them with the fixlist but some anti-virus products resist being removed so think it's smarter to let Kaspersky remove their own stuff.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP