Jump to content

TROJAN DOS ALLUREON E


Recommended Posts

Yeah title says it all. As soon as I updated my PC to windows 10 I was infected by ALLUREON E. I followed the pre post directions and ran both Malware bytes and Farbar Recovery Scan Tool. Please see below for logs and much thanks in advance.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-05-2016
Ran by Aaron (administrator) on AARON-PC (11-05-2016 23:37:29)
Running from C:\Users\Aaron\Downloads
Loaded Profiles: Aaron &  (Available Profiles: Aaron)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Koninklijke Philips Electronics N.V.) C:\Users\Aaron\AppData\Roaming\DirectLife\ALconnect\ALconnect.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_1.10.22012.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Nico Mak Computing) C:\Program Files\WinZip\FAHWindow64.exe
(Nico Mak Computing) C:\Program Files\WinZip\WZUpdateNotifier.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
() C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Aaron\Downloads\FRST64 (1).exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2122536 2010-05-07] (Synaptics Incorporated)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3203440 2010-04-06] (Dell Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1807680 2010-02-09] ()
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-10-15] ()
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [DellSupportCenter] => c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-854172316-4246786990-4095734625-1001\...\Run: [ALconnect] => C:\Users\Aaron\AppData\Roaming\DirectLife\ALconnect\ALconnect.exe [713816 2012-12-20] (Koninklijke Philips Electronics N.V.)
HKU\S-1-5-21-854172316-4246786990-4095734625-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
HKU\S-1-5-21-854172316-4246786990-4095734625-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.)
HKU\S-1-5-21-854172316-4246786990-4095734625-1001\...\Run: [Facebook Update] => C:\Users\Aaron\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-09-30] (Facebook Inc.)
HKU\S-1-5-21-854172316-4246786990-4095734625-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\ssText3d.scr [232960 2015-10-30] (Microsoft Corporation)
HKU\S-1-5-21-854172316-4246786990-4095734625-1001\...409d6c4515e9\InprocServer32: [Default-shell32] C:\Users\Aaron\AppData\Local\Temp\sirhqnx\smdnpiw\wow64.dll ATTENTION
HKU\S-1-5-21-854172316-4246786990-4095734625-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ALconnect] => C:\Users\Aaron\AppData\Roaming\DirectLife\ALconnect\ALconnect.exe [713816 2012-12-20] (Koninklijke Philips Electronics N.V.)
HKU\S-1-5-21-854172316-4246786990-4095734625-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
HKU\S-1-5-21-854172316-4246786990-4095734625-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.)
HKU\S-1-5-21-854172316-4246786990-4095734625-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Facebook Update] => C:\Users\Aaron\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-09-30] (Facebook Inc.)
HKU\S-1-5-21-854172316-4246786990-4095734625-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\ssText3d.scr [232960 2015-10-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
Startup: C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2011-11-02]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2016-02-15]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAHConsole.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update Notifier.lnk [2016-02-15]
ShortcutTarget: Update Notifier.lnk -> C:\Program Files\WinZip\WZUpdateNotifier.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2016-02-15]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-12-01]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-12-01]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{9ae2511b-ae25-41c1-a4d7-f55abc64df15}: [DhcpNameServer] 209.18.47.61 209.18.47.62

Internet Explorer:
==================
HKU\S-1-5-21-854172316-4246786990-4095734625-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.pathway.org/
HKU\S-1-5-21-854172316-4246786990-4095734625-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = g.msn.com/USCON/1
HKU\S-1-5-21-854172316-4246786990-4095734625-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.pathway.org/
HKU\S-1-5-21-854172316-4246786990-4095734625-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = g.msn.com/USCON/1
SearchScopes: HKLM -> DefaultScope {43A9209C-5C91-4930-9037-E8BF882E60F6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM -> {43A9209C-5C91-4930-9037-E8BF882E60F6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {646B961D-4924-4579-B085-01F0766E0F0E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {646B961D-4924-4579-B085-01F0766E0F0E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-854172316-4246786990-4095734625-1001 -> DefaultScope {43A9209C-5C91-4930-9037-E8BF882E60F6} URL = 
SearchScopes: HKU\S-1-5-21-854172316-4246786990-4095734625-1001 -> {43A9209C-5C91-4930-9037-E8BF882E60F6} URL = 
SearchScopes: HKU\S-1-5-21-854172316-4246786990-4095734625-1001 -> {646B961D-4924-4579-B085-01F0766E0F0E} URL = 
SearchScopes: HKU\S-1-5-21-854172316-4246786990-4095734625-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {43A9209C-5C91-4930-9037-E8BF882E60F6} URL = 
SearchScopes: HKU\S-1-5-21-854172316-4246786990-4095734625-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {43A9209C-5C91-4930-9037-E8BF882E60F6} URL = 
SearchScopes: HKU\S-1-5-21-854172316-4246786990-4095734625-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {646B961D-4924-4579-B085-01F0766E0F0E} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-04-29] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2016-04-29] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-04-29] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-12-01] (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-11-14] (Oracle Corporation)
BHO-x32: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08] (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2016-04-29] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-11-14] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-854172316-4246786990-4095734625-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-854172316-4246786990-4095734625-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll [2009-07-23] (Cozi Group, Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-29] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-29] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-29] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-29] (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08] (Skype Technologies S.A.)

FireFox:
========
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2010-12-01] (Sun Microsystems, Inc.)
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-11-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-11-14] (Oracle Corporation)
FF Plugin-x32: @logitech.com/HarmonyRemote,version=1.0.0 -> C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll [2010-01-04] (Logitech Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-04-29] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin HKU\.DEFAULT: extendedreach.com/eRPluginDetector -> C:\Program Files (x86)\extendedReach\extendedReach Plugin\npeRPluginDetector.dll [2015-07-19] (Cadence Solutions)
FF Plugin HKU\S-1-5-21-854172316-4246786990-4095734625-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Aaron\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-854172316-4246786990-4095734625-1001: extendedreach.com/eRPluginDetector -> C:\Program Files (x86)\extendedReach\extendedReach Plugin\npeRPluginDetector.dll [2015-07-19] (Cadence Solutions)
FF Plugin HKU\S-1-5-21-854172316-4246786990-4095734625-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Aaron\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-854172316-4246786990-4095734625-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: extendedreach.com/eRPluginDetector -> C:\Program Files (x86)\extendedReach\extendedReach Plugin\npeRPluginDetector.dll [2015-07-19] (Cadence Solutions)
FF Plugin ProgramFiles/Appdata: C:\Users\Aaron\AppData\Roaming\mozilla\plugins\npatgpc.dll [2013-11-14] (Cisco WebEx LLC)

Chrome: 
=======
CHR Profile: C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-20]
CHR Extension: (Google Drive) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (YouTube) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-08]
CHR Extension: (Google Search) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-03]
CHR Extension: (Google Docs Offline) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-23]
CHR Extension: (Manipulate DOM) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgcfcklmbpcokohiinoemfggmpmmolfh [2014-04-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-13]
CHR Extension: (Gmail) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-06]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2911464 2016-04-29] (Microsoft Corporation)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 ose; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [202288 2016-04-28] (Microsoft Corporation) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-05-11] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
S3 IntcAzAudAddService; \SystemRoot\system32\drivers\RTKVHD64.sys [X]
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-11 23:37 - 2016-05-11 23:37 - 00024214 _____ C:\Users\Aaron\Downloads\FRST.txt
2016-05-11 23:37 - 2016-05-11 23:37 - 00000000 ____D C:\FRST
2016-05-11 23:36 - 2016-05-11 23:37 - 02381312 _____ (Farbar) C:\Users\Aaron\Downloads\FRST64 (1).exe
2016-05-11 23:36 - 2016-05-11 23:36 - 02381312 _____ (Farbar) C:\Users\Aaron\Downloads\FRST64.exe
2016-05-11 22:03 - 2016-05-11 22:03 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-05-11 22:02 - 2016-05-11 22:02 - 00137714 _____ C:\WINDOWS\ntbtlog.txt
2016-05-11 21:30 - 2016-05-11 21:30 - 00000000 ____D C:\Users\Aaron\AppData\LocalLow\Oracle
2016-05-11 07:52 - 2016-05-11 07:52 - 00003750 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-11 07:51 - 2016-05-11 07:51 - 00000000 ____D C:\Users\Aaron\AppData\Local\MicrosoftEdge
2016-05-11 07:34 - 2016-04-22 02:57 - 00453288 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-05-11 07:30 - 2016-05-11 07:30 - 00000000 ____D C:\Users\Aaron\AppData\Local\NetworkTiles
2016-05-09 21:16 - 2016-05-09 21:17 - 00987728 _____ (Google Inc.) C:\Users\Aaron\Downloads\ChromeSetup.exe
2016-05-09 21:08 - 2016-05-09 21:08 - 00000000 ____D C:\Users\Aaron\AppData\Local\Comms
2016-05-09 20:37 - 2016-05-09 20:37 - 00000000 ____D C:\Users\Aaron\AppData\Local\ActiveSync
2016-05-09 20:35 - 2016-05-09 20:35 - 00000000 ____D C:\Users\Aaron\AppData\Local\Publishers
2016-05-09 20:34 - 2016-05-09 21:10 - 00000000 ____D C:\Users\Aaron\AppData\Local\Packages
2016-05-09 20:34 - 2016-05-09 20:34 - 00000020 ___SH C:\Users\Aaron\ntuser.ini
2016-05-09 20:34 - 2016-05-09 20:34 - 00000000 ____D C:\Users\Aaron\AppData\Local\TileDataLayer
2016-05-09 16:53 - 2016-05-09 20:34 - 00000000 ___DC C:\WINDOWS\Panther
2016-05-09 16:50 - 2016-05-09 16:50 - 00000000 ____D C:\Windows.old
2016-05-09 16:47 - 2016-05-09 16:47 - 24602112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 22378496 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 19340800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 18673664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 16985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 12586496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 08705672 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 07836160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 07533568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 07474016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-05-09 16:47 - 2016-05-09 16:47 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 06972416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 06952088 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 06740992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 06607080 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 05321728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 04827136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 04774912 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 04412928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-05-09 16:47 - 2016-05-09 16:47 - 03575296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 03449168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 03351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 03078144 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 02912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 02798080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 02773096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 02722816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 02604032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 02581504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 02544264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 02403680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-05-09 16:47 - 2016-05-09 16:47 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 02186864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 02152280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-05-09 16:47 - 2016-05-09 16:47 - 02061312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 01997152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-05-09 16:47 - 2016-05-09 16:47 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 01902592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 01847808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2016-05-09 16:47 - 2016-05-09 16:47 - 01832448 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 01818696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 01714688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 01613664 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 01588224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 01575936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 01497088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2016-05-09 16:47 - 2016-05-09 16:47 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 01444352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 01410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 01395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-05-09 16:47 - 2016-05-09 16:47 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 01322248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-05-09 16:47 - 2016-05-09 16:47 - 01297752 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 01239552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 01224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 01211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 01152864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2016-05-09 16:47 - 2016-05-09 16:47 - 01152328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-05-09 16:47 - 2016-05-09 16:47 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSave.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 01117184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 01098240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 01089888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-05-09 16:47 - 2016-05-09 16:47 - 01072128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 01052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-05-09 16:47 - 2016-05-09 16:47 - 01017032 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00997376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00990720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-05-09 16:47 - 2016-05-09 16:47 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00986976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00980352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00958976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-05-09 16:47 - 2016-05-09 16:47 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00915456 _____ (Microsoft Corporation) C:\WINDOWS\system32\configurationclient.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00895080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00882720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-05-09 16:47 - 2016-05-09 16:47 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00848168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00819648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-05-09 16:47 - 2016-05-09 16:47 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2016-05-09 16:47 - 2016-05-09 16:47 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00791744 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00779384 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00777728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00770640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00769536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2016-05-09 16:47 - 2016-05-09 16:47 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00713824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00713728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-05-09 16:47 - 2016-05-09 16:47 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00696664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00694784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2016-05-09 16:47 - 2016-05-09 16:47 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00686976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\scapi.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00682496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00676352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00652392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00649728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00640472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-05-09 16:47 - 2016-05-09 16:47 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00625000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00605440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-05-09 16:47 - 2016-05-09 16:47 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00591872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-05-09 16:47 - 2016-05-09 16:47 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00572272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00563552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2016-05-09 16:47 - 2016-05-09 16:47 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00541304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-05-09 16:47 - 2016-05-09 16:47 - 00540160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00538736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00535080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00534368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-05-09 16:47 - 2016-05-09 16:47 - 00530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2016-05-09 16:47 - 2016-05-09 16:47 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00523752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2016-05-09 16:47 - 2016-05-09 16:47 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00493568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00476728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00450912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00430944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-05-09 16:47 - 2016-05-09 16:47 - 00420928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-05-09 16:47 - 2016-05-09 16:47 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2016-05-09 16:47 - 2016-05-09 16:47 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\sharemediacpl.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2016-05-09 16:47 - 2016-05-09 16:47 - 00394752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00394080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-05-09 16:47 - 2016-05-09 16:47 - 00389992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00378208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2016-05-09 16:47 - 2016-05-09 16:47 - 00376536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00374008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-05-09 16:47 - 2016-05-09 16:47 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2016-05-09 16:47 - 2016-05-09 16:47 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-05-09 16:47 - 2016-05-09 16:47 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AccountsRt.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00346624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00333824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2016-05-09 16:47 - 2016-05-09 16:47 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00307712 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00300104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-05-09 16:47 - 2016-05-09 16:47 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00287712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-05-09 16:47 - 2016-05-09 16:47 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-05-09 16:47 - 2016-05-09 16:47 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2016-05-09 16:47 - 2016-05-09 16:47 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2016-05-09 16:47 - 2016-05-09 16:47 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-05-09 16:47 - 2016-05-09 16:47 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqmapi.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00253088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-05-09 16:47 - 2016-05-09 16:47 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\cemapi.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-05-09 16:47 - 2016-05-09 16:47 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2016-05-09 16:47 - 2016-05-09 16:47 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00220064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqmapi.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuickActionsDataModel.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00216416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cemapi.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-05-09 16:47 - 2016-05-09 16:47 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00187744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-05-09 16:47 - 2016-05-09 16:47 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwbase.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerServer.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwbase.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-05-09 16:47 - 2016-05-09 16:47 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-05-09 16:47 - 2016-05-09 16:47 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-05-09 16:47 - 2016-05-09 16:47 - 00147808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2016-05-09 16:47 - 2016-05-09 16:47 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00146272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2016-05-09 16:47 - 2016-05-09 16:47 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00141664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2016-05-09 16:47 - 2016-05-09 16:47 - 00141560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2016-05-09 16:47 - 2016-05-09 16:47 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxSip.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00127840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2016-05-09 16:47 - 2016-05-09 16:47 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2016-05-09 16:47 - 2016-05-09 16:47 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2016-05-09 16:47 - 2016-05-09 16:47 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00110584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2016-05-09 16:47 - 2016-05-09 16:47 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00100232 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-05-09 16:47 - 2016-05-09 16:47 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-05-09 16:47 - 2016-05-09 16:47 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys
2016-05-09 16:47 - 2016-05-09 16:47 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00081144 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\provpackageapidll.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-05-09 16:47 - 2016-05-09 16:47 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00074424 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2016-05-09 16:47 - 2016-05-09 16:47 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00073872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\POSyncServices.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00069744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataPlatformHelperUtil.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenanceClient.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00058400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataPlatformHelperUtil.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\POSyncServices.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PimIndexMaintenanceClient.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTypeHelperUtil.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataLanguageUtil.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerClient.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTypeHelperUtil.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataLanguageUtil.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-05-09 16:47 - 2016-05-09 16:47 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TimeBrokerClient.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsdchngr.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-05-09 16:47 - 2016-05-09 16:47 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2016-05-09 16:47 - 2016-05-09 16:47 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsdchngr.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2016-05-09 16:47 - 2016-05-09 16:47 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-05-09 16:47 - 2016-05-09 16:47 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfapigp.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\irmon.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExtrasXmlParser.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2016-05-09 16:47 - 2016-05-09 16:47 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfapigp.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExtrasXmlParser.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacchooks.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacchooks.dll
2016-05-09 16:41 - 2016-05-09 16:41 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-05-09 16:37 - 2016-05-09 16:37 - 00000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2016-05-09 16:37 - 2016-05-09 16:37 - 00000000 ____D C:\WINDOWS\system32\msmq
2016-05-09 16:37 - 2016-05-09 16:37 - 00000000 ____D C:\WINDOWS\system32\BestPractices
2016-05-09 16:37 - 2016-05-09 16:37 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-05-09 16:37 - 2016-05-09 16:37 - 00000000 ____D C:\Program Files\MSBuild
2016-05-09 16:37 - 2016-05-09 16:37 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-05-09 16:37 - 2016-05-09 16:37 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-05-09 16:37 - 2016-05-09 16:37 - 00000000 ____D C:\inetpub
2016-05-09 16:36 - 2016-05-09 16:36 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-05-09 16:36 - 2016-05-09 16:36 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-05-09 16:36 - 2015-10-23 20:47 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2016-05-09 16:36 - 2015-10-23 20:47 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-05-09 16:36 - 2015-10-23 20:47 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2016-05-09 16:36 - 2015-10-23 20:46 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2016-05-09 16:36 - 2015-10-23 20:46 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2016-05-09 16:36 - 2015-10-23 20:45 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2016-05-09 14:23 - 2016-05-09 14:23 - 00000000 _SHDL C:\Users\Default\My Documents
2016-05-09 14:23 - 2016-05-09 14:23 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2016-05-09 14:23 - 2016-05-09 14:23 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2016-05-09 14:23 - 2016-05-09 14:23 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2016-05-09 14:23 - 2016-05-09 14:23 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2016-05-09 14:23 - 2016-05-09 14:23 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2016-05-09 14:23 - 2016-05-09 14:23 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2016-05-09 14:21 - 2016-05-09 14:21 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2016-05-09 14:11 - 2016-05-11 23:11 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2016-05-09 14:11 - 2016-05-11 23:11 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2016-05-09 14:11 - 2016-05-09 14:11 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-05-09 14:11 - 2016-05-09 14:11 - 00000000 ____D C:\Users\Default\AppData\Roaming\Media Center Programs
2016-05-09 14:11 - 2016-05-09 14:11 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Media Center Programs
2016-05-09 14:04 - 2016-05-09 14:04 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2016-05-09 14:01 - 2016-05-09 20:34 - 00000000 ____D C:\Users\Aaron
2016-05-09 14:01 - 2016-05-09 14:01 - 00000000 _SHDL C:\Users\Aaron\My Documents
2016-05-09 14:01 - 2016-05-09 14:01 - 00000000 _SHDL C:\Users\Aaron\Documents\My Videos
2016-05-09 14:01 - 2016-05-09 14:01 - 00000000 _SHDL C:\Users\Aaron\Documents\My Pictures
2016-05-09 14:01 - 2016-05-09 14:01 - 00000000 _SHDL C:\Users\Aaron\Documents\My Music
2016-05-09 14:00 - 2016-05-11 23:15 - 01010622 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-05-09 14:00 - 2016-05-09 14:00 - 00965390 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2016-05-09 13:58 - 2016-05-11 22:28 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-05-09 13:58 - 2016-05-09 13:58 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
2016-05-09 13:58 - 2016-05-09 13:58 - 00000000 ____D C:\Program Files\Realtek
2016-05-09 13:57 - 2016-05-09 13:57 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2016-05-09 13:57 - 2016-05-09 13:57 - 00000000 ____D C:\Program Files\Synaptics
2016-05-09 12:51 - 2016-05-09 14:23 - 00010449 _____ C:\WINDOWS\diagerr.xml
2016-05-09 12:51 - 2016-05-09 14:23 - 00009528 _____ C:\WINDOWS\diagwrn.xml
2016-05-02 06:56 - 2016-05-02 06:56 - 01061888 _____ C:\Users\Aaron\Downloads\ExtendedReachSetup (2).msi
2016-05-02 00:24 - 2016-05-09 14:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2016-05-02 00:24 - 2016-05-02 00:24 - 00002418 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-05-02 00:24 - 2016-05-02 00:24 - 00002417 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2016-05-02 00:24 - 2016-05-02 00:24 - 00002380 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2016-05-02 00:24 - 2016-05-02 00:24 - 00002360 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-05-02 00:23 - 2016-05-02 00:24 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-05-01 22:19 - 2016-05-01 22:19 - 03300032 _____ (Microsoft Corporation) C:\Users\Aaron\Downloads\Setup.X86.en-US_HomeStudentRetail_f7ea3f62-0629-4b8e-902f-cff9ea73630b_TX_PR_ (2).exe
2016-05-01 22:07 - 2016-05-01 22:07 - 03300032 _____ (Microsoft Corporation) C:\Users\Aaron\Downloads\Setup.X86.en-US_HomeStudentRetail_f7ea3f62-0629-4b8e-902f-cff9ea73630b_TX_PR_ (1).exe
2016-05-01 21:17 - 2016-05-01 21:17 - 03300032 _____ (Microsoft Corporation) C:\Users\Aaron\Downloads\Setup.X86.en-US_HomeStudentRetail_f7ea3f62-0629-4b8e-902f-cff9ea73630b_TX_PR_.exe
2016-05-01 21:05 - 2016-05-09 21:24 - 00000000 ____D C:\Users\Aaron\Documents\ExtendedReach
2016-05-01 21:05 - 2016-05-01 21:05 - 01061888 _____ C:\Users\Aaron\Downloads\ExtendedReachSetup (1).msi
2016-05-01 21:04 - 2016-05-01 21:04 - 00000000 ____D C:\Program Files (x86)\extendedReach
2016-05-01 21:02 - 2016-05-01 21:02 - 01061888 _____ C:\Users\Aaron\Downloads\ExtendedReachSetup.msi
2016-04-24 18:04 - 2016-04-24 18:04 - 00635120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp140.dll
2016-04-24 18:04 - 2016-04-24 18:04 - 00390408 _____ (Microsoft Corporation) C:\WINDOWS\system32\vccorlib140.dll
2016-04-24 18:04 - 2016-04-24 18:04 - 00333080 _____ (Microsoft Corporation) C:\WINDOWS\system32\concrt140.dll
2016-04-24 18:04 - 2016-04-24 18:04 - 00088816 _____ (Microsoft Corporation) C:\WINDOWS\system32\vcruntime140.dll
2016-04-24 16:01 - 2016-04-24 16:01 - 00439536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp140.dll
2016-04-24 16:01 - 2016-04-24 16:01 - 00267016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vccorlib140.dll
2016-04-24 16:01 - 2016-04-24 16:01 - 00243480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\concrt140.dll
2016-04-24 16:01 - 2016-04-24 16:01 - 00085232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vcruntime140.dll
2016-04-13 09:25 - 2016-03-30 19:11 - 00968704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.exe
2016-04-13 09:25 - 2016-03-30 18:42 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmlmedia.dll
2016-04-13 09:25 - 2016-03-30 18:22 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmlmedia.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-11 23:41 - 2014-05-09 14:45 - 00000898 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cf6bbf336eb5c8.job
2016-05-11 23:39 - 2012-06-08 15:13 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-05-11 23:31 - 2015-08-07 13:56 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-05-11 23:15 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF
2016-05-11 23:13 - 2014-09-30 23:08 - 00000928 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-854172316-4246786990-4095734625-1001UA.job
2016-05-11 23:13 - 2014-09-30 23:08 - 00000906 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-854172316-4246786990-4095734625-1001Core.job
2016-05-11 23:13 - 2013-02-17 22:42 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-11 23:12 - 2010-12-01 20:08 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2016-05-11 22:52 - 2016-02-13 08:14 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-05-11 22:52 - 2015-10-30 01:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-05-11 07:54 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-11 07:52 - 2015-07-16 15:36 - 00004012 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1d0c00713558a05
2016-05-11 07:52 - 2015-07-16 15:36 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d0c00713558a05.job
2016-05-11 07:14 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\appcompat
2016-05-09 21:33 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-05-09 21:33 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-05-09 21:23 - 2013-02-17 22:47 - 00002346 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-09 21:23 - 2013-02-17 22:47 - 00002334 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-09 20:49 - 2015-08-07 13:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-05-09 20:49 - 2015-08-07 13:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-05-09 20:49 - 2013-09-17 12:31 - 00001173 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-05-09 20:34 - 2016-02-13 08:20 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-05-09 16:53 - 2015-10-30 02:24 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-05-09 16:49 - 2016-02-13 08:03 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-09 16:49 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-05-09 16:49 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-05-09 16:49 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-05-09 16:49 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-05-09 16:49 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-05-09 16:49 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-05-09 16:49 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-05-09 16:49 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-05-09 16:49 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-05-09 16:49 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-05-09 16:49 - 2015-10-30 01:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-05-09 16:49 - 2015-10-30 01:28 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-05-09 16:37 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2016-05-09 16:37 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2016-05-09 16:37 - 2015-10-30 02:19 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqsnap.dll
2016-05-09 16:37 - 2015-10-30 02:19 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqutil.dll
2016-05-09 16:37 - 2015-10-30 02:19 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.dll
2016-05-09 16:37 - 2015-10-30 02:19 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2016-05-09 16:37 - 2015-10-30 02:19 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqrt.dll
2016-05-09 16:37 - 2015-10-30 02:19 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.tlb
2016-05-09 16:37 - 2015-10-30 02:19 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa30.tlb
2016-05-09 16:37 - 2015-10-30 02:19 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa20.tlb
2016-05-09 16:37 - 2015-10-30 02:19 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2016-05-09 16:37 - 2015-10-30 02:19 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa10.tlb
2016-05-09 16:37 - 2015-10-30 02:19 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2016-05-09 16:37 - 2015-10-30 02:19 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2016-05-09 16:37 - 2015-10-30 02:19 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqcertui.dll
2016-05-09 16:37 - 2015-10-30 02:19 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2016-05-09 16:37 - 2015-10-30 02:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2016-05-09 16:37 - 2015-10-30 02:19 - 00009096 _____ C:\WINDOWS\SysWOW64\msmqtrc.mof
2016-05-09 16:37 - 2015-10-30 02:18 - 01417728 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll
2016-05-09 16:37 - 2015-10-30 02:18 - 00813056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsnap.dll
2016-05-09 16:37 - 2015-10-30 02:18 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqutil.dll
2016-05-09 16:37 - 2015-10-30 02:18 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.dll
2016-05-09 16:37 - 2015-10-30 02:18 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqrt.dll
2016-05-09 16:37 - 2015-10-30 02:18 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2016-05-09 16:37 - 2015-10-30 02:18 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys
2016-05-09 16:37 - 2015-10-30 02:18 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqlogmgr.dll
2016-05-09 16:37 - 2015-10-30 02:18 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.tlb
2016-05-09 16:37 - 2015-10-30 02:18 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa30.tlb
2016-05-09 16:37 - 2015-10-30 02:18 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2016-05-09 16:37 - 2015-10-30 02:18 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa20.tlb
2016-05-09 16:37 - 2015-10-30 02:18 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2016-05-09 16:37 - 2015-10-30 02:18 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqbkup.exe
2016-05-09 16:37 - 2015-10-30 02:18 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa10.tlb
2016-05-09 16:37 - 2015-10-30 02:18 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
2016-05-09 16:37 - 2015-10-30 02:18 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2016-05-09 16:37 - 2015-10-30 02:18 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcertui.dll
2016-05-09 16:37 - 2015-10-30 02:18 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2016-05-09 16:37 - 2015-10-30 02:18 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2016-05-09 16:37 - 2015-10-30 02:18 - 00009096 _____ C:\WINDOWS\system32\msmqtrc.mof
2016-05-09 14:26 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\rescache
2016-05-09 14:23 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-05-09 14:23 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\Registration
2016-05-09 14:22 - 2015-10-30 02:24 - 00000000 __RSD C:\WINDOWS\Media
2016-05-09 14:22 - 2014-09-30 23:08 - 00004014 _____ C:\WINDOWS\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-854172316-4246786990-4095734625-1001UA
2016-05-09 14:22 - 2014-09-30 23:08 - 00003646 _____ C:\WINDOWS\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-854172316-4246786990-4095734625-1001Core
2016-05-09 14:22 - 2014-05-09 14:45 - 00004004 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1cf6bbf336eb5c8
2016-05-09 14:22 - 2013-10-08 13:05 - 00003530 _____ C:\WINDOWS\System32\Tasks\Apple Diagnostics
2016-05-09 14:22 - 2013-06-23 16:10 - 00003250 _____ C:\WINDOWS\System32\Tasks\{48160DFE-BD59-4957-873B-8DF9C22F874E}
2016-05-09 14:22 - 2012-06-08 15:13 - 00003878 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-05-09 14:22 - 2010-12-01 19:45 - 00003382 _____ C:\WINDOWS\System32\Tasks\SidebarExecute
2016-05-09 14:21 - 2015-10-30 02:24 - 00000000 __RHD C:\Users\Public\Libraries
2016-05-09 14:14 - 2016-02-13 08:11 - 00356632 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-05-09 14:12 - 2016-02-15 15:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2016-05-09 14:12 - 2016-01-29 16:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-05-09 14:12 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2016-05-09 14:12 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2016-05-09 14:12 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2016-05-09 14:12 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\et-EE
2016-05-09 14:12 - 2015-10-30 02:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-05-09 14:12 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files\Common Files\Services
2016-05-09 14:12 - 2015-10-30 01:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-05-09 14:12 - 2013-11-14 15:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-05-09 14:12 - 2013-08-24 09:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mayer-Johnson
2016-05-09 14:12 - 2013-04-20 15:53 - 00000000 ____D C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ActiveLink Connect
2016-05-09 14:12 - 2013-03-15 09:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-05-09 14:12 - 2013-02-08 12:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2016-05-09 14:12 - 2011-11-03 00:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ UNDELETE 7
2016-05-09 14:12 - 2011-11-02 16:22 - 00000000 ____D C:\WINDOWS\SysWOW64\oem
2016-05-09 14:12 - 2010-12-01 20:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Webcam
2016-05-09 14:12 - 2010-12-01 20:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio
2016-05-09 14:12 - 2010-12-01 20:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell DataSafe
2016-05-09 14:12 - 2010-12-01 19:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
2016-05-09 14:12 - 2010-12-01 19:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2016-05-09 14:12 - 2010-12-01 19:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2016-05-09 14:12 - 2010-12-01 19:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Absolute Software
2016-05-09 14:12 - 2010-12-01 19:39 - 00000000 ____D C:\WINDOWS\SysWOW64\Atheros_L1e
2016-05-09 14:12 - 2009-07-14 00:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-05-09 14:11 - 2009-07-13 22:20 - 00000000 ____D C:\Users\Default.migrated
2016-05-09 14:07 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2016-05-09 14:07 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2016-05-09 14:07 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-05-09 14:07 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-05-09 14:07 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\IME
2016-05-09 14:07 - 2014-01-28 14:45 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-05-09 14:07 - 2013-03-21 09:26 - 00000000 ____D C:\WINDOWS\system32\SPReview
2016-05-09 14:07 - 2013-03-21 09:24 - 00000000 ____D C:\WINDOWS\system32\EventProviders
2016-05-09 14:05 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\schemas
2016-05-09 14:05 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-05-09 14:04 - 2015-10-30 02:24 - 00000000 __SHD C:\Program Files\Windows Sidebar
2016-05-09 14:04 - 2015-10-30 02:24 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2016-05-09 14:04 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-05-09 14:04 - 2015-04-15 17:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-05-09 14:04 - 2014-10-12 12:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lakeshore Learning Materials
2016-05-09 14:04 - 2011-11-04 13:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)
2016-05-09 14:04 - 2010-12-01 20:00 - 00000000 ____D C:\ProgramData\McAfee
2016-05-09 14:04 - 2010-12-01 19:43 - 00000000 ____D C:\Program Files\WIDCOMM
2016-05-09 14:04 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Microsoft Games
2016-05-09 14:04 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\DVD Maker
2016-05-09 14:00 - 2015-10-30 01:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-05-09 12:54 - 2009-07-13 23:45 - 00022464 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-09 12:54 - 2009-07-13 23:45 - 00022464 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-09 12:52 - 2016-02-13 09:21 - 00000000 ___HD C:\$WINDOWS.~BT
2016-05-09 07:16 - 2010-12-01 20:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-04-13 09:23 - 2014-01-28 14:45 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2015-07-16 08:38 - 2015-07-16 08:38 - 6420480 _____ () C:\Program Files (x86)\GUTCB99.tmp
2012-02-16 23:25 - 2012-02-16 23:25 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

Some files in TEMP:
====================
C:\Users\Aaron\AppData\Local\Temp\jre-8u91-windows-au.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-05-09 13:54

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:09-05-2016
Ran by Aaron (2016-05-11 23:42:14)
Running from C:\Users\Aaron\Downloads
Windows 10 Home Version 1511 (X64) (2016-05-10 01:34:20)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Aaron (S-1-5-21-854172316-4246786990-4095734625-1001 - Administrator - Enabled) => C:\Users\Aaron
Administrator (S-1-5-21-854172316-4246786990-4095734625-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-854172316-4246786990-4095734625-503 - Limited - Disabled)
Guest (S-1-5-21-854172316-4246786990-4095734625-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-854172316-4246786990-4095734625-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Active@ UNDELETE (HKLM-x32\...\{64B408B8-068B-4EE0-B16C-658A24E75B8B}) (Version: 7.4.14 - Active Data Recovery Software)
Active@ UNDELETE 7 (HKLM-x32\...\Active@ UNDELETE 7) (Version: 7.4 - LSoft Technologies Inc)
ActiveLink Connect (HKU\S-1-5-21-854172316-4246786990-4095734625-1001\...\ActiveLink Connect) (Version: 5.6.0.16645 - Koninklijke Philips Electronics N.V.)
ActiveLink Connect (HKU\S-1-5-21-854172316-4246786990-4095734625-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\ActiveLink Connect) (Version: 5.6.0.16645 - Koninklijke Philips Electronics N.V.)
ActiveLink Connect (x32 Version: 5.6.0.16645 - Koninklijke Philips Electronics N.V.) Hidden
Adobe Reader 9.1.2 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A91000000001}) (Version: 9.1.2 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Alphabet Interactive Games (HKLM-x32\...\Alphabet Interactive Games) (Version: 1.5.3.0 - Lakeshore Learning Materials)
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.23 - Atheros Communications Inc.)
Avery Template (HKLM-x32\...\{A760067A-C07E-1033-0000-A764AC000005}) (Version: 2.0.0.0 - Avery)
Boardmaker version 5 (HKLM-x32\...\Boardmaker version 5) (Version:  - )
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Catch-To-Learn Number Recognition Interactive Games (HKLM-x32\...\Catch-To-Learn Number Recognition Interactive Games) (Version: 1.5.0.0 - Lakeshore Learning Materials)
Circle Time Interactive Activity Center (HKLM-x32\...\Circle Time Interactive Activity Center) (Version: 1.5.0.0 - Lakeshore Learning Materials)
Cisco WebEx Meetings (HKU\S-1-5-21-854172316-4246786990-4095734625-1001\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Cisco WebEx Meetings (HKU\S-1-5-21-854172316-4246786990-4095734625-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Cozi (HKLM-x32\...\{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}) (Version: 1.0.4323.24051 - Cozi Group, Inc.)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0011 - Dell, Inc.)
Dell Dock (HKLM-x32\...\Dell Dock) (Version: 2.0 - Stardock Corporation)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM-x32\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.5.09100 - Dell)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 5.60.48.35 - Dell Inc.)
extendedReach Plugin (HKLM-x32\...\{8642AE49-169B-4BDF-9A8B-1EEF1D78BC1C}) (Version: 1.0.8 - extendedReach)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.94 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
iCloud (HKLM\...\{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}) (Version: 3.0.2.163 - Apple Inc.)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2182 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java(TM) 6 Update 21 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416021FF}) (Version: 6.0.210 - Oracle)
Java(TM) 6 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216021FF}) (Version: 6.0.210 - Oracle)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
Logitech Harmony Remote Software (HKLM-x32\...\{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}) (Version: 1.0.110307 - Logitech)
LoJack Factory Installer (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 1.0.0 - Absolute Software)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.6868.2060 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6828.1015 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6828.1015 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6828.1015 - Microsoft Corporation) Hidden
Phonemic Awareness Interactive Games (HKLM-x32\...\Phonemic Awareness Interactive Games) (Version: 1.5.3.0 - Lakeshore Learning Materials)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.6.2 - Dell Inc.)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Shapes Adventures Interactive Activities (HKLM-x32\...\Shapes Adventures Interactive Activities) (Version: 1.6.3.0 - Lakeshore Learning Materials)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Toolbars (HKLM-x32\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.20.0 - Synaptics Incorporated)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.1100 - Broadcom Corporation)
WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.0.71 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinZip 20.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240EF}) (Version: 20.0.11659 - WinZip Computing, S.L. )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-854172316-4246786990-4095734625-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854172316-4246786990-4095734625-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 -> C:\Users\Aaron\AppData\Local\Temp\sirhqnx\smdnpiw\wow64.dll => No File
CustomCLSID: HKU\S-1-5-21-854172316-4246786990-4095734625-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854172316-4246786990-4095734625-1001_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 -> C:\Users\Aaron\AppData\Local\Temp\sirhqnx\smdnpiw\wow64.dll => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0273952C-805D-4DED-9FEF-48CAFCC7FC5B} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {03B6779C-8D13-412E-89BE-8D8B3C7FF554} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {03EB5380-FFB9-4907-B67A-20B2A76E11CF} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {04A1AAF8-B544-4B79-9062-74B33C5A81C2} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {0C98FD11-D7C1-4E4C-A33F-C3915C52FCD5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {0E96AA45-1330-4CBE-A65F-1F4670FB9A6A} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {1216BADC-B859-43E7-9D52-EC8CC7035550} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {17C504F8-2977-4401-8BDC-47DDBEF520D5} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {1916C534-55AF-499F-BA1A-B6131AB3036F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-04-29] (Microsoft Corporation)
Task: {26F88060-9208-464B-B9DC-D953FEEA591B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {33C72FB5-FD3F-44DC-924D-AA23AFB306BC} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {3A4150EE-67B5-4F18-8B7F-10D895DDC65D} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {3AA68F7E-EFB7-4457-BACF-F84275BF51EF} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {3B9F9AF3-B500-4D35-9439-E72FA5412314} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {3E6147D4-F932-4D36-9232-DDD3E4CBD215} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {3EEA8368-5C21-48DA-9AB8-11827C69E966} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {45FB70C5-2992-47BC-B4EE-5D10F9AE62E1} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {4C8CEF24-56B1-4690-81EF-B6B65BB01331} - System32\Tasks\GoogleUpdateTaskMachineUA1d0c00713558a05 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {4DD33B1B-5D4B-4E35-8B09-9132313263E4} - System32\Tasks\{48160DFE-BD59-4957-873B-8DF9C22F874E} => pcalua.exe -a E:\WD_Windows_Tools\Setup.exe -d E:\WD_Windows_Tools
Task: {5316B73E-9DBB-401D-8F5E-508C0EF042E3} - System32\Tasks\GoogleUpdateTaskMachineUA1cf6bbf336eb5c8 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {569B0B90-1BFA-40F4-B2F7-B2348DEA5262} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-04-29] (Microsoft Corporation)
Task: {5D1CCD8C-491E-47B2-9F4D-730CA93F8F1B} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {66164DB6-6E14-4F4B-A421-100BC44C823D} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {696B309A-D0CC-4407-883C-9C49DF090B6E} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {6FAD4941-4451-4418-B51A-E8F2AE82290D} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-09-14] (Apple Inc.)
Task: {708D7E87-9156-4421-B1CB-D430DD669F3C} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {7B9D57D5-CC95-4136-ACE9-CBE86482EBF7} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {84D49393-4230-4721-AC9A-3122D763937F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {875417AA-C490-475B-B878-BD9F099C6411} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {896A3220-E3BB-4B87-BA70-19997AE0E2C5} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {9283448E-FCF5-4A91-96E3-B55576518AAD} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-854172316-4246786990-4095734625-1001Core => C:\Users\Aaron\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-09-30] (Facebook Inc.)
Task: {A077508B-01C0-4676-B348-FAAFF53115D4} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {A40EE892-B8AF-466A-B76E-6094CA6D8BB6} - System32\Tasks\LoJack for Laptops Install => C:\Program Files (x86)\Absolute Software\LoJack Install\FactoryInstaller.exe [2009-11-26] (Absolute Software)
Task: {A7E56863-5F12-4339-BCC0-4C5A863D67E5} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {B0E8BE8B-C5D4-458F-BC1A-FA2E61D79658} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-854172316-4246786990-4095734625-1001UA => C:\Users\Aaron\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-09-30] (Facebook Inc.)
Task: {B18A93CA-B0FD-47FE-84CD-57E482058F2D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {B3836CB3-11E1-4F9A-9C84-DB0F217A3AA5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {B7ECA50D-17E9-4C24-B486-C4CF57F0B88E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {C69B9224-1D2A-4754-A8B3-678FD85FEEDB} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {C777D6BB-8B6C-4F77-BF7C-5D9453D01590} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {CF070F1F-3E03-47CD-991C-F8165088EB62} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-10] (Adobe Systems Incorporated)
Task: {D898934C-009D-4AE0-81F0-579C7BF961F0} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {DB06D382-1BFA-4719-8D32-2B25E4BBC4A6} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {DB7C5805-578A-4B59-87D3-7F53F62B2DF4} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {DD08811A-F84A-4870-857E-FE703614ACA9} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe
Task: {DFCC0C71-8896-46A2-ACBF-E67AA06D2704} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {E5D38902-1D72-415F-959C-345BB0A557A0} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {E8FC442B-E9DE-4FBF-9FAE-02CDE1D321FD} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {F4960F39-E529-4901-911B-BB7C20F5F107} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-854172316-4246786990-4095734625-1001Core.job => C:\Users\Aaron\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-854172316-4246786990-4095734625-1001UA.job => C:\Users\Aaron\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cf6bbf336eb5c8.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d0c00713558a05.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-12-17 19:38 - 2015-12-17 19:38 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-12-17 19:38 - 2015-12-17 19:38 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-05-01 22:21 - 2016-04-29 07:29 - 00417472 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2010-12-01 20:09 - 2011-08-18 10:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2016-05-09 16:47 - 2016-05-09 16:47 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-05-01 22:58 - 2016-05-09 07:13 - 08919744 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-02-13 07:54 - 2016-02-13 07:54 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-05-09 16:47 - 2016-05-09 16:47 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2012-11-26 23:54 - 2012-11-26 23:54 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-02-13 08:05 - 2016-02-13 08:05 - 00044032 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_1.10.22012.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2010-02-09 14:34 - 2010-02-09 14:34 - 01807680 _____ () C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
2009-10-15 04:10 - 2009-10-15 04:10 - 00498160 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
2009-10-15 04:10 - 2009-10-15 04:10 - 01169904 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2016-02-13 08:05 - 2016-02-13 08:05 - 00151040 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_1.10.22012.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-02-13 08:05 - 2016-02-13 08:05 - 18818048 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_1.10.22012.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2010-02-09 14:34 - 2010-02-09 14:34 - 00275776 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
2010-02-09 14:34 - 2010-02-09 14:34 - 00058688 _____ () C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
2010-02-09 14:34 - 2010-02-09 14:34 - 00095552 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
2010-02-09 14:34 - 2010-02-09 14:34 - 00152896 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
2010-02-09 14:34 - 2010-02-09 14:34 - 00017728 _____ () C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll
2009-10-15 04:10 - 2009-10-15 04:10 - 00588272 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\BBEngineAS.dll
2009-09-28 01:52 - 2009-09-28 01:52 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2016-05-01 21:46 - 2016-04-27 18:25 - 01738904 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.94\libglesv2.dll
2016-05-01 21:46 - 2016-04-27 18:25 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.94\libegl.dll
2016-05-01 21:46 - 2016-04-27 18:25 - 17536664 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.94\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:F8D65F32 [188]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-854172316-4246786990-4095734625-1001\...\extendedreach.com -> hxxps://extendedreach.com
IE trusted site: HKU\S-1-5-21-854172316-4246786990-4095734625-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\extendedreach.com -> hxxps://extendedreach.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-854172316-4246786990-4095734625-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Aaron\Documents\backup2\Camila\OCT11.jpg
HKU\S-1-5-21-854172316-4246786990-4095734625-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Aaron\Documents\backup2\Camila\OCT11.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{A086EA1C-3067-49F9-A0DD-E8F9DB77EDA1}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{D3188999-4902-4170-913F-23FECCBA5D66}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{52284DDE-1BA8-449C-B439-6E708A1B29DC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{33182C7B-16B7-4F92-81D8-4F79AA929722}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B09DC1A4-FFD4-447B-834C-F8DD1899DD97}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B22AD34C-A2B6-44F9-80F7-A4B511552BB6}] => (Allow) C:\Users\Aaron\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{E3800148-E71A-4FA7-A6A0-DBF60D6F9DCF}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{DFE82DA8-3295-4F9A-ACE0-3B037F5DB02E}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{5307124B-B325-4E9B-8CDB-A52E214C5471}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{1AC70995-7209-4CB3-8358-B28D36571784}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{732CFB36-AE9E-466A-9400-0FDB07FB37D4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{910E93C5-3A9B-4842-AD30-7CDA457890C3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{45D2592D-A02B-4C9B-A807-58ADC04A46FD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0F102B7E-E1AA-4E45-8C8E-4A90F1C4BBD1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FE968B21-CCB3-4F1A-A87A-129BE78C514C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{47011BBB-C8A0-4AB1-859D-5520C887C394}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{9FD72D7F-D92D-49A6-BF2E-5CDCF975F19A}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{F7B67A27-D41E-4A1F-A2AE-80658F24ADFB}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{7280F420-6EF4-429E-8CE2-10C06B53DB27}] => (Allow) svchost.exe
FirewallRules: [{028A3E99-3144-488F-818D-F02D85322CA8}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{D4B3100F-B85B-4243-AC47-F65CE6C6BFEC}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{4DD12C0D-7AF5-4DAD-B148-3D4EC98E7CBE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/11/2016 11:15:41 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP status 403: The client does not have sufficient access rights to the requested server object.

Error: (05/11/2016 11:13:48 PM) (Source: Swapdrive Backup) (EventID: 0) (User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 63.245.197.212:443
   at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
   at System.Net.Sockets.Socket.InternalConnect(EndPoint remoteEP)
   at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Int32 timeout, Exception& exception)
   --- End of inner exception stack trace ---
   at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
   at System.Net.HttpWebRequest.GetRequestStream()
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
   at Swapdrive.Shared.ActivationWsvcs.GetInfo()

Error: (05/11/2016 10:57:43 PM) (Source: Swapdrive Backup) (EventID: 0) (User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 63.245.197.212:443
   at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
   at System.Net.Sockets.Socket.InternalConnect(EndPoint remoteEP)
   at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Int32 timeout, Exception& exception)
   --- End of inner exception stack trace ---
   at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
   at System.Net.HttpWebRequest.GetRequestStream()
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
   at Swapdrive.Shared.ActivationWsvcs.GetInfo()

Error: (05/11/2016 10:52:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 10.0.10586.0, time stamp: 0x5632d7ba
Faulting module name: ESENT.dll, version: 10.0.10586.212, time stamp: 0x56fa1686
Exception code: 0xc0000602
Fault offset: 0x000000000022885f
Faulting process id: 0x588
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
Faulting package full name: svchost.exe4
Faulting package-relative application ID: svchost.exe5

Error: (05/11/2016 10:52:08 PM) (Source: ESENT) (EventID: 908) (User: )
Description: svchost (1416) Terminating process due to non-recoverable failure: PV: 10.0.10586.0 SV: 10.0.10586.0 GLE: 0 ERR: -1601(dir.cxx:753): dllentry.cxx(103) (ESENT[10.0.10586.0] RETAIL RTM MBCS)

Error: (05/11/2016 10:49:29 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP status 403: The client does not have sufficient access rights to the requested server object.

Error: (05/11/2016 10:43:47 PM) (Source: Swapdrive Backup) (EventID: 0) (User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 63.245.197.212:443
   at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
   at System.Net.Sockets.Socket.InternalConnect(EndPoint remoteEP)
   at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Int32 timeout, Exception& exception)
   --- End of inner exception stack trace ---
   at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
   at System.Net.HttpWebRequest.GetRequestStream()
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
   at Swapdrive.Shared.ActivationWsvcs.GetInfo()

Error: (05/11/2016 10:36:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Aaron-PC)
Description: Activation of app Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/11/2016 10:36:11 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

Error: (05/11/2016 10:35:36 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Aaron-PC)
Description: Activation of app Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (05/11/2016 11:25:38 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume ??.

The exact nature of the corruption is unknown.  The file system structures need to be scanned online.

Error: (05/11/2016 11:25:38 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume ??.

The Master File Table (MFT) contains a corrupted file record.  The file reference number is 0x1000000000000.  The name of the file is "<unable to determine file name>".

Error: (05/11/2016 11:25:38 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume ??.

The exact nature of the corruption is unknown.  The file system structures need to be scanned online.

Error: (05/11/2016 11:25:38 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume ??.

The Master File Table (MFT) contains a corrupted file record.  The file reference number is 0x1000000000000.  The name of the file is "<unable to determine file name>".

Error: (05/11/2016 11:25:38 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume ??.

The exact nature of the corruption is unknown.  The file system structures need to be scanned online.

Error: (05/11/2016 11:25:38 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume ??.

The Master File Table (MFT) contains a corrupted file record.  The file reference number is 0x1000000000000.  The name of the file is "<unable to determine file name>".

Error: (05/11/2016 11:25:38 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume ??.

The exact nature of the corruption is unknown.  The file system structures need to be scanned online.

Error: (05/11/2016 11:25:38 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume ??.

The Master File Table (MFT) contains a corrupted file record.  The file reference number is 0x1000000000000.  The name of the file is "<unable to determine file name>".

Error: (05/11/2016 11:20:49 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume ??.

The exact nature of the corruption is unknown.  The file system structures need to be scanned online.

Error: (05/11/2016 11:20:49 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume ??.

The Master File Table (MFT) contains a corrupted file record.  The file reference number is 0x1000000000000.  The name of the file is "<unable to determine file name>".


CodeIntegrity:
===================================
  Date: 2016-05-11 23:31:51.593
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-05-11 23:31:51.579
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-05-11 23:31:51.558
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-05-11 23:31:51.500
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-05-11 23:31:51.069
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-05-11 23:31:50.359
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-05-09 21:33:47.898
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-05-09 21:33:47.886
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-05-09 21:31:43.918
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-05-09 21:31:43.906
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5 CPU M 460 @ 2.53GHz
Percentage of memory in use: 63%
Total physical RAM: 3892.52 MB
Available physical RAM: 1410.55 MB
Total Virtual: 7860.52 MB
Available Virtual: 5152.04 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:259.18 GB) NTFS
Drive d: (Boardmaker) (CDROM) (Total:0.55 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 07F2837E)
Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1016 KB) - (Type=17)ATTENTION ===> Suspicious partition bootkit on partition 4

==================== End of Addition.txt ============================

 

Link to post
Share on other sites

Hello and :welcome:

 

Can you attach MalwareBytes report that shows what has been detected and deleted? 

 

Please re-run 51a46ae42d560-malwarebytes_anti_malware. Malwarebytes' Anti-Malware.

  • Click the History tab.
  • Click Application Logs and double-click the newest Scan Log.
  • At the bottom click Export and choose Text file.


Save the file to your desktop and include its content in your next reply.

 

 

FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition.txt option is checked. option is checked.

    2873ryc.png

  • Press Scan button and wait.

  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.


Please attach report into your next reply.

Link to post
Share on other sites

FRST.gif Fix with Farbar Recovery Scan Tool

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif


icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finishes FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

fixlist.txt

Link to post
Share on other sites

Seems better now. I was getting very limited internet access before but now Chrome seems to be running better. Also bootup is quicker as well. But I am still getting notification from windows defender about malware found on my PC. It still lists the same Trojan.

Link to post
Share on other sites

TDSSKiller_Kaspersky.png Scan with TDSSKiller

Please download TDSSKiller by Kaspersky and save it to your desktop.

  • Right-click on TDSSKiller_Kaspersky.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Click on Change parameters and put a checkmark beside Loaded modules. A reboot will be needed to apply the changes, allow it to do so.
  • Your machine may appear very slow and unusable after that - it's normal. 
  • TDSSKiller will run automaticaly. Click on Change parameters and click OK.
  • Click the Start Scan button and wait patiently.

If anything will be found follow this guidelines:

  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    If Cure is not available, please choose Skip instead.
  • Do not choose Delete unless instructed!

A report will be created in your root directory, (usually C:\ drive) in the form of TDSSKiller.[Version]_[Date]_[Time]_log.txt. Please include the contents of that file in your next post.

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.