Need help with Yourconnectivity.net

[cchao]

Everytime I open up Chrome or Mozilla the yourconnectivity.net pops up. I downloaded Farbar Recovery Scan Tool and scanned it. What do I do now? I already scanned my laptop with Malwarebytes anti-malware, but it didn't work. Please help.

[B-boy/StyLe/]

Hello! Welcome to Malwarebytes Forums!
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

• I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
• The logs can take some time to research, so please be patient with me.
• Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
• Instructions that I give are for your system only!
• Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
• Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
• Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

Before we proceed please read the following topic - Piracy

 

 

STEP 1

 

Please download Malwarebytes Anti-Malware 2.2.1.1043 Final to your desktop.
 

• Double-click mbam-setup-2.2.1.1043.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
• Click Finish.
• On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
• Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
• A Threat Scan will begin.
• With some infections, you may see this message box.
  • 'Could not load DDA driver'
• Click 'Yes' to this message, to allow the driver to load after a restart.
• Allow the computer to restart. Continue with the rest of these instructions.
• When the scan is complete, click Apply Actions.
• Wait for the prompt to restart the computer to appear, then click on Yes.
• After the restart once you are back at your desktop, open MBAM once more.
• Click on the History tab > Application Logs.
• Double click on the scan log which shows the Date and time of the scan just performed.
• Click 'Copy to Clipboard'
• Paste the contents of the clipboard into your reply.

 

 

STEP 2

 

Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Make sure that Additional.txt is checked.
• Press Scan button.
• It will make 2 logs (FRST.txt and Addition.txt) in the same directory the tool is run. Please copy and paste them to your reply.

 

 

Regards,
Georgi

[B-boy/StyLe/]

Hi,

Are you still around?

Regards,
Georgi

[cchao]

Yes, I am actually running the first scan with malwarebytes anti-malware right now. Sorry I have been busy. It's been scanning for over an hour and a half now.

[B-boy/StyLe/]

Hi,

Thank you for letting me know. As for the scan it usually should take no more than 10 min for the Threat scan but when the "scan for rootkits" is enabled the time needed to complete can significantly be increased.

Regards,
Georgi

[cchao]

Hopefully I did the right scan because it scanned everything, such as scan memory, scan startup files, scan registry, and scan file system. It's finishing up now.

[cchao]

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/2/2016
Scan Time: 11:20 PM
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.10.03.02
Rootkit Database: v2016.09.26.02
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: ChiemMax

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 457671
Time Elapsed: 2 hr, 50 min, 31 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 12
PUP.Optional.CouponBar, HKLM\SOFTWARE\CLASSES\TBSB07898.IEToolbar, Quarantined, [efdfa1f32872fa3c9f8f7916788a8d73],
PUP.Optional.CouponBar, HKLM\SOFTWARE\CLASSES\TBSB07898.IEToolbar.1, Quarantined, [10beaaea1b7f270ffa340b847290718f],
PUP.Optional.CouponBar, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TBSB07898.IEToolbar, Quarantined, [10beaaea1b7f270ffa340b847290718f],
PUP.Optional.CouponBar, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TBSB07898.IEToolbar.1, Quarantined, [10beaaea1b7f270ffa340b847290718f],
PUP.Optional.CouponBar, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TBSB07898.IEToolbar, Quarantined, [10beaaea1b7f270ffa340b847290718f],
PUP.Optional.CouponBar, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TBSB07898.IEToolbar.1, Quarantined, [10beaaea1b7f270ffa340b847290718f],
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\TYPELIB\{A9345A7F-B62E-4F8E-A91D-5728B8C83F63}, Quarantined, [96385f35a5f55bdbc060329a24dd629e],
PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A9345A7F-B62E-4F8E-A91D-5728B8C83F63}, Quarantined, [96385f35a5f55bdbc060329a24dd629e],
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{A9345A7F-B62E-4F8E-A91D-5728B8C83F63}, Quarantined, [96385f35a5f55bdbc060329a24dd629e],
PUP.Optional.Runner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Test TimeTrigger, Delete-on-Reboot, [bc12a3f11e7c2115db6bfbb710f307f9],
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{21111111-1111-1111-1111-110111991162}, Quarantined, [537b098b9dfd2115db2c5c43ab582bd5],
PUP.Optional.Spigot, HKU\S-1-5-21-3173931314-375326031-4078295803-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{092D274F-B0F4-43C8-A50C-5C4021B21C1C}, Quarantined, [2da113819802280eaa7ffbbb3ac9ab55],

Registry Values: 3
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{21111111-1111-1111-1111-110111991162}|AppName, Supreme Savings-bg.exe, Quarantined, [537b098b9dfd2115db2c5c43ab582bd5]
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IPHLPSVC\PARAMETERS\PROXYMGR\{201A5F9C-44D4-49CB-90D9-996E0CE269F1}|AutoConfigUrl, http://un-blocking.net/wpad.dat?87383d8b6911f3a31446825d77968e8b17249224, Quarantined, [438b375deeac053173e8bb3db4500cf4]
PUP.Optional.Spigot, HKU\S-1-5-21-3173931314-375326031-4078295803-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{092D274F-B0F4-43C8-A50C-5C4021B21C1C}|URL, http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=586383&p={searchTerms}, Quarantined, [2da113819802280eaa7ffbbb3ac9ab55]

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.MultiPlug.Gen, C:\ProgramData\12303896252809993232, Quarantined, [6c62b2e2c3d7c472b01995fe55ae649c],

Files: 7
FraudTool.YAC, C:\WINDOWS\SYSTEM32\drivers\iSafeKrnlBoot.sys, Delete-on-Reboot, [cd81f6df96ac72f4c76ed554041bc9d7],
PUP.Optional.OpenCandy, C:\Users\ChiemMax\AppData\Roaming\RHEng\5AD5915D44A0420185EF805ABDA7FEB6\dhh6075.exe, Quarantined, [96385f35a5f55bdbc060329a24dd629e],
PUP.Optional.OpenCandy, C:\Users\ChiemMax\AppData\Roaming\RHEng\B1D39D87424F436DB556A3AAF852DBAA\dhh6075.exe, Quarantined, [b01e2c686535d1659d83d1fbcd34926e],
Adware.FileFinder, C:\Users\ChiemMax\AppData\Local\Temp\af85-ef04-f96e-9c70.exe, Quarantined, [5678860efe9c0531385e3bc329db619f],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\12303896252809993232\cd5b15e575e1c3d07ecbf855ae0b021b.ini, Quarantined, [6c62b2e2c3d7c472b01995fe55ae649c],
PUP.Optional.Runner, C:\Windows\System32\Tasks\Test TimeTrigger, Quarantined, [78563b59cecc13236fd5951df0138f71],
PUP.Optional.YourConnectivity.ShrtCln, C:\Users\ChiemMax\AppData\Roaming\Mozilla\Firefox\Profiles\y98f42bd.default-1475142416062\sessionstore-backups\recovery.js, Good: (), Bad: (yourconnectivity.net), Replaced,[d1fd791b663412241b006199fd07837d]

Physical Sectors: 0
(No malicious items detected)

(end)

[cchao]

^^above is the scan log for malwarebytes anti-malware. I already scanned with farbar on september 29, 2016. I'll upload the frst and addition logs in a minute.

[cchao]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-09-2016
Ran by ChiemMax (29-09-2016 21:58:37)
Running from C:\Users\ChiemMax\Downloads
Windows 10 Home Version 1607 (X64) (2016-09-26 05:50:57)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3173931314-375326031-4078295803-500 - Administrator - Disabled)
ChiemMax (S-1-5-21-3173931314-375326031-4078295803-1001 - Administrator - Enabled) => C:\Users\ChiemMax
DefaultAccount (S-1-5-21-3173931314-375326031-4078295803-503 - Limited - Disabled)
Guest (S-1-5-21-3173931314-375326031-4078295803-501 - Limited - Disabled) => C:\Users\Guest
Kao (S-1-5-21-3173931314-375326031-4078295803-1004 - Limited - Enabled) => C:\Users\Kao

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AC3Filter 2.6.0b (HKLM-x32\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.6 - Atheros Communications Inc.)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon MX410 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX410_series) (Version:  - )
Catalina Savings Printer (HKLM-x32\...\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.4) (Version: 5.0.0.4 - Coupons.com Incorporated)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DivX Setup (HKLM\...\DivX Setup) (Version: 3.0.0.58 - DivX, LLC)
Edgeworld (HKU\S-1-5-21-3173931314-375326031-4078295803-1001\...\Pokki_2e9d53cc2b402b6e65aa9551308ca17a19c4721a) (Version: v1.1.8 - Pokki)
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Goodgame Empire (HKU\S-1-5-21-3173931314-375326031-4078295803-1001\...\Pokki_149b46d4a102c0304583931ceaa3f0bf19785ee3) (Version: v1.1.7 - Pokki)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.116 - Google Inc.)
Google Drive (HKLM-x32\...\{459CE109-4E46-4340-92BC-054642BC3BC2}) (Version: 1.31.2873.2758 - Google, Inc.)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
GoPro Studio 2.5.3 (HKLM-x32\...\GoPro Studio) (Version: 2.5.3 - GoPro, Inc.)
Host App Service (HKU\S-1-5-21-3173931314-375326031-4078295803-1001\...\SweetLabs_AP) (Version: 0.269.7.983 - Pokki)
HP Deskjet 1050 J410 series Basic Device Software (HKLM\...\{F294770E-F869-400F-81C3-614B5F13CA54}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 1050 J410 series Help (HKLM-x32\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard)
HP Deskjet 1050 J410 series Product Improvement Study (HKLM\...\{D638A23C-5C5F-4B71-A354-EC78B2BDD320}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4358 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{ECCB31F5-435D-4F37-A98D-5854D3C62718}) (Version: 1.1.1 - Intel Corporation)
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Java 7 Update 79 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417079FF}) (Version: 7.0.790 - Oracle)
Java SE Development Kit 7 Update 79 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170790}) (Version: 1.7.0.790 - Oracle)
Malwarebytes Anti-Malware version 1.70.0.1100 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.70.0.1100 - Malwarebytes Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4859.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50709.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 49.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 49.0.1 (x86 en-US)) (Version: 49.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.1.6109 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Norton Anti-Theft (HKLM-x32\...\NAT) (Version: 1.10.0.9 - Symantec Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4859.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4859.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4859.1002 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 8.6.3.49 - Electronic Arts, Inc.)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pirate Storm (HKU\S-1-5-21-3173931314-375326031-4078295803-1001\...\Pokki_17dd240efdb0c50e8a5015de26b6d100f1b1072c) (Version: v1.1.7 - Pokki)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Premium Sound HD (HKLM\...\{94F03B8E-CB73-4653-AFE9-79112C01FED2}) (Version: 1.12.5000 - SRS Labs, Inc.)
Print@Home (HKLM-x32\...\{123D4082-3194-4191-9139-067E9157C2B2}) (Version: 2.0.0 - Valassis Interactive Inc.)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
RealDownloader (x32 Version: 17.0.13 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.13 - RealNetworks)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31225 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6794 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\InstallShield_{95F38874-065A-40AB-AFC1-B764B192FFE7}) (Version: 2.00.0002 - REALTEK Semiconductor Corp.)
REALTEK Wireless LAN Driver (x32 Version: 2.00.0002 - REALTEK Semiconductor Corp.) Hidden
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Respondus LockDown Browser (HKLM-x32\...\{C0E5147E-C9F3-4360-9ED0-2E875F11766C}) (Version: 1.02.0001 - Respondus, Inc.)
simplitec simplicheck (HKLM-x32\...\{1F52F36E-895D-4E01-B4D4-E23C4FA4193B}) (Version: 1.3.10.0 - simplitec GmbH)
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
Start Menu (HKU\S-1-5-21-3173931314-375326031-4078295803-1001\...\SweetLabs_Start_Menu) (Version: 0.269.7.983 - Pokki)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.3 - Synaptics Incorporated)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.4 - TOSHIBA)
TOSHIBA Battery Check Utility (HKLM-x32\...\{5468E297-7EF8-4CB3-A091-F8714147793F}) (Version: 1.00.01.01 - Toshiba Corporation)
Toshiba Book Place (HKLM-x32\...\{24B45620-22B6-4E4A-B836-FF30A0B0404E}) (Version: 3.1.9534 - K-NFB Reading Technology, Inc.)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.02.01.6407 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0002.6401 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v1.0.0.8 - TOSHIBA Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.8.0 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{B1F241E1-90BF-4201-8977-A0DF85A38EBB}) (Version: 2.6.16.0 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0032 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.49.124  - Toshiba Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.8.7 - WildTangent) Hidden
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices  (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012  - GoPro)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3173931314-375326031-4078295803-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\ChiemMax\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3173931314-375326031-4078295803-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A16B899-E1A0-4664-84CB-4B74F683B55A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {0F806BA1-F5EB-4125-BD5C-D7449598B520} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {102721B7-6556-4DFC-BAA2-FAA169CB569D} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-13] (Adobe Systems Incorporated)
Task: {10E4C34B-008E-46C8-AA92-FC3AA69D0A18} - \WPD\SqmUpload_S-1-5-21-3173931314-375326031-4078295803-1004 -> No File <==== ATTENTION
Task: {140AC0CE-0B51-4FCE-8B2B-7C6D16FEA64D} - System32\Tasks\RNUpgradeHelperLogonPrompt_ChiemMax => C:\Users\ChiemMax\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.04\agent\rnupgagent.exe [2016-09-19] (RealNetworks, Inc.)
Task: {156179CD-B645-45B8-A0BB-41CB4E11FABD} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-10-08] (Synaptics Incorporated)
Task: {1D3DB222-076A-45F8-ACED-CC59E1714E72} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3173931314-375326031-4078295803-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-07-30] (RealNetworks, Inc.)
Task: {1DD1B969-8EE9-41A3-8EDF-3C6F4B554B16} - System32\Tasks\ReclaimerUpdateFiles_ChiemMax => C:\Users\ChiemMax\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.04\agent\rnupgagent.exe [2016-09-19] (RealNetworks, Inc.)
Task: {2D160DC3-4325-44B0-8494-581D5D5EDBC9} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\ChiemMax\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-08-24] (Microsoft Corporation)
Task: {2D7CE78E-99B7-4080-9F78-A646A99A2B27} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {2E610597-DBBC-479F-A11A-9EFE28FB162F} - \WPD\SqmUpload_S-1-5-21-3173931314-375326031-4078295803-1001 -> No File <==== ATTENTION
Task: {34B05BAE-E9F6-46DA-A374-B0D3EA37027B} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe
Task: {385CCA66-F465-419E-9AB0-C1BD8CC0F27F} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {436236C4-F599-4C6A-A24E-0F163AE59462} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {44C2997F-3662-4BC8-BB8D-E3F87546DD46} - System32\Tasks\SweetLabs App Platform => C:\Users\ChiemMax\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe [2016-09-18] (Pokki)
Task: {4ED443F9-281E-4977-BEC3-C378667A80EE} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-07-26] (Microsoft Corporation)
Task: {58AF4125-4A11-4909-BEF1-63D3F2928D9B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-07-26] (Microsoft Corporation)
Task: {5ADCA1FA-962A-481C-A609-63C4C789FC9C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {6F63242D-2B55-4397-B8B9-D5D1F56387D0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {6F9D386D-0030-4C9B-84A8-96CD4B47A473} - System32\Tasks\RNUpgradeHelperResumePrompt_ChiemMax => C:\Users\ChiemMax\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.04\agent\rnupgagent.exe [2016-09-19] (RealNetworks, Inc.)
Task: {76BB9C74-AA84-4D08-9F8C-1BE57036D17A} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {7748F5B2-7FD4-461E-8AD7-8B76527F3516} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {788542ED-5303-4B16-B824-4968980B730B} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {84BD0DCC-589F-43C8-8CCD-7DFABBA7A7CF} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {87C57A02-095B-4857-B549-8A125556C529} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)
Task: {9486A3F4-64BD-4A83-AC57-1904AA60225C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {9C81902E-3CF4-419D-A0FA-55B208D6964E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {BCDA08FB-27E1-4DFD-891B-442CDB9B3DD5} - System32\Tasks\Test TimeTrigger => C:\Users\ChiemMax\AppData\Local\Temp\Runner.exe <==== ATTENTION
Task: {C442543D-96EF-4A8E-8F52-91B385DE8033} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2014-04-03] (TOSHIBA Corporation)
Task: {C62A74B6-DDCC-4E42-8D2E-1ED35D385303} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {C62BA55E-A659-4E58-BA28-A6B85E3FF1CE} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-09-13] (Microsoft Corporation)
Task: {D0C5920B-9496-4BEC-BA36-FD0225F26414} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {D27FD100-1684-423D-9204-1C041F873E6E} - System32\Tasks\ReclaimerUpdateXML_ChiemMax => C:\Users\ChiemMax\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.04\agent\rnupgagent.exe [2016-09-19] (RealNetworks, Inc.)
Task: {DAF2A3AB-96E1-4190-BEDD-4F9D11F91C7C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {EB31C7FE-1DFD-4A66-AE99-F7C6D602B947} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3173931314-375326031-4078295803-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-07-30] (RealNetworks, Inc.)
Task: {EBDF8BA2-82D5-4260-AA37-BB9EB457C828} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {F1B1564D-64DB-42EC-9507-CCF46257B3B9} - System32\Tasks\HPCustParticipation HP Deskjet 1050 J410 series => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
Task: {F20E20E0-247F-485E-8C53-1E94DE388FAE} - System32\Tasks\DivXUpdate => C:\Program Files (x86)\Common Files\DivX Shared\Qt4.8\DivXUpdate.exe [2016-04-13] (DivX, LLC)
Task: {F60131BF-C2F6-43ED-B03B-242F6A349FF3} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-07-26] (Microsoft Corporation)
Task: {FF3309A1-E815-449A-A6AF-B3AE457D10BD} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\ChiemMax\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://yourconnectivity.net/?ssid=1474924993&a=1024132&src=sh&uuid=a9454543-d3be-4f06-8732-3b59e7ffd2ed,1474924913164"
ShortcutWithArgument: C:\Users\ChiemMax\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://yourconnectivity.net/?ssid=1474924993&a=1024132&src=sh&uuid=a9454543-d3be-4f06-8732-3b59e7ffd2ed,1474924913164"
ShortcutWithArgument: C:\Users\ChiemMax\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> "hxxp://yourconnectivity.net/?ssid=1474924993&a=1024132&src=sh&uuid=a9454543-d3be-4f06-8732-3b59e7ffd2ed,1474924913164"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://yourconnectivity.net/?ssid=1474924993&a=1024132&src=sh&uuid=a9454543-d3be-4f06-8732-3b59e7ffd2ed,1474924913164"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> "hxxp://yourconnectivity.net/?ssid=1474924993&a=1024132&src=sh&uuid=a9454543-d3be-4f06-8732-3b59e7ffd2ed,1474924913164"
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://yourconnectivity.net/?ssid=1474924993&a=1024132&src=sh&uuid=a9454543-d3be-4f06-8732-3b59e7ffd2ed,1474924913164"
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> "hxxp://yourconnectivity.net/?ssid=1474924993&a=1024132&src=sh&uuid=a9454543-d3be-4f06-8732-3b59e7ffd2ed,1474924913164"

==================== Loaded Modules (Whitelisted) ==============

2014-03-19 22:38 - 2016-05-24 09:51 - 00116416 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-07-30 02:17 - 2014-07-30 02:17 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-07-30 05:04 - 2014-07-30 05:04 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2015-10-13 06:45 - 2015-10-13 06:45 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 06:45 - 2015-10-13 06:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-07-16 04:42 - 2016-07-16 04:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-08-24 15:16 - 2016-08-24 15:16 - 01864384 _____ () C:\Users\ChiemMax\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2016-07-27 22:50 - 2016-05-24 09:43 - 08909504 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-07-16 04:42 - 2016-07-16 04:42 - 00130048 _____ () C:\WINDOWS\SYSTEM32\CHARTV.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 09760256 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01401344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 02438144 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2012-07-18 18:38 - 2012-07-18 18:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2016-09-28 09:28 - 2016-09-28 09:30 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.190.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-09-28 09:28 - 2016-09-28 09:30 - 00178176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.190.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-09-28 09:28 - 2016-09-28 09:31 - 35250688 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.190.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2012-12-10 04:12 - 2012-12-10 04:12 - 00158536 _____ () C:\WINDOWS\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\slcc3d64.dll
2016-07-16 04:42 - 2016-07-16 04:42 - 00236488 _____ () c:\windows\system32\WerEtw.dll
2014-09-08 21:12 - 2014-09-08 21:12 - 00864856 _____ () C:\Program Files (x86)\Real\RealPlayer\RPDS\Plugins\cldplin.dll
2012-09-23 21:56 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2016-08-24 15:16 - 2016-08-24 15:16 - 01383616 _____ () C:\Users\ChiemMax\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll
2016-08-24 15:16 - 2016-08-24 15:16 - 00118976 _____ () C:\Users\ChiemMax\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncViews.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:054203E4 [150]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3173931314-375326031-4078295803-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ChiemMax\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\internet explorer wallpaper.bmp
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "GoPro Importer.lnk"
HKLM\...\StartupApproved\Run32: => "Norton Online Backup"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKU\S-1-5-21-3173931314-375326031-4078295803-1001\...\StartupApproved\Run: => "BitTorrent"
HKU\S-1-5-21-3173931314-375326031-4078295803-1001\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{90C25AFF-A40B-4810-B9AB-7F8D42E0C524}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{7E7C0F51-092D-4285-A5FF-D05A517D4BD0}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{9BA770AB-650C-4E98-83F4-52AF429C64A6}] => (Allow) C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\USBSetup.exe
FirewallRules: [{C0DAEA4B-3980-4122-A680-3676149F260E}] => (Allow) LPort=1900
FirewallRules: [{D735D71A-BF7C-4585-AD10-C13C9F5702D3}] => (Allow) LPort=2869
FirewallRules: [{B13C748B-2446-4AFD-A916-91C3CE2ACBB3}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{4CE683E0-6C64-43E9-9518-5CD837A4EE22}] => (Allow) C:\Users\ChiemMax\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{EBA2FDAF-8A1E-4D39-B2FB-C4B7F440EB0D}] => (Allow) C:\Users\ChiemMax\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [TCP Query User{9C0651AD-B0B1-46A5-BAD4-62E0C9E4D84C}C:\users\chiemmax\appdata\roaming\bittorrent\updates\7.9.0_30612.exe] => (Block) C:\users\chiemmax\appdata\roaming\bittorrent\updates\7.9.0_30612.exe
FirewallRules: [UDP Query User{5BF0D994-2402-4CEC-9194-01EED48BDBD2}C:\users\chiemmax\appdata\roaming\bittorrent\updates\7.9.0_30612.exe] => (Block) C:\users\chiemmax\appdata\roaming\bittorrent\updates\7.9.0_30612.exe
FirewallRules: [TCP Query User{1FC15E90-E1B2-44C5-93DB-E949ABB32E76}C:\users\chiemmax\appdata\roaming\bittorrent\updates\7.9.0_30612.exe] => (Block) C:\users\chiemmax\appdata\roaming\bittorrent\updates\7.9.0_30612.exe
FirewallRules: [UDP Query User{0B463137-DCC8-4973-AE01-6716862606B2}C:\users\chiemmax\appdata\roaming\bittorrent\updates\7.9.0_30612.exe] => (Block) C:\users\chiemmax\appdata\roaming\bittorrent\updates\7.9.0_30612.exe
FirewallRules: [{C306D245-DBF3-4942-92F7-CA55D39747AA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FAE5F26D-BEA4-4CE0-A15C-E9FA57A8A3E7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{277E7CF2-8E82-4FA8-AF00-ED6EAAFEA5AB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EB124B39-31BB-44F4-BA2A-EDA0E1259062}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{86882D68-CE29-404D-93A6-9017670FEF32}] => (Allow) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [TCP Query User{7AE9C0F6-F6F8-487F-8AA8-BD03E79D9A99}C:\program files (x86)\real\realplayer\realplay.exe] => (Allow) C:\program files (x86)\real\realplayer\realplay.exe
FirewallRules: [UDP Query User{3BF3A90A-AE27-4746-B99A-5EDA2F7DC6AE}C:\program files (x86)\real\realplayer\realplay.exe] => (Allow) C:\program files (x86)\real\realplayer\realplay.exe
FirewallRules: [{5C587D88-F907-47F9-9787-8DB690543FB0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DD3922BE-99B1-4F30-8401-347ABEC16CB8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{83483C1A-34FB-4829-BA90-3044F093D1F0}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{8CAC6E77-3DDC-4CE3-998D-34B7F8E6F01C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{0D1F52A6-F07E-493E-956F-9DEAF21BF8C3}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [UDP Query User{D5E9DCCE-C9F2-404A-BE24-5F4EE463D7EB}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [TCP Query User{2678EFDE-487B-4203-9700-7616318AC260}C:\program files (x86)\divx\divx media server\divxmediaserver.exe] => (Block) C:\program files (x86)\divx\divx media server\divxmediaserver.exe
FirewallRules: [UDP Query User{558B0FAE-276E-45EF-A049-CEB2CF18130F}C:\program files (x86)\divx\divx media server\divxmediaserver.exe] => (Block) C:\program files (x86)\divx\divx media server\divxmediaserver.exe
FirewallRules: [{9CDD2227-F49F-4268-8D78-244F790CC062}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{57C7D6D7-197A-419E-AA71-8D7BF421BF89}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9BE59FFB-70B0-4B9E-A432-90B357711208}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CB882AA0-16F1-46DC-B421-BDDED1A8FAD4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B253286F-9C7C-473A-9E36-B34B579E7A13}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{DA5CD53E-CD54-48DE-94A4-BC8B78710652}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FABC2212-07E8-4C6F-BF88-37DEAF0404E4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

26-09-2016 12:57:20 Windows Update

==================== Faulty Device Manager Devices =============

Name: TOSHIBA x64 ACPI-Compliant Value Added Logical and General Purpose Device
Description: TOSHIBA x64 ACPI-Compliant Value Added Logical and General Purpose Device
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: TOSHIBA
Service: TVALZ
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: MATSHITA DVD-RAM UJ8C0
Description: CD-ROM Drive
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

==================== Event log errors: =========================

Application errors:
==================
Error: (09/29/2016 09:57:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 28.9.2016.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 6b4

Start Time: 01d21ad673252c28

Termination Time: 4294967295

Application Path: C:\Users\ChiemMax\Downloads\FRST64.exe

Report Id: 461471b0-86ca-11e6-bf04-00266c2fedb5

Faulting package full name:

Faulting package-relative application ID:

Error: (09/29/2016 09:57:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MAX)
Description: Activation of app Microsoft.WindowsMaps_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/29/2016 09:33:12 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (09/29/2016 02:41:24 AM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (09/29/2016 02:38:51 AM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Enumerating user sessions to generate filter pools failed.

Details:
    (HRESULT : 0x80040210) (0x80040210)

Error: (09/29/2016 02:38:51 AM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Enumerating user sessions to generate filter pools failed.

Details:
    (HRESULT : 0x80040210) (0x80040210)

Error: (09/29/2016 02:38:51 AM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Enumerating user sessions to generate filter pools failed.

Details:
    (HRESULT : 0x80040210) (0x80040210)

Error: (09/28/2016 09:40:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 175343

Error: (09/28/2016 09:40:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 175343

Error: (09/28/2016 09:40:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

System errors:
=============
Error: (09/29/2016 09:35:03 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

Error: (09/29/2016 09:32:03 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/29/2016 02:42:59 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

Error: (09/29/2016 02:40:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (09/29/2016 02:40:25 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.

Error: (09/29/2016 02:40:00 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/28/2016 09:37:08 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/28/2016 05:51:51 PM) (Source: DCOM) (EventID: 10010) (User: MAX)
Description: The server App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca did not register with DCOM within the required timeout.

Error: (09/28/2016 10:05:50 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/28/2016 09:22:00 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

CodeIntegrity:
===================================
  Date: 2016-09-29 02:34:10.496
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows.old\WINDOWS\WinSxS\x86_microsoft-windows-utilman_31bf3856ad364e35_10.0.10586.0_none_3310acc4233710cd\Utilman.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-09-29 02:34:10.490
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows.old\WINDOWS\WinSxS\x86_microsoft-windows-utilman_31bf3856ad364e35_10.0.10586.0_none_3310acc4233710cd\Utilman.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-09-29 02:34:10.485
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows.old\WINDOWS\WinSxS\x86_microsoft-windows-utilman_31bf3856ad364e35_10.0.10586.0_none_3310acc4233710cd\Utilman.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-09-29 02:31:26.804
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows.old\WINDOWS\WinSxS\wow64_windows-devices-perception_31bf3856ad364e35_10.0.10586.0_none_5c4fdcd072d3b010\Windows.Devices.Perception.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-09-29 02:31:26.761
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows.old\WINDOWS\WinSxS\wow64_windows-devices-perception_31bf3856ad364e35_10.0.10586.0_none_5c4fdcd072d3b010\Windows.Devices.Perception.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-09-29 02:31:26.737
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows.old\WINDOWS\WinSxS\wow64_windows-devices-perception_31bf3856ad364e35_10.0.10586.0_none_5c4fdcd072d3b010\Windows.Devices.Perception.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-09-29 02:31:11.976
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows.old\WINDOWS\WinSxS\wow64_microsoft-xbox-gameoverlay_31bf3856ad364e35_10.0.10586.589_none_b5eef605bad2c432\GamePanel.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-09-29 02:31:11.957
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows.old\WINDOWS\WinSxS\wow64_microsoft-xbox-gameoverlay_31bf3856ad364e35_10.0.10586.589_none_b5eef605bad2c432\GamePanel.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-09-29 02:31:11.946
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows.old\WINDOWS\WinSxS\wow64_microsoft-xbox-gameoverlay_31bf3856ad364e35_10.0.10586.589_none_b5eef605bad2c432\GamePanel.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-09-29 02:31:11.819
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows.old\WINDOWS\WinSxS\wow64_microsoft-xbox-gameoverlay_31bf3856ad364e35_10.0.10586.0_none_d5900c5d06088674\GamePanel.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 46%
Total physical RAM: 6028.22 MB
Available physical RAM: 3222.99 MB
Total Virtual: 7692.22 MB
Available Virtual: 4618.05 MB

==================== Drives ================================

Drive c: (TI10653400C) (Fixed) (Total:584.89 GB) (Free:403.94 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

[cchao]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-09-2016
Ran by ChiemMax (administrator) on MAX (29-09-2016 21:58:15)
Running from C:\Users\ChiemMax\Downloads
Loaded Profiles: ChiemMax (Available Profiles: ChiemMax & Kao & Guest)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Toshiba Corporation) C:\Program Files\Toshiba\Teco\TecoService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Pokki) C:\Users\ChiemMax\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.190.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Pokki) C:\Users\ChiemMax\AppData\Local\SweetLabs App Platform\Engine\ServiceStartMenuIndexer.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft® Windows® Operating System) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13261456 2012-12-10] (Realtek Semiconductor)
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-08-19] (SRS Labs, Inc.)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1548952 2012-08-04] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954880 2015-10-08] (Synaptics Incorporated)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-25] (Microsoft Corporation)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [1010144 2016-05-31] (DivX, LLC)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [296520 2014-09-08] (RealNetworks, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-3173931314-375326031-4078295803-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31344744 2015-02-26] (Skype Technologies S.A.)
HKU\S-1-5-21-3173931314-375326031-4078295803-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-3173931314-375326031-4078295803-1001\...\Policies\Explorer: [NoLogOff] 0
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\ChiemMax\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll [2016-08-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\ChiemMax\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll [2016-08-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\ChiemMax\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll [2016-08-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\ChiemMax\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncShell.dll [2016-08-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\ChiemMax\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncShell.dll [2016-08-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\ChiemMax\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncShell.dll [2016-08-24] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GoPro Importer.lnk [2014-11-18]
ShortcutTarget: GoPro Importer.lnk -> C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe (GoPro)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk [2014-09-08]
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\simplicheck.lnk [2014-04-29]
ShortcutTarget: simplicheck.lnk -> C:\Program Files (x86)\simplitec\simplicheck\simplicheck.exe (simplitec)
Startup: C:\Users\ChiemMax\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnk [2016-09-22]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnk -> C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4595c5ec-d96f-4960-8ad4-7ac003865b72}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{dae21416-1012-4ff9-a22e-3b23a3648377}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.toshiba.com?cid=J13
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://home.toshiba.com?cid=J13
HKU\S-1-5-21-3173931314-375326031-4078295803-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.toshiba.com?cid=J13
HKU\S-1-5-21-3173931314-375326031-4078295803-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://home.toshiba.com?cid=J13
HKU\S-1-5-21-3173931314-375326031-4078295803-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://mystart.toshiba.com
HKU\S-1-5-21-3173931314-375326031-4078295803-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.toshiba.com
SearchScopes: HKU\S-1-5-21-3173931314-375326031-4078295803-1001 -> DefaultScope {092D274F-B0F4-43C8-A50C-5C4021B21C1C} URL = hxxp://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=586383&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3173931314-375326031-4078295803-1001 -> {092D274F-B0F4-43C8-A50C-5C4021B21C1C} URL = hxxp://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=586383&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3173931314-375326031-4078295803-1001 -> {25A670C9-D00F-49EC-978F-E37C2C7EB4B2} URL =
BHO: UniDeals -> {2057ff9a-aa1e-4e04-b371-79f0118c986a} -> C:\Program Files (x86)\UniDeals\OeANTqt79FLsuz.x64.dll => No File
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2014-07-30] (RealDownloader)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-08-16] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-08-14] (Oracle Corporation)
BHO: youtubeadblocker -> {78f2079a-7049-47b3-897f-9fbc294bb718} -> C:\Program Files (x86)\youtubeadblocker\TkEZdF7pfyfwBS.x64.dll => No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-08-16] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-08-14] (Oracle Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-07-30] (RealDownloader)
DPF: HKLM-x32 {206599BA-54C3-4B56-8B27-361541F02B36} hxxp://webs-cp1.irt.csus.edu/~wireless/clientconfig/tools/xc_loader_activex.ocx
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\ChiemMax\AppData\Roaming\Mozilla\Firefox\Profiles\y98f42bd.default-1475142416062
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-13] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-08-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-08-14] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-13] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2016-05-13] (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-07-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.13.2 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2014-09-08] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.13 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-07-30] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.13.2 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2014-09-08] (RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-02] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-11] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3173931314-375326031-4078295803-1001: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\ChiemMax\AppData\Roaming\CATALI~1\NPBCSK~1.DLL [2013-06-07] (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2013-08-02] (Coupons, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{9D2AA73B-6049-4799-B8AC-925723370070}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: (RealDownloader) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-09-08] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\660636837.js [2016-09-26] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\660636837.cfg [2016-09-26] <==== ATTENTION

Chrome:
=======
CHR Profile: C:\Users\ChiemMax\AppData\Local\Google\Chrome\User Data\Default [2016-09-28]
CHR Profile: C:\Users\ChiemMax\AppData\Local\Google\Chrome\User Data\Profile 1 [2016-09-29]
CHR Extension: (Google Drive) - C:\Users\ChiemMax\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-28]
CHR Extension: (YouTube) - C:\Users\ChiemMax\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ChiemMax\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-28]
CHR Extension: (Gmail) - C:\Users\ChiemMax\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-28]
CHR Extension: (Chrome Media Router) - C:\Users\ChiemMax\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-28]
CHR HKLM-x32\...\Chrome\Extension: [fceceljfbadldniaddpngjefflokdoea] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha9916\ch\WebexpEnhancedV1alpha9916.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3192560 2016-07-26] (Microsoft Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation) [File not signed]
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation) [File not signed]
R2 NAT; C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe [232424 2013-10-11] (Symantec Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-07-30] ()
R2 RealPlayer Cloud Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1141848 2014-09-08] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-07-30] () [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-12-10] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255168 2015-10-08] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 ccSet_NAT; C:\Windows\system32\drivers\NATx64\010A000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
R2 IntelHaxm; C:\Windows\system32\DRIVERS\IntelHaxm.sys [84992 2015-01-30] (Intel  Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation) [File not signed]
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [433912 2016-07-13] (Realsil Semiconductor Corporation)
R3 rtwlane_13; C:\Windows\System32\drivers\rtwlane_13.sys [3717120 2016-07-16] (Realtek Semiconductor Corporation                           )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [51392 2015-10-08] (Synaptics Incorporated)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
S3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [54424 2015-07-29] (Toshiba Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-29 21:54 - 2016-09-29 21:56 - 00038043 _____ C:\Users\ChiemMax\Downloads\Addition.txt
2016-09-29 21:52 - 2016-09-29 21:58 - 00024315 _____ C:\Users\ChiemMax\Downloads\FRST.txt
2016-09-29 21:52 - 2016-09-29 21:52 - 00000000 ____D C:\FRST
2016-09-29 21:51 - 2016-09-29 21:52 - 02404352 _____ (Farbar) C:\Users\ChiemMax\Downloads\FRST64.exe
2016-09-29 02:47 - 2016-09-29 02:47 - 00000000 ____D C:\Users\ChiemMax\Desktop\Old Firefox Data
2016-09-28 22:45 - 2016-09-29 02:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-09-28 19:27 - 2016-09-28 19:27 - 00038396 _____ C:\Users\ChiemMax\Downloads\TCMAudI_HPAII_HPAIIIDutyStatements.pdf
2016-09-28 18:33 - 2016-09-28 18:33 - 00078689 _____ C:\Users\ChiemMax\Downloads\AUDITORIFAB-203-SACRAMENTO.pdf
2016-09-26 14:22 - 2016-09-26 14:22 - 00000000 ____D C:\ProgramData\Webitar Production Inc
2016-09-25 23:01 - 2016-09-25 23:01 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-09-25 22:57 - 2016-09-26 12:23 - 00000000 ____D C:\Users\ChiemMax\AppData\Local\ConnectedDevicesPlatform
2016-09-25 22:57 - 2016-09-25 22:57 - 00000020 ___SH C:\Users\ChiemMax\ntuser.ini
2016-09-25 22:57 - 2016-09-25 22:50 - 00000000 ___DC C:\WINDOWS\Panther
2016-09-25 22:53 - 2016-09-25 22:53 - 00000000 ____D C:\Windows.old
2016-09-25 22:51 - 2016-09-25 22:51 - 23681024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 22566400 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 22218808 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 20965248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 19417088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 19416576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 17187840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 13867520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 13434368 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 13081088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 12345856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 12174336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 09260032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmploc.DLL
2016-09-25 22:51 - 2016-09-25 22:51 - 09260032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmploc.DLL
2016-09-25 22:51 - 2016-09-25 22:51 - 09128448 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 08156592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 08122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 07813472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 07792640 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 07654912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 07623680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 07468032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 07220224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 07219672 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 06653592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 06574592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 06109184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 06043136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 05721808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 05684736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 05622600 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 05384192 _____ (Microsoft) C:\WINDOWS\system32\dbgeng.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 05376000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 04747776 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 04557824 _____ (Microsoft) C:\WINDOWS\SysWOW64\dbgeng.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 04130944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 03893376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 03776512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 03617792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-09-25 22:51 - 2016-09-25 22:51 - 03435008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 03305984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 03299328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 03245056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 03116544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAJApi.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 03105792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 02999296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-09-25 22:51 - 2016-09-25 22:51 - 02947072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 02913104 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 02852864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 02846208 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 02820096 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2016-09-25 22:51 - 2016-09-25 22:51 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2016-09-25 22:51 - 2016-09-25 22:51 - 02745224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 02711040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 02630144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 02537824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-09-25 22:51 - 2016-09-25 22:51 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 02481768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 02446696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 02424320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Perception.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 02423296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAJApi.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 02370048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 02360832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 02315264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 02289664 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 02264064 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 02256224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-09-25 22:51 - 2016-09-25 22:51 - 02251432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 02217472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 02214784 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 02208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.3D.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 02190688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-09-25 22:51 - 2016-09-25 22:51 - 02183792 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 02166232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 02143232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 02107392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 02095616 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-09-25 22:51 - 2016-09-25 22:51 - 02083840 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 02049480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 02026496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-09-25 22:51 - 2016-09-25 22:51 - 01993216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01990640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01980768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01966288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01905664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01891328 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01883784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01859264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01853232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01847048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01780736 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01755136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01738040 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01707512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01690112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01656320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Perception.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01656320 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01595904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01570680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01557296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01555456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01534464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.3D.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-09-25 22:51 - 2016-09-25 22:51 - 01503032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01491968 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01472536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01469120 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01456640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01453992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01430208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01403392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Editing.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01377008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 01362504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpmde.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01360456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01349120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-09-25 22:51 - 2016-09-25 22:51 - 01349120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01343928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01316352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01312768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorDataService.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 01293312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 01282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01280352 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01267504 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01264912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01232384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01220608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01217880 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01176664 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01163696 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 01123360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01107456 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01106944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01105408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MiracastReceiver.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01099616 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 01082368 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01078784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01077760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01071728 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01066328 _____ (Microsoft Corporation) C:\WINDOWS\system32\pidgenx.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01066104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01052672 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01046976 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-09-25 22:51 - 2016-09-25 22:51 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01014784 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01013248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01006080 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00996192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-09-25 22:51 - 2016-09-25 22:51 - 00988000 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00980824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00963584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebcamUi.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00959488 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00959104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00955520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00944640 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00942432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2016-09-25 22:51 - 2016-09-25 22:51 - 00939872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pidgenx.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00936448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00911872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00905216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00895488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00885824 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00853344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebcamUi.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00820736 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00811416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00807776 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00806912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00804864 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MiracastReceiver.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00790760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00782176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00781824 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00773200 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00764936 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00761344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00758784 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00755656 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00755200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00743424 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00714240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-09-25 22:51 - 2016-09-25 22:51 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00681304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ClipSp.sys
2016-09-25 22:51 - 2016-09-25 22:51 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00674304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00665768 _____ (Microsoft Corporation) C:\WINDOWS\system32\GenValObj.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00658272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-09-25 22:51 - 2016-09-25 22:51 - 00650240 _____ (Microsoft) C:\WINDOWS\system32\DbgModel.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00642048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00640976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00619368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-09-25 22:51 - 2016-09-25 22:51 - 00611328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00601200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00595488 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00590952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00587968 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.UXRes.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.UXRes.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00554496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00552288 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00540160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00538112 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00536576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00529928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00526848 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00523712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMRServer.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\system32\w32time.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00509952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00508416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00500224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00461312 _____ (Microsoft) C:\WINDOWS\SysWOW64\DbgModel.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTMediaFrame.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00450392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-09-25 22:51 - 2016-09-25 22:51 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\das.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00444416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00442368 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00435040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-09-25 22:51 - 2016-09-25 22:51 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00423776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00410624 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00409944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2016-09-25 22:51 - 2016-09-25 22:51 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosResource.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosResource.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2016-09-25 22:51 - 2016-09-25 22:51 - 00408600 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsmf.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00405344 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-09-25 22:51 - 2016-09-25 22:51 - 00396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00396168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00389000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00382272 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00379744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2016-09-25 22:51 - 2016-09-25 22:51 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\NmaDirect.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00361096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsmf.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTMediaFrame.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00354264 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00340832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00327680 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00321792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00313560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00303968 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00302592 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NmaDirect.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-09-25 22:51 - 2016-09-25 22:51 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_WorkAccess.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00279904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-09-25 22:51 - 2016-09-25 22:51 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfksproxy.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00260096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00248320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2016-09-25 22:51 - 2016-09-25 22:51 - 00244816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafpos.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpipcfg.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\C_G18030.DLL
2016-09-25 22:51 - 2016-09-25 22:51 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbvideo.sys
2016-09-25 22:51 - 2016-09-25 22:51 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\C_G18030.DLL
2016-09-25 22:51 - 2016-09-25 22:51 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00224096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-09-25 22:51 - 2016-09-25 22:51 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToReceiver.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-09-25 22:51 - 2016-09-25 22:51 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00204288 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\DscCoreConfProv.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipboardServer.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00187232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-09-25 22:51 - 2016-09-25 22:51 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfksproxy.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tcpipcfg.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00178528 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00172528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ClipboardServer.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00168800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-09-25 22:51 - 2016-09-25 22:51 - 00162850 _____ C:\WINDOWS\system32\C_932.NLS
2016-09-25 22:51 - 2016-09-25 22:51 - 00160096 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\XamlTileRender.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-09-25 22:51 - 2016-09-25 22:51 - 00151224 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-09-25 22:51 - 2016-09-25 22:51 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00141824 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\SysWOW64\DscCoreConfProv.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\slc.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\MediaFoundation.DefaultPerceptionProvider.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00133472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2016-09-25 22:51 - 2016-09-25 22:51 - 00128352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-09-25 22:51 - 2016-09-25 22:51 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupugc.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00121368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slc.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00118112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\EhStorTcgDrv.sys
2016-09-25 22:51 - 2016-09-25 22:51 - 00117240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00114192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupugc.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MapControls.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MapControls.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00108384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-09-25 22:51 - 2016-09-25 22:51 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppc.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CastLaunch.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dasHost.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncPolicy.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00079536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00077664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2016-09-25 22:51 - 2016-09-25 22:51 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00073568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2016-09-25 22:51 - 2016-09-25 22:51 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappprxy.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncPolicy.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AddressParser.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\POSyncServices.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataPlatformHelperUtil.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00062816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2016-09-25 22:51 - 2016-09-25 22:51 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00057400 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\POSyncServices.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappprxy.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModelOOBE.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataPlatformHelperUtil.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AddressParser.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactActivation.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00050880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactActivation.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceassociation.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTypeHelperUtil.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00044472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataLanguageUtil.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-09-25 22:51 - 2016-09-25 22:51 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00041824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SysResetErr.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2016-09-25 22:51 - 2016-09-25 22:51 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTypeHelperUtil.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys
2016-09-25 22:51 - 2016-09-25 22:51 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataLanguageUtil.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00036168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfpmp.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceassociation.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\netiougc.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\encapi.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerSvc.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\delegatorprovider.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netiougc.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi_passthru.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\smphost.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExtrasXmlParser.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\encapi.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smphost.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\delegatorprovider.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi_passthru.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00020320 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExtrasXmlParser.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\C_IS2022.DLL
2016-09-25 22:51 - 2016-09-25 22:51 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanhlp.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\c_GSM7.DLL
2016-09-25 22:51 - 2016-09-25 22:51 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\C_IS2022.DLL
2016-09-25 22:51 - 2016-09-25 22:51 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\c_GSM7.DLL
2016-09-25 22:51 - 2016-09-25 22:51 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\spwmp.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosTrace.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosTrace.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spwmp.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosHost.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosHost.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccessRes.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccessRes.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdxm.ocx
2016-09-25 22:51 - 2016-09-25 22:51 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxmasf.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdxm.ocx
2016-09-25 22:51 - 2016-09-25 22:51 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxmasf.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneutilRes.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6r.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlStringsRes.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneutilRes.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneServiceRes.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6r.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlStringsRes.dll
2016-09-25 22:50 - 2016-09-25 22:50 - 00000000 _SHDL C:\Users\Default\My Documents
2016-09-25 22:50 - 2016-09-25 22:50 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2016-09-25 22:50 - 2016-09-25 22:50 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2016-09-25 22:50 - 2016-09-25 22:50 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2016-09-25 22:50 - 2016-09-25 22:50 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2016-09-25 22:50 - 2016-09-25 22:50 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2016-09-25 22:50 - 2016-09-25 22:50 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2016-09-25 22:50 - 2016-09-25 22:50 - 00000000 ____D C:\ProgramData\USOShared
2016-09-25 22:46 - 2016-09-25 22:49 - 00015243 _____ C:\WINDOWS\diagwrn.xml
2016-09-25 22:46 - 2016-09-25 22:49 - 00015243 _____ C:\WINDOWS\diagerr.xml
2016-09-25 22:45 - 2016-09-29 02:37 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-09-25 22:45 - 2016-09-25 22:45 - 00003290 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{9B921C9B-D96A-4F8D-BACB-B9222B514FC5}
2016-09-25 22:45 - 2016-09-25 22:45 - 00003058 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7C85745E-0C34-428A-9E07-F578F4658ECC}
2016-09-25 22:45 - 2016-09-25 22:45 - 00002872 _____ C:\WINDOWS\System32\Tasks\RNUpgradeHelperResumePrompt_ChiemMax
2016-09-25 22:45 - 2016-09-25 22:45 - 00002828 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task
2016-09-25 22:45 - 2016-09-25 22:45 - 00002826 _____ C:\WINDOWS\System32\Tasks\Test TimeTrigger
2016-09-25 22:45 - 2016-09-25 22:45 - 00002810 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3173931314-375326031-4078295803-1004
2016-09-25 22:45 - 2016-09-25 22:45 - 00002810 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3173931314-375326031-4078295803-1001
2016-09-25 22:45 - 2016-09-25 22:45 - 00002748 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3173931314-375326031-4078295803-500
2016-09-25 22:45 - 2016-09-25 22:45 - 00002732 _____ C:\WINDOWS\System32\Tasks\ReclaimerUpdateFiles_ChiemMax
2016-09-25 22:45 - 2016-09-25 22:45 - 00002716 _____ C:\WINDOWS\System32\Tasks\ReclaimerUpdateXML_ChiemMax
2016-09-25 22:45 - 2016-09-25 22:45 - 00002654 _____ C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3173931314-375326031-4078295803-1001
2016-09-25 22:45 - 2016-09-25 22:45 - 00002636 _____ C:\WINDOWS\System32\Tasks\SweetLabs App Platform
2016-09-25 22:45 - 2016-09-25 22:45 - 00002526 _____ C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3173931314-375326031-4078295803-1001
2016-09-25 22:45 - 2016-09-25 22:45 - 00002452 _____ C:\WINDOWS\System32\Tasks\RNUpgradeHelperLogonPrompt_ChiemMax
2016-09-25 22:45 - 2016-09-25 22:45 - 00002048 _____ C:\WINDOWS\System32\Tasks\Synaptics TouchPad Enhancements
2016-09-25 22:45 - 2016-09-25 22:45 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2016-09-25 22:45 - 2016-09-25 22:45 - 00000000 ____D C:\WINDOWS\System32\Tasks\TOSHIBA
2016-09-25 22:45 - 2016-09-25 22:45 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Anti-Theft
2016-09-25 22:45 - 2012-09-03 19:18 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3982691128-1410291285-1779925749-500
2016-09-25 22:44 - 2016-09-29 21:36 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-09-25 22:44 - 2016-09-25 22:45 - 00003426 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-09-25 22:44 - 2016-09-25 22:45 - 00003202 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-09-25 22:44 - 2016-09-25 22:45 - 00003044 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-09-25 22:44 - 2016-09-25 22:45 - 00002760 _____ C:\WINDOWS\System32\Tasks\DivXUpdate
2016-09-25 22:44 - 2016-09-25 22:45 - 00002510 _____ C:\WINDOWS\System32\Tasks\HPCustParticipation HP Deskjet 1050 J410 series
2016-09-25 22:44 - 2016-09-25 22:44 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2016-09-25 22:42 - 2016-09-25 22:42 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-09-25 22:37 - 2016-09-25 22:37 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-09-25 22:37 - 2016-09-25 22:37 - 00000000 ____D C:\Program Files\MSBuild
2016-09-25 22:37 - 2016-09-25 22:37 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-09-25 22:37 - 2016-09-25 22:37 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-09-25 22:36 - 2016-05-25 15:31 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2016-09-25 22:36 - 2016-05-25 15:31 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2016-09-25 22:36 - 2016-05-25 15:31 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2016-09-25 22:36 - 2016-05-25 12:03 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2016-09-25 22:36 - 2016-05-25 12:03 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-09-25 22:36 - 2016-05-25 12:03 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2016-09-25 22:35 - 2016-09-25 22:35 - 00199008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys
2016-09-25 22:19 - 2016-09-25 22:19 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-09-25 22:19 - 2016-09-25 22:19 - 00000000 ____D C:\Users\Default\AppData\LocalGoogle
2016-09-25 22:19 - 2016-09-25 22:19 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2016-09-25 22:19 - 2016-09-25 22:19 - 00000000 ____D C:\Users\Default User\AppData\LocalGoogle
2016-09-25 22:19 - 2016-09-25 22:19 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2016-09-25 22:12 - 2016-09-25 22:23 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2016-09-25 22:08 - 2016-09-26 23:50 - 00000000 ____D C:\Users\ChiemMax
2016-09-25 22:08 - 2016-09-25 22:29 - 00000000 ____D C:\Users\Kao
2016-09-25 22:08 - 2016-09-25 22:28 - 00000000 ____D C:\Users\Guest
2016-09-25 22:08 - 2016-09-25 22:08 - 00000000 _SHDL C:\Users\Kao\My Documents
2016-09-25 22:08 - 2016-09-25 22:08 - 00000000 _SHDL C:\Users\Kao\Documents\My Videos
2016-09-25 22:08 - 2016-09-25 22:08 - 00000000 _SHDL C:\Users\Kao\Documents\My Pictures
2016-09-25 22:08 - 2016-09-25 22:08 - 00000000 _SHDL C:\Users\Kao\Documents\My Music
2016-09-25 22:08 - 2016-09-25 22:08 - 00000000 _SHDL C:\Users\Guest\My Documents
2016-09-25 22:08 - 2016-09-25 22:08 - 00000000 _SHDL C:\Users\Guest\Documents\My Videos
2016-09-25 22:08 - 2016-09-25 22:08 - 00000000 _SHDL C:\Users\Guest\Documents\My Pictures
2016-09-25 22:08 - 2016-09-25 22:08 - 00000000 _SHDL C:\Users\Guest\Documents\My Music
2016-09-25 22:08 - 2016-09-25 22:08 - 00000000 _SHDL C:\Users\ChiemMax\My Documents
2016-09-25 22:08 - 2016-09-25 22:08 - 00000000 _SHDL C:\Users\ChiemMax\Documents\My Videos
2016-09-25 22:08 - 2016-09-25 22:08 - 00000000 _SHDL C:\Users\ChiemMax\Documents\My Pictures
2016-09-25 22:08 - 2016-09-25 22:08 - 00000000 _SHDL C:\Users\ChiemMax\Documents\My Music
2016-09-25 22:03 - 2016-09-25 22:03 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2016-09-25 22:03 - 2016-09-25 22:03 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2016-09-25 22:02 - 2016-09-25 22:13 - 00000000 ____D C:\Program Files\Intel
2016-09-25 22:02 - 2016-09-25 22:02 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2016-09-25 22:02 - 2016-09-25 22:02 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-09-25 22:02 - 2016-09-25 22:02 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
2016-09-25 22:02 - 2016-09-25 22:02 - 00000000 ____D C:\Program Files\Synaptics
2016-09-25 22:02 - 2016-09-25 22:02 - 00000000 ____D C:\Program Files\Realtek
2016-09-25 22:02 - 2016-07-16 04:41 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2016-09-25 22:02 - 2016-05-03 23:30 - 00081416 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2016-09-25 22:02 - 2016-05-03 23:30 - 00077832 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2016-09-25 21:59 - 2016-09-29 02:37 - 00342232 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-09-25 21:59 - 2016-09-29 02:30 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-09-25 21:59 - 2016-09-25 21:59 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2016-09-12 15:37 - 2016-09-12 15:37 - 00659552 _____ C:\Users\ChiemMax\Desktop\Typing Test.pdf
2016-09-12 15:35 - 2016-09-12 15:35 - 01581147 _____ C:\Users\ChiemMax\Desktop\Accounting Technician App.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-29 21:57 - 2016-07-16 04:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-09-29 21:57 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-09-29 21:56 - 2016-07-16 04:45 - 00000000 ____D C:\WINDOWS\INF
2016-09-29 21:45 - 2016-04-10 17:01 - 00000000 ____D C:\Users\ChiemMax\AppData\Local\SweetLabs App Platform
2016-09-29 21:32 - 2016-05-14 14:53 - 00000000 __SHD C:\Users\ChiemMax\IntelGraphicsProfiles
2016-09-29 02:44 - 2016-05-13 21:11 - 00922866 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-09-29 02:37 - 2015-08-14 01:04 - 00000091 _____ C:\HaxLogs.txt
2016-09-29 02:37 - 2013-07-25 00:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-09-29 02:36 - 2016-07-15 23:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2016-09-27 11:21 - 2013-02-14 12:15 - 00000000 ____D C:\Users\ChiemMax\AppData\Local\CrashDumps
2016-09-26 14:23 - 2015-08-14 00:16 - 00002379 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-09-26 14:23 - 2015-08-14 00:16 - 00002379 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-26 14:23 - 2013-07-25 00:00 - 00001284 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-09-26 14:23 - 2013-07-25 00:00 - 00001284 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-09-26 12:59 - 2016-07-16 04:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-09-26 12:46 - 2013-02-11 22:13 - 00000000 ____D C:\Users\ChiemMax\AppData\Local\Packages
2016-09-26 12:27 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\appcompat
2016-09-25 22:57 - 2016-07-16 04:47 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-09-25 22:57 - 2016-05-16 14:04 - 00000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2016-09-25 22:57 - 2013-02-11 21:04 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-09-25 22:53 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-09-25 22:53 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\rescache
2016-09-25 22:53 - 2016-07-15 23:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-09-25 22:52 - 2016-07-16 04:47 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-09-25 22:52 - 2016-07-16 04:47 - 00000000 ___SD C:\WINDOWS\system32\dsc
2016-09-25 22:52 - 2016-07-16 04:47 - 00000000 ___RD C:\Program Files\Windows Defender
2016-09-25 22:52 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2016-09-25 22:52 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2016-09-25 22:52 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\et-EE
2016-09-25 22:52 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\es-MX
2016-09-25 22:52 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\en-GB
2016-09-25 22:52 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-09-25 22:52 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-09-25 22:52 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\Provisioning
2016-09-25 22:52 - 2016-07-16 04:47 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-09-25 22:52 - 2016-07-15 23:04 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-09-25 22:50 - 2016-07-16 04:47 - 00000000 ____D C:\ProgramData\USOPrivate
2016-09-25 22:49 - 2016-07-15 23:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2016-09-25 22:45 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-09-25 22:45 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\Registration
2016-09-25 22:45 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2016-09-25 22:34 - 2013-10-29 16:50 - 00022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2016-09-25 22:33 - 2016-07-16 04:47 - 00000000 __RSD C:\WINDOWS\Media
2016-09-25 22:33 - 2016-07-16 04:47 - 00000000 __RHD C:\Users\Public\Libraries
2016-09-25 22:27 - 2013-10-09 19:17 - 00902046 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2016-09-25 22:23 - 2016-07-16 07:14 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2016-09-25 22:23 - 2016-07-16 04:47 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2016-09-25 22:23 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\ModemLogs
2016-09-25 22:23 - 2016-07-16 04:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-09-25 22:23 - 2016-04-10 17:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-09-25 22:23 - 2015-11-28 21:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-09-25 22:23 - 2015-11-28 21:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-09-25 22:23 - 2015-08-14 01:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android Studio
2016-09-25 22:23 - 2015-08-14 00:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2016-09-25 22:23 - 2015-08-14 00:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-09-25 22:23 - 2014-12-11 17:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX410 series
2016-09-25 22:23 - 2014-09-08 21:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
2016-09-25 22:23 - 2014-06-07 14:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3Filter
2016-09-25 22:23 - 2014-06-07 14:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2016-09-25 22:23 - 2014-03-03 16:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Respondus
2016-09-25 22:23 - 2014-01-20 18:54 - 00000000 ____D C:\Users\ChiemMax\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina – Print Savings
2016-09-25 22:23 - 2014-01-11 02:25 - 00000000 ____D C:\WINDOWS\system32\log
2016-09-25 22:23 - 2013-12-26 22:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2016-09-25 22:23 - 2013-12-14 00:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
2016-09-25 22:23 - 2013-10-29 16:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Anti-Theft
2016-09-25 22:23 - 2013-10-09 19:17 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2016-09-25 22:23 - 2013-08-20 00:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-09-25 22:23 - 2013-05-05 00:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-09-25 22:23 - 2013-03-13 09:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2016-09-25 22:23 - 2013-02-24 22:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-09-25 22:23 - 2012-09-23 22:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SRS Labs
2016-09-25 22:23 - 2012-09-23 22:02 - 00000000 ____D C:\WINDOWS\SysWOW64\Atheros_L1e
2016-09-25 22:23 - 2012-09-03 19:07 - 00000000 ____D C:\WINDOWS\en
2016-09-25 22:23 - 2012-09-03 18:49 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-09-25 22:23 - 2012-09-03 18:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2016-09-25 22:23 - 2012-09-03 18:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toshiba
2016-09-25 22:19 - 2015-10-29 23:28 - 00000000 ____D C:\Users\Default.migrated
2016-09-25 22:15 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-09-25 22:15 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2016-09-25 22:15 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\spool
2016-09-25 22:15 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2016-09-25 22:15 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2016-09-25 22:14 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-09-25 22:14 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-09-25 22:14 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-09-25 22:14 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2016-09-25 22:14 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\IME
2016-09-25 22:14 - 2014-12-11 17:02 - 00000000 ___HD C:\WINDOWS\system32\CanonIJ Uninstaller Information
2016-09-25 22:13 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-09-25 22:13 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\InputMethod
2016-09-25 22:13 - 2016-07-16 04:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-09-25 22:13 - 2014-11-18 19:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoPro
2016-09-25 22:13 - 2014-04-29 22:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simplitec
2016-09-25 22:13 - 2012-09-03 18:45 - 00000000 ____D C:\Program Files (x86)\Toshiba
2016-09-25 22:10 - 2014-12-23 23:59 - 00000000 ____D C:\Users\Kao\AppData\Local\Packages
2016-09-25 22:09 - 2015-11-30 20:23 - 00000000 ____D C:\Users\Guest\AppData\Local\Packages
2016-09-25 22:07 - 2016-07-15 23:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-09-25 22:03 - 2016-07-16 04:47 - 00000000 ___RD C:\WINDOWS\PrintDialog
2016-09-25 22:03 - 2016-07-16 04:47 - 00000000 ___RD C:\WINDOWS\MiracastView
2016-09-25 22:03 - 2016-07-16 04:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-09-23 00:09 - 2016-07-16 08:17 - 00000000 ___HD C:\$WINDOWS.~BT
2016-09-22 23:58 - 2014-09-09 22:04 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-09-22 23:49 - 2013-05-05 00:14 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-22 10:39 - 2013-05-05 00:14 - 00000910 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-20 16:18 - 2016-04-16 00:17 - 00002509 _____ C:\Users\ChiemMax\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2016-09-20 13:44 - 2013-03-01 00:03 - 00000000 ____D C:\Users\ChiemMax\Desktop\Max's stuff
2016-09-20 10:52 - 2013-02-24 22:04 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-09-15 12:42 - 2016-05-18 19:14 - 00000000 ____D C:\Users\ChiemMax\Desktop\Nikkie's stuff
2016-09-14 17:23 - 2013-08-20 00:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-09-14 17:23 - 2013-08-20 00:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-09-13 23:36 - 2013-08-14 23:30 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-09-13 23:26 - 2013-02-14 22:11 - 144199024 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-09-13 21:32 - 2015-10-30 00:19 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqsnap.dll
2016-09-13 21:32 - 2015-10-30 00:19 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqcertui.dll
2016-09-07 09:32 - 2016-07-16 04:49 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-09-07 09:32 - 2016-07-16 04:49 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2013-03-13 09:02 - 2013-03-13 09:02 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
C:\Users\ChiemMax\AppData\Local\Temp\af85-ef04-f96e-9c70.exe
C:\Users\ChiemMax\AppData\Local\Temp\lowproc.exe
C:\Users\ChiemMax\AppData\Local\Temp\stubhelper.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-09-25 21:59

==================== End of FRST.txt ============================

[B-boy/StyLe/]

Hi,

I need to see fresh logs from FRST since after MBAM cleaning the logs will be quite different so please download the latest version of FRST (from the link above) and run a new scan and post both logs - FRST.txt and Addition.txt in your next reply.

Thanks!

[cchao]

Okay I'm about to post up the updated scan results for frst and addition.

 

[cchao]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-10-2016
Ran by ChiemMax (administrator) on MAX (03-10-2016 12:37:06)
Running from C:\Users\ChiemMax\Downloads
Loaded Profiles: ChiemMax &  (Available Profiles: ChiemMax & Kao & Guest)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Toshiba Corporation) C:\Program Files\Toshiba\Teco\TecoService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Pokki) C:\Users\ChiemMax\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
(simplitec) C:\Program Files (x86)\simplitec\simplicheck\simplicheck.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.190.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Pokki) C:\Users\ChiemMax\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\MusNotification.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13261456 2012-12-10] (Realtek Semiconductor)
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-08-19] (SRS Labs, Inc.)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1548952 2012-08-04] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954880 2015-10-08] (Synaptics Incorporated)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-25] (Microsoft Corporation)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [1010144 2016-05-31] (DivX, LLC)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [296520 2014-09-08] (RealNetworks, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-3173931314-375326031-4078295803-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31344744 2015-02-26] (Skype Technologies S.A.)
HKU\S-1-5-21-3173931314-375326031-4078295803-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-3173931314-375326031-4078295803-1001\...\Policies\Explorer: [NoLogOff] 0
HKU\S-1-5-21-3173931314-375326031-4078295803-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31344744 2015-02-26] (Skype Technologies S.A.)
HKU\S-1-5-21-3173931314-375326031-4078295803-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-3173931314-375326031-4078295803-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoLogOff] 0
HKU\S-1-5-21-3173931314-375326031-4078295803-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-21-3173931314-375326031-4078295803-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\ChiemMax\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll [2016-08-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\ChiemMax\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll [2016-08-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\ChiemMax\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll [2016-08-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\ChiemMax\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncShell.dll [2016-08-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\ChiemMax\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncShell.dll [2016-08-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\ChiemMax\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncShell.dll [2016-08-24] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GoPro Importer.lnk [2016-10-03]
ShortcutTarget: GoPro Importer.lnk -> C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe (GoPro)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk [2016-10-03]
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\simplicheck.lnk [2016-10-03]
ShortcutTarget: simplicheck.lnk -> C:\Program Files (x86)\simplitec\simplicheck\simplicheck.exe (simplitec)
Startup: C:\Users\ChiemMax\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnk [2016-10-03]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnk -> C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4595c5ec-d96f-4960-8ad4-7ac003865b72}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{dae21416-1012-4ff9-a22e-3b23a3648377}: [DhcpNameServer] 192.168.1.1
ManualProxies:

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.toshiba.com?cid=J13
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://home.toshiba.com?cid=J13
HKU\S-1-5-21-3173931314-375326031-4078295803-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.toshiba.com?cid=J13
HKU\S-1-5-21-3173931314-375326031-4078295803-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://home.toshiba.com?cid=J13
HKU\S-1-5-21-3173931314-375326031-4078295803-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://mystart.toshiba.com
HKU\S-1-5-21-3173931314-375326031-4078295803-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.toshiba.com
HKU\S-1-5-21-3173931314-375326031-4078295803-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.toshiba.com?cid=J13
HKU\S-1-5-21-3173931314-375326031-4078295803-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://home.toshiba.com?cid=J13
HKU\S-1-5-21-3173931314-375326031-4078295803-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://mystart.toshiba.com
HKU\S-1-5-21-3173931314-375326031-4078295803-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.toshiba.com
HKU\S-1-5-21-3173931314-375326031-4078295803-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com
HKU\S-1-5-21-3173931314-375326031-4078295803-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
HKU\S-1-5-21-3173931314-375326031-4078295803-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.toshiba.com
HKU\S-1-5-21-3173931314-375326031-4078295803-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://mystart.toshiba.com
HKU\S-1-5-21-3173931314-375326031-4078295803-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com
HKU\S-1-5-21-3173931314-375326031-4078295803-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
HKU\S-1-5-21-3173931314-375326031-4078295803-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.toshiba.com
HKU\S-1-5-21-3173931314-375326031-4078295803-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://mystart.toshiba.com
SearchScopes: HKU\S-1-5-21-3173931314-375326031-4078295803-1001 -> DefaultScope {092D274F-B0F4-43C8-A50C-5C4021B21C1C} URL =
SearchScopes: HKU\S-1-5-21-3173931314-375326031-4078295803-1001 -> {25A670C9-D00F-49EC-978F-E37C2C7EB4B2} URL =
SearchScopes: HKU\S-1-5-21-3173931314-375326031-4078295803-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {092D274F-B0F4-43C8-A50C-5C4021B21C1C} URL =
SearchScopes: HKU\S-1-5-21-3173931314-375326031-4078295803-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {25A670C9-D00F-49EC-978F-E37C2C7EB4B2} URL =
SearchScopes: HKU\S-1-5-21-3173931314-375326031-4078295803-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {25A670C9-D00F-49EC-978F-E37C2C7EB4B2} URL =
SearchScopes: HKU\S-1-5-21-3173931314-375326031-4078295803-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {25A670C9-D00F-49EC-978F-E37C2C7EB4B2} URL =
BHO: UniDeals -> {2057ff9a-aa1e-4e04-b371-79f0118c986a} -> C:\Program Files (x86)\UniDeals\OeANTqt79FLsuz.x64.dll => No File
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2014-07-30] (RealDownloader)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-08-16] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-08-14] (Oracle Corporation)
BHO: youtubeadblocker -> {78f2079a-7049-47b3-897f-9fbc294bb718} -> C:\Program Files (x86)\youtubeadblocker\TkEZdF7pfyfwBS.x64.dll => No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-08-16] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-08-14] (Oracle Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-07-30] (RealDownloader)
DPF: HKLM-x32 {206599BA-54C3-4B56-8B27-361541F02B36} hxxp://webs-cp1.irt.csus.edu/~wireless/clientconfig/tools/xc_loader_activex.ocx
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\ChiemMax\AppData\Roaming\Mozilla\Firefox\Profiles\y98f42bd.default-1475142416062 [2016-10-03]
FF HKLM-x32\...\Firefox\Extensions: [{9D2AA73B-6049-4799-B8AC-925723370070}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: (RealDownloader) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-09-08] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-13] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-08-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-08-14] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-13] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2016-05-13] (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-07-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.13.2 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2014-09-08] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.13 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-07-30] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.13.2 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2014-09-08] (RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-02] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-11] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3173931314-375326031-4078295803-1001: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\ChiemMax\AppData\Roaming\CATALI~1\NPBCSK~1.DLL [2013-06-07] (Catalina Marketing Corporation)
FF Plugin HKU\S-1-5-21-3173931314-375326031-4078295803-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\ChiemMax\AppData\Roaming\CATALI~1\NPBCSK~1.DLL [2013-06-07] (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2013-08-02] (Coupons, Inc.)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\660636837.js [2016-09-26] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\660636837.cfg [2016-09-26] <==== ATTENTION

Chrome:
=======
CHR Profile: C:\Users\ChiemMax\AppData\Local\Google\Chrome\User Data\Default [2016-09-28]
CHR Profile: C:\Users\ChiemMax\AppData\Local\Google\Chrome\User Data\Profile 1 [2016-09-29]
CHR Extension: (Google Drive) - C:\Users\ChiemMax\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-28]
CHR Extension: (YouTube) - C:\Users\ChiemMax\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ChiemMax\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-28]
CHR Extension: (Gmail) - C:\Users\ChiemMax\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-28]
CHR Extension: (Chrome Media Router) - C:\Users\ChiemMax\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-28]
CHR HKLM-x32\...\Chrome\Extension: [fceceljfbadldniaddpngjefflokdoea] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha9916\ch\WebexpEnhancedV1alpha9916.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3192560 2016-07-26] (Microsoft Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 NAT; C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe [232424 2013-10-11] (Symantec Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-07-30] ()
R2 RealPlayer Cloud Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1141848 2014-09-08] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-07-30] () [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-12-10] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255168 2015-10-08] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 ccSet_NAT; C:\Windows\system32\drivers\NATx64\010A000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
R2 IntelHaxm; C:\Windows\system32\DRIVERS\IntelHaxm.sys [84992 2015-01-30] (Intel  Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-10-03] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [433912 2016-07-13] (Realsil Semiconductor Corporation)
R3 rtwlane_13; C:\Windows\System32\drivers\rtwlane_13.sys [3717120 2016-07-16] (Realtek Semiconductor Corporation                           )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [51392 2015-10-08] (Synaptics Incorporated)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
S3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [54424 2015-07-29] (Toshiba Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-03 12:36 - 2016-10-03 12:36 - 00000000 ____D C:\Users\ChiemMax\Downloads\FRST-OlderVersion
2016-10-02 23:18 - 2016-10-03 11:21 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-10-02 23:17 - 2016-10-03 02:26 - 00001176 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-10-02 23:17 - 2016-10-02 23:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-10-02 23:17 - 2016-10-02 23:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-10-02 23:17 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-10-02 23:17 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-10-02 23:14 - 2016-10-02 23:16 - 22851472 _____ (Malwarebytes ) C:\Users\ChiemMax\Desktop\mbam-setup-2.2.1.1043.exe
2016-09-29 21:54 - 2016-09-29 21:59 - 00052137 _____ C:\Users\ChiemMax\Downloads\Addition.txt
2016-09-29 21:52 - 2016-10-03 12:38 - 00028188 _____ C:\Users\ChiemMax\Downloads\FRST.txt
2016-09-29 21:52 - 2016-10-03 12:37 - 00000000 ____D C:\FRST
2016-09-29 21:51 - 2016-10-03 12:36 - 02404864 _____ (Farbar) C:\Users\ChiemMax\Downloads\FRST64.exe
2016-09-29 02:47 - 2016-09-29 02:47 - 00000000 ____D C:\Users\ChiemMax\Desktop\Old Firefox Data
2016-09-28 22:45 - 2016-09-29 02:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-09-28 19:27 - 2016-09-28 19:27 - 00038396 _____ C:\Users\ChiemMax\Downloads\TCMAudI_HPAII_HPAIIIDutyStatements.pdf
2016-09-28 18:33 - 2016-09-28 18:33 - 00078689 _____ C:\Users\ChiemMax\Downloads\AUDITORIFAB-203-SACRAMENTO.pdf
2016-09-26 14:22 - 2016-09-26 14:22 - 00000000 ____D C:\ProgramData\Webitar Production Inc
2016-09-25 23:01 - 2016-09-25 23:01 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-09-25 22:57 - 2016-09-26 12:23 - 00000000 ____D C:\Users\ChiemMax\AppData\Local\ConnectedDevicesPlatform
2016-09-25 22:57 - 2016-09-25 22:57 - 00000020 ___SH C:\Users\ChiemMax\ntuser.ini
2016-09-25 22:57 - 2016-09-25 22:50 - 00000000 ___DC C:\WINDOWS\Panther
2016-09-25 22:53 - 2016-09-25 22:53 - 00000000 ____D C:\Windows.old
2016-09-25 22:51 - 2016-09-25 22:51 - 23681024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 22566400 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 22218808 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 20965248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 19417088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 19416576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 17187840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 13867520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 13434368 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 13081088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 12345856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 12174336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 09260032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmploc.DLL
2016-09-25 22:51 - 2016-09-25 22:51 - 09260032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmploc.DLL
2016-09-25 22:51 - 2016-09-25 22:51 - 09128448 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 08156592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 08122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 07813472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 07792640 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 07654912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 07623680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 07468032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 07220224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 07219672 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 06653592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 06574592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 06109184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 06043136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 05721808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 05684736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 05622600 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 05384192 _____ (Microsoft) C:\WINDOWS\system32\dbgeng.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 05376000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 04747776 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 04557824 _____ (Microsoft) C:\WINDOWS\SysWOW64\dbgeng.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 04130944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 03893376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 03776512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 03617792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-09-25 22:51 - 2016-09-25 22:51 - 03435008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 03305984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 03299328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 03245056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 03116544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAJApi.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 03105792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 02999296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-09-25 22:51 - 2016-09-25 22:51 - 02947072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 02913104 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 02852864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 02846208 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 02820096 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2016-09-25 22:51 - 2016-09-25 22:51 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2016-09-25 22:51 - 2016-09-25 22:51 - 02745224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 02711040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 02630144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 02537824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-09-25 22:51 - 2016-09-25 22:51 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 02481768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 02446696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 02424320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Perception.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 02423296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAJApi.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 02370048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 02360832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 02315264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 02289664 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 02264064 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 02256224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-09-25 22:51 - 2016-09-25 22:51 - 02251432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 02217472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 02214784 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 02208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.3D.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 02190688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-09-25 22:51 - 2016-09-25 22:51 - 02183792 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 02166232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 02143232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 02107392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 02095616 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-09-25 22:51 - 2016-09-25 22:51 - 02083840 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 02049480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 02026496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-09-25 22:51 - 2016-09-25 22:51 - 01993216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01990640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01980768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01966288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01905664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01891328 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01883784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01859264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01853232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01847048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01780736 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01755136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01738040 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01707512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01690112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01656320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Perception.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01656320 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01595904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01570680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01557296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01555456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01534464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.3D.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-09-25 22:51 - 2016-09-25 22:51 - 01503032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01491968 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01472536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01469120 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01456640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01453992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01430208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01403392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Editing.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01377008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 01362504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpmde.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01360456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01349120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-09-25 22:51 - 2016-09-25 22:51 - 01349120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01343928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01316352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01312768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorDataService.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 01293312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 01282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01280352 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01267504 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01264912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01232384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01220608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01217880 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01176664 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01163696 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 01123360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01107456 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01106944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01105408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MiracastReceiver.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01099616 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 01082368 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01078784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01077760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01071728 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01066328 _____ (Microsoft Corporation) C:\WINDOWS\system32\pidgenx.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01066104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01052672 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01046976 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-09-25 22:51 - 2016-09-25 22:51 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01014784 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01013248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01006080 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00996192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-09-25 22:51 - 2016-09-25 22:51 - 00988000 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00980824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00963584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebcamUi.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00959488 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00959104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00955520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00944640 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00942432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2016-09-25 22:51 - 2016-09-25 22:51 - 00939872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pidgenx.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00936448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00911872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00905216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00895488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00885824 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00853344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebcamUi.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00820736 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00811416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00807776 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00806912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00804864 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MiracastReceiver.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00790760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00782176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00781824 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00773200 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00764936 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00761344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00758784 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00755656 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00755200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00743424 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00714240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-09-25 22:51 - 2016-09-25 22:51 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00681304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ClipSp.sys
2016-09-25 22:51 - 2016-09-25 22:51 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00674304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00665768 _____ (Microsoft Corporation) C:\WINDOWS\system32\GenValObj.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00658272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-09-25 22:51 - 2016-09-25 22:51 - 00650240 _____ (Microsoft) C:\WINDOWS\system32\DbgModel.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00642048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00640976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00619368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-09-25 22:51 - 2016-09-25 22:51 - 00611328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00601200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00595488 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00590952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00587968 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.UXRes.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.UXRes.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00554496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00552288 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00540160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00538112 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00536576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00529928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00526848 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00523712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMRServer.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\system32\w32time.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00509952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00508416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00500224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00461312 _____ (Microsoft) C:\WINDOWS\SysWOW64\DbgModel.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTMediaFrame.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00450392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-09-25 22:51 - 2016-09-25 22:51 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\das.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00444416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00442368 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00435040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-09-25 22:51 - 2016-09-25 22:51 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00423776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00410624 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00409944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2016-09-25 22:51 - 2016-09-25 22:51 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosResource.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosResource.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2016-09-25 22:51 - 2016-09-25 22:51 - 00408600 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsmf.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00405344 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-09-25 22:51 - 2016-09-25 22:51 - 00396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00396168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00389000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00382272 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00379744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2016-09-25 22:51 - 2016-09-25 22:51 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\NmaDirect.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00361096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsmf.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTMediaFrame.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00354264 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00340832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00327680 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00321792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00313560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00303968 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00302592 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NmaDirect.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-09-25 22:51 - 2016-09-25 22:51 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_WorkAccess.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00279904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-09-25 22:51 - 2016-09-25 22:51 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfksproxy.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00260096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00248320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2016-09-25 22:51 - 2016-09-25 22:51 - 00244816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafpos.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpipcfg.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\C_G18030.DLL
2016-09-25 22:51 - 2016-09-25 22:51 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbvideo.sys
2016-09-25 22:51 - 2016-09-25 22:51 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\C_G18030.DLL
2016-09-25 22:51 - 2016-09-25 22:51 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00224096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-09-25 22:51 - 2016-09-25 22:51 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToReceiver.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-09-25 22:51 - 2016-09-25 22:51 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00204288 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\DscCoreConfProv.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipboardServer.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00187232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-09-25 22:51 - 2016-09-25 22:51 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfksproxy.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tcpipcfg.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00178528 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00172528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ClipboardServer.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00168800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-09-25 22:51 - 2016-09-25 22:51 - 00162850 _____ C:\WINDOWS\system32\C_932.NLS
2016-09-25 22:51 - 2016-09-25 22:51 - 00160096 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\XamlTileRender.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-09-25 22:51 - 2016-09-25 22:51 - 00151224 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-09-25 22:51 - 2016-09-25 22:51 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00141824 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\SysWOW64\DscCoreConfProv.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\slc.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\MediaFoundation.DefaultPerceptionProvider.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00133472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2016-09-25 22:51 - 2016-09-25 22:51 - 00128352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-09-25 22:51 - 2016-09-25 22:51 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupugc.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00121368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slc.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00118112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\EhStorTcgDrv.sys
2016-09-25 22:51 - 2016-09-25 22:51 - 00117240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00114192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupugc.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MapControls.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MapControls.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00108384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-09-25 22:51 - 2016-09-25 22:51 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppc.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CastLaunch.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dasHost.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncPolicy.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00079536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00077664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2016-09-25 22:51 - 2016-09-25 22:51 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00073568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2016-09-25 22:51 - 2016-09-25 22:51 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappprxy.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncPolicy.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AddressParser.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\POSyncServices.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataPlatformHelperUtil.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00062816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2016-09-25 22:51 - 2016-09-25 22:51 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00057400 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\POSyncServices.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappprxy.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModelOOBE.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataPlatformHelperUtil.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AddressParser.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactActivation.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00050880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactActivation.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceassociation.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTypeHelperUtil.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00044472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataLanguageUtil.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-09-25 22:51 - 2016-09-25 22:51 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00041824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SysResetErr.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2016-09-25 22:51 - 2016-09-25 22:51 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTypeHelperUtil.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys
2016-09-25 22:51 - 2016-09-25 22:51 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataLanguageUtil.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00036168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfpmp.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceassociation.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\netiougc.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\encapi.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerSvc.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\delegatorprovider.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netiougc.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi_passthru.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\smphost.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExtrasXmlParser.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\encapi.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smphost.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\delegatorprovider.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi_passthru.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00020320 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExtrasXmlParser.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\C_IS2022.DLL
2016-09-25 22:51 - 2016-09-25 22:51 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanhlp.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\c_GSM7.DLL
2016-09-25 22:51 - 2016-09-25 22:51 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\C_IS2022.DLL
2016-09-25 22:51 - 2016-09-25 22:51 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\c_GSM7.DLL
2016-09-25 22:51 - 2016-09-25 22:51 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.exe
2016-09-25 22:51 - 2016-09-25 22:51 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\spwmp.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosTrace.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosTrace.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spwmp.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosHost.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosHost.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccessRes.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccessRes.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdxm.ocx
2016-09-25 22:51 - 2016-09-25 22:51 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxmasf.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdxm.ocx
2016-09-25 22:51 - 2016-09-25 22:51 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxmasf.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneutilRes.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6r.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlStringsRes.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneutilRes.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneServiceRes.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6r.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlStringsRes.dll
2016-09-25 22:50 - 2016-09-25 22:50 - 00000000 _SHDL C:\Users\Default\My Documents
2016-09-25 22:50 - 2016-09-25 22:50 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2016-09-25 22:50 - 2016-09-25 22:50 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2016-09-25 22:50 - 2016-09-25 22:50 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2016-09-25 22:50 - 2016-09-25 22:50 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2016-09-25 22:50 - 2016-09-25 22:50 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2016-09-25 22:50 - 2016-09-25 22:50 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2016-09-25 22:50 - 2016-09-25 22:50 - 00000000 ____D C:\ProgramData\USOShared
2016-09-25 22:46 - 2016-09-25 22:49 - 00015243 _____ C:\WINDOWS\diagwrn.xml
2016-09-25 22:46 - 2016-09-25 22:49 - 00015243 _____ C:\WINDOWS\diagerr.xml
2016-09-25 22:45 - 2016-10-03 02:15 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-09-25 22:45 - 2016-09-25 22:45 - 00003290 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{9B921C9B-D96A-4F8D-BACB-B9222B514FC5}
2016-09-25 22:45 - 2016-09-25 22:45 - 00003058 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7C85745E-0C34-428A-9E07-F578F4658ECC}
2016-09-25 22:45 - 2016-09-25 22:45 - 00002872 _____ C:\WINDOWS\System32\Tasks\RNUpgradeHelperResumePrompt_ChiemMax
2016-09-25 22:45 - 2016-09-25 22:45 - 00002828 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task
2016-09-25 22:45 - 2016-09-25 22:45 - 00002810 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3173931314-375326031-4078295803-1004
2016-09-25 22:45 - 2016-09-25 22:45 - 00002810 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3173931314-375326031-4078295803-1001
2016-09-25 22:45 - 2016-09-25 22:45 - 00002748 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3173931314-375326031-4078295803-500
2016-09-25 22:45 - 2016-09-25 22:45 - 00002732 _____ C:\WINDOWS\System32\Tasks\ReclaimerUpdateFiles_ChiemMax
2016-09-25 22:45 - 2016-09-25 22:45 - 00002716 _____ C:\WINDOWS\System32\Tasks\ReclaimerUpdateXML_ChiemMax
2016-09-25 22:45 - 2016-09-25 22:45 - 00002654 _____ C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3173931314-375326031-4078295803-1001
2016-09-25 22:45 - 2016-09-25 22:45 - 00002636 _____ C:\WINDOWS\System32\Tasks\SweetLabs App Platform
2016-09-25 22:45 - 2016-09-25 22:45 - 00002526 _____ C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3173931314-375326031-4078295803-1001
2016-09-25 22:45 - 2016-09-25 22:45 - 00002452 _____ C:\WINDOWS\System32\Tasks\RNUpgradeHelperLogonPrompt_ChiemMax
2016-09-25 22:45 - 2016-09-25 22:45 - 00002048 _____ C:\WINDOWS\System32\Tasks\Synaptics TouchPad Enhancements
2016-09-25 22:45 - 2016-09-25 22:45 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2016-09-25 22:45 - 2016-09-25 22:45 - 00000000 ____D C:\WINDOWS\System32\Tasks\TOSHIBA
2016-09-25 22:45 - 2016-09-25 22:45 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Anti-Theft
2016-09-25 22:45 - 2012-09-03 19:18 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3982691128-1410291285-1779925749-500
2016-09-25 22:44 - 2016-09-29 21:36 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-09-25 22:44 - 2016-09-25 22:45 - 00003426 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-09-25 22:44 - 2016-09-25 22:45 - 00003202 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-09-25 22:44 - 2016-09-25 22:45 - 00003044 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-09-25 22:44 - 2016-09-25 22:45 - 00002760 _____ C:\WINDOWS\System32\Tasks\DivXUpdate
2016-09-25 22:44 - 2016-09-25 22:45 - 00002510 _____ C:\WINDOWS\System32\Tasks\HPCustParticipation HP Deskjet 1050 J410 series
2016-09-25 22:44 - 2016-09-25 22:44 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2016-09-25 22:42 - 2016-09-25 22:42 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-09-25 22:37 - 2016-09-25 22:37 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-09-25 22:37 - 2016-09-25 22:37 - 00000000 ____D C:\Program Files\MSBuild
2016-09-25 22:37 - 2016-09-25 22:37 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-09-25 22:37 - 2016-09-25 22:37 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-09-25 22:36 - 2016-05-25 15:31 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2016-09-25 22:36 - 2016-05-25 15:31 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2016-09-25 22:36 - 2016-05-25 15:31 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2016-09-25 22:36 - 2016-05-25 12:03 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2016-09-25 22:36 - 2016-05-25 12:03 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-09-25 22:36 - 2016-05-25 12:03 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2016-09-25 22:35 - 2016-09-25 22:35 - 00199008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys
2016-09-25 22:19 - 2016-10-03 02:26 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-09-25 22:19 - 2016-09-25 22:19 - 00000000 ____D C:\Users\Default\AppData\LocalGoogle
2016-09-25 22:19 - 2016-09-25 22:19 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2016-09-25 22:19 - 2016-09-25 22:19 - 00000000 ____D C:\Users\Default User\AppData\LocalGoogle
2016-09-25 22:19 - 2016-09-25 22:19 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2016-09-25 22:12 - 2016-09-25 22:23 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2016-09-25 22:08 - 2016-09-26 23:50 - 00000000 ____D C:\Users\ChiemMax
2016-09-25 22:08 - 2016-09-25 22:29 - 00000000 ____D C:\Users\Kao
2016-09-25 22:08 - 2016-09-25 22:28 - 00000000 ____D C:\Users\Guest
2016-09-25 22:08 - 2016-09-25 22:08 - 00000000 _SHDL C:\Users\Kao\My Documents
2016-09-25 22:08 - 2016-09-25 22:08 - 00000000 _SHDL C:\Users\Kao\Documents\My Videos
2016-09-25 22:08 - 2016-09-25 22:08 - 00000000 _SHDL C:\Users\Kao\Documents\My Pictures
2016-09-25 22:08 - 2016-09-25 22:08 - 00000000 _SHDL C:\Users\Kao\Documents\My Music
2016-09-25 22:08 - 2016-09-25 22:08 - 00000000 _SHDL C:\Users\Guest\My Documents
2016-09-25 22:08 - 2016-09-25 22:08 - 00000000 _SHDL C:\Users\Guest\Documents\My Videos
2016-09-25 22:08 - 2016-09-25 22:08 - 00000000 _SHDL C:\Users\Guest\Documents\My Pictures
2016-09-25 22:08 - 2016-09-25 22:08 - 00000000 _SHDL C:\Users\Guest\Documents\My Music
2016-09-25 22:08 - 2016-09-25 22:08 - 00000000 _SHDL C:\Users\ChiemMax\My Documents
2016-09-25 22:08 - 2016-09-25 22:08 - 00000000 _SHDL C:\Users\ChiemMax\Documents\My Videos
2016-09-25 22:08 - 2016-09-25 22:08 - 00000000 _SHDL C:\Users\ChiemMax\Documents\My Pictures
2016-09-25 22:08 - 2016-09-25 22:08 - 00000000 _SHDL C:\Users\ChiemMax\Documents\My Music
2016-09-25 22:03 - 2016-09-25 22:03 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2016-09-25 22:03 - 2016-09-25 22:03 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2016-09-25 22:02 - 2016-09-25 22:13 - 00000000 ____D C:\Program Files\Intel
2016-09-25 22:02 - 2016-09-25 22:02 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2016-09-25 22:02 - 2016-09-25 22:02 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-09-25 22:02 - 2016-09-25 22:02 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
2016-09-25 22:02 - 2016-09-25 22:02 - 00000000 ____D C:\Program Files\Synaptics
2016-09-25 22:02 - 2016-09-25 22:02 - 00000000 ____D C:\Program Files\Realtek
2016-09-25 22:02 - 2016-07-16 04:41 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2016-09-25 22:02 - 2016-05-03 23:30 - 00081416 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2016-09-25 22:02 - 2016-05-03 23:30 - 00077832 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2016-09-25 21:59 - 2016-10-03 12:33 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-09-25 21:59 - 2016-09-29 02:37 - 00342232 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-09-25 21:59 - 2016-09-25 21:59 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2016-09-12 15:37 - 2016-09-12 15:37 - 00659552 _____ C:\Users\ChiemMax\Desktop\Typing Test.pdf
2016-09-12 15:35 - 2016-09-12 15:35 - 01581147 _____ C:\Users\ChiemMax\Desktop\Accounting Technician App.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-03 12:33 - 2016-04-10 17:01 - 00000000 ____D C:\Users\ChiemMax\AppData\Local\SweetLabs App Platform
2016-10-03 11:20 - 2016-05-14 14:53 - 00000000 __SHD C:\Users\ChiemMax\IntelGraphicsProfiles
2016-10-03 02:26 - 2016-05-13 21:47 - 00002415 _____ C:\Users\ChiemMax\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-10-03 02:26 - 2016-04-16 00:17 - 00002507 _____ C:\Users\ChiemMax\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2016-10-03 02:26 - 2016-04-10 17:30 - 00002691 _____ C:\Users\ChiemMax\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pirate Storm.lnk
2016-10-03 02:26 - 2016-04-10 17:29 - 00002768 _____ C:\Users\ChiemMax\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Goodgame Empire.lnk
2016-10-03 02:26 - 2016-04-10 17:29 - 00002724 _____ C:\Users\ChiemMax\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Edgeworld.lnk
2016-10-03 02:26 - 2016-04-10 17:05 - 00002707 _____ C:\Users\Public\Desktop\Skype.lnk
2016-10-03 02:26 - 2016-04-10 17:05 - 00002230 _____ C:\Users\ChiemMax\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Menu.lnk
2016-10-03 02:26 - 2016-03-14 21:38 - 00001953 _____ C:\Users\Public\Desktop\Battery Check Utility.lnk
2016-10-03 02:26 - 2015-11-28 21:07 - 00001770 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-10-03 02:26 - 2015-11-28 21:00 - 00001862 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2016-10-03 02:26 - 2015-08-14 00:16 - 00002287 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-03 02:26 - 2015-08-14 00:16 - 00002269 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-10-03 02:26 - 2015-07-07 21:14 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-10-03 02:26 - 2015-07-07 21:14 - 00002072 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-10-03 02:26 - 2014-09-08 21:13 - 00001285 _____ C:\Users\Public\Desktop\RealPlayer Cloud.lnk
2016-10-03 02:26 - 2014-06-07 14:28 - 00001140 _____ C:\Users\Public\Desktop\DivX Player.lnk
2016-10-03 02:26 - 2014-06-07 14:27 - 00001165 _____ C:\Users\Public\Desktop\DivX Converter.lnk
2016-10-03 02:26 - 2014-04-27 10:58 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-10-03 02:26 - 2014-03-03 16:45 - 00001964 _____ C:\Users\Public\Desktop\LockDown Browser.lnk
2016-10-03 02:26 - 2013-07-25 00:00 - 00001174 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-10-03 02:26 - 2013-07-25 00:00 - 00001156 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-10-03 02:26 - 2013-03-13 09:03 - 00002277 _____ C:\Users\Public\Desktop\HP Deskjet 1050 J410 series.lnk
2016-10-03 02:26 - 2013-03-13 09:03 - 00001996 _____ C:\Users\Public\Desktop\HP Photo Creations.lnk
2016-10-03 02:26 - 2013-03-13 09:03 - 00001199 _____ C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet 1050 J410 series.lnk
2016-10-03 02:26 - 2012-09-03 19:11 - 00001078 _____ C:\Users\Public\Desktop\Desktop Assist.lnk
2016-10-03 02:26 - 2012-09-03 19:07 - 00001385 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2016-10-03 02:26 - 2012-09-03 19:07 - 00001316 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2016-10-03 02:26 - 2012-09-03 18:49 - 00002669 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games App - toshiba.lnk
2016-10-03 02:26 - 2012-09-03 18:47 - 00002067 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Toshiba Book Place.lnk
2016-10-03 02:26 - 2012-09-03 18:47 - 00002063 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toshiba Registration.lnk
2016-10-03 02:25 - 2014-11-18 19:54 - 00001135 _____ C:\Users\ChiemMax\Desktop\GoPro Studio.lnk
2016-10-03 02:25 - 2014-06-07 14:28 - 00001525 _____ C:\Users\ChiemMax\Desktop\DivX Movies.lnk
2016-10-03 02:22 - 2016-05-13 21:11 - 00961238 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-10-03 02:15 - 2015-08-14 01:04 - 00000091 _____ C:\HaxLogs.txt
2016-10-03 02:14 - 2016-07-16 04:47 - 00000000 ___RD C:\WINDOWS\PrintDialog
2016-10-03 02:14 - 2016-07-15 23:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2016-10-02 23:42 - 2016-07-16 04:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-10-02 23:18 - 2013-12-26 22:01 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-10-02 23:17 - 2013-12-26 22:01 - 00000000 ____D C:\Users\ChiemMax\AppData\Roaming\Malwarebytes
2016-10-02 23:01 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-10-01 11:58 - 2016-07-16 04:45 - 00000000 ____D C:\WINDOWS\INF
2016-10-01 11:51 - 2016-07-16 04:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-09-29 02:37 - 2013-07-25 00:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-09-27 11:21 - 2013-02-14 12:15 - 00000000 ____D C:\Users\ChiemMax\AppData\Local\CrashDumps
2016-09-26 12:46 - 2013-02-11 22:13 - 00000000 ____D C:\Users\ChiemMax\AppData\Local\Packages
2016-09-26 12:27 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\appcompat
2016-09-25 22:57 - 2016-07-16 04:47 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-09-25 22:57 - 2016-05-16 14:04 - 00000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2016-09-25 22:57 - 2013-02-11 21:04 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-09-25 22:53 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-09-25 22:53 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\rescache
2016-09-25 22:53 - 2016-07-15 23:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-09-25 22:52 - 2016-07-16 04:47 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-09-25 22:52 - 2016-07-16 04:47 - 00000000 ___SD C:\WINDOWS\system32\dsc
2016-09-25 22:52 - 2016-07-16 04:47 - 00000000 ___RD C:\Program Files\Windows Defender
2016-09-25 22:52 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2016-09-25 22:52 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2016-09-25 22:52 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\et-EE
2016-09-25 22:52 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\es-MX
2016-09-25 22:52 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\en-GB
2016-09-25 22:52 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-09-25 22:52 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-09-25 22:52 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\Provisioning
2016-09-25 22:52 - 2016-07-16 04:47 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-09-25 22:52 - 2016-07-15 23:04 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-09-25 22:50 - 2016-07-16 04:47 - 00000000 ____D C:\ProgramData\USOPrivate
2016-09-25 22:49 - 2016-07-15 23:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2016-09-25 22:45 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-09-25 22:45 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\Registration
2016-09-25 22:45 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2016-09-25 22:34 - 2013-10-29 16:50 - 00022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2016-09-25 22:33 - 2016-07-16 04:47 - 00000000 __RSD C:\WINDOWS\Media
2016-09-25 22:33 - 2016-07-16 04:47 - 00000000 __RHD C:\Users\Public\Libraries
2016-09-25 22:27 - 2013-10-09 19:17 - 00902046 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2016-09-25 22:23 - 2016-07-16 07:14 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2016-09-25 22:23 - 2016-07-16 04:47 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2016-09-25 22:23 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\ModemLogs
2016-09-25 22:23 - 2016-07-16 04:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-09-25 22:23 - 2016-04-10 17:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-09-25 22:23 - 2015-11-28 21:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-09-25 22:23 - 2015-11-28 21:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-09-25 22:23 - 2015-08-14 01:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android Studio
2016-09-25 22:23 - 2015-08-14 00:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2016-09-25 22:23 - 2015-08-14 00:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-09-25 22:23 - 2014-12-11 17:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX410 series
2016-09-25 22:23 - 2014-09-08 21:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
2016-09-25 22:23 - 2014-06-07 14:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2016-09-25 22:23 - 2014-03-03 16:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Respondus
2016-09-25 22:23 - 2014-01-20 18:54 - 00000000 ____D C:\Users\ChiemMax\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina – Print Savings
2016-09-25 22:23 - 2014-01-11 02:25 - 00000000 ____D C:\WINDOWS\system32\log
2016-09-25 22:23 - 2013-12-14 00:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
2016-09-25 22:23 - 2013-10-29 16:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Anti-Theft
2016-09-25 22:23 - 2013-10-09 19:17 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2016-09-25 22:23 - 2013-08-20 00:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-09-25 22:23 - 2013-05-05 00:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-09-25 22:23 - 2013-03-13 09:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2016-09-25 22:23 - 2013-02-24 22:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-09-25 22:23 - 2012-09-23 22:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SRS Labs
2016-09-25 22:23 - 2012-09-23 22:02 - 00000000 ____D C:\WINDOWS\SysWOW64\Atheros_L1e
2016-09-25 22:23 - 2012-09-03 19:07 - 00000000 ____D C:\WINDOWS\en
2016-09-25 22:23 - 2012-09-03 18:49 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-09-25 22:23 - 2012-09-03 18:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2016-09-25 22:23 - 2012-09-03 18:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toshiba
2016-09-25 22:19 - 2015-10-29 23:28 - 00000000 ____D C:\Users\Default.migrated
2016-09-25 22:15 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-09-25 22:15 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2016-09-25 22:15 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\spool
2016-09-25 22:15 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2016-09-25 22:15 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2016-09-25 22:14 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-09-25 22:14 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-09-25 22:14 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-09-25 22:14 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2016-09-25 22:14 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\IME
2016-09-25 22:14 - 2014-12-11 17:02 - 00000000 ___HD C:\WINDOWS\system32\CanonIJ Uninstaller Information
2016-09-25 22:13 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-09-25 22:13 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\InputMethod
2016-09-25 22:13 - 2016-07-16 04:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-09-25 22:13 - 2014-11-18 19:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoPro
2016-09-25 22:13 - 2014-04-29 22:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simplitec
2016-09-25 22:13 - 2012-09-03 18:45 - 00000000 ____D C:\Program Files (x86)\Toshiba
2016-09-25 22:10 - 2014-12-23 23:59 - 00000000 ____D C:\Users\Kao\AppData\Local\Packages
2016-09-25 22:09 - 2015-11-30 20:23 - 00000000 ____D C:\Users\Guest\AppData\Local\Packages
2016-09-25 22:07 - 2016-07-15 23:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-09-25 22:03 - 2016-07-16 04:47 - 00000000 ___RD C:\WINDOWS\MiracastView
2016-09-25 22:03 - 2016-07-16 04:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-09-23 00:09 - 2016-07-16 08:17 - 00000000 ___HD C:\$WINDOWS.~BT
2016-09-22 23:58 - 2014-09-09 22:04 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-09-22 23:49 - 2013-05-05 00:14 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-22 10:39 - 2013-05-05 00:14 - 00000910 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-20 13:44 - 2013-03-01 00:03 - 00000000 ____D C:\Users\ChiemMax\Desktop\Max's stuff
2016-09-20 10:52 - 2013-02-24 22:04 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-09-15 12:42 - 2016-05-18 19:14 - 00000000 ____D C:\Users\ChiemMax\Desktop\Nikkie's stuff
2016-09-14 17:23 - 2013-08-20 00:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-09-14 17:23 - 2013-08-20 00:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-09-13 23:36 - 2013-08-14 23:30 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-09-13 23:26 - 2013-02-14 22:11 - 144199024 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-09-13 21:32 - 2015-10-30 00:19 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqsnap.dll
2016-09-13 21:32 - 2015-10-30 00:19 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqcertui.dll
2016-09-07 09:32 - 2016-07-16 04:49 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-09-07 09:32 - 2016-07-16 04:49 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2013-03-13 09:02 - 2013-03-13 09:02 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
C:\Users\ChiemMax\AppData\Local\Temp\lowproc.exe
C:\Users\ChiemMax\AppData\Local\Temp\stubhelper.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-09-25 21:59

==================== End of FRST.txt ============================

[cchao]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-10-2016
Ran by ChiemMax (03-10-2016 12:40:34)
Running from C:\Users\ChiemMax\Downloads
Windows 10 Home Version 1607 (X64) (2016-09-26 05:50:57)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3173931314-375326031-4078295803-500 - Administrator - Disabled)
ChiemMax (S-1-5-21-3173931314-375326031-4078295803-1001 - Administrator - Enabled) => C:\Users\ChiemMax
DefaultAccount (S-1-5-21-3173931314-375326031-4078295803-503 - Limited - Disabled)
Guest (S-1-5-21-3173931314-375326031-4078295803-501 - Limited - Disabled) => C:\Users\Guest
Kao (S-1-5-21-3173931314-375326031-4078295803-1004 - Limited - Enabled) => C:\Users\Kao

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.6 - Atheros Communications Inc.)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon MX410 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX410_series) (Version:  - )
Catalina Savings Printer (HKLM-x32\...\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.4) (Version: 5.0.0.4 - Coupons.com Incorporated)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DivX Setup (HKLM\...\DivX Setup) (Version: 3.0.0.58 - DivX, LLC)
Edgeworld (HKU\S-1-5-21-3173931314-375326031-4078295803-1001\...\Pokki_2e9d53cc2b402b6e65aa9551308ca17a19c4721a) (Version: v1.1.8 - Pokki)
Edgeworld (HKU\S-1-5-21-3173931314-375326031-4078295803-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Pokki_2e9d53cc2b402b6e65aa9551308ca17a19c4721a) (Version: v1.1.8 - Pokki)
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Goodgame Empire (HKU\S-1-5-21-3173931314-375326031-4078295803-1001\...\Pokki_149b46d4a102c0304583931ceaa3f0bf19785ee3) (Version: v1.1.7 - Pokki)
Goodgame Empire (HKU\S-1-5-21-3173931314-375326031-4078295803-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Pokki_149b46d4a102c0304583931ceaa3f0bf19785ee3) (Version: v1.1.7 - Pokki)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.116 - Google Inc.)
Google Drive (HKLM-x32\...\{459CE109-4E46-4340-92BC-054642BC3BC2}) (Version: 1.31.2873.2758 - Google, Inc.)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
GoPro Studio 2.5.3 (HKLM-x32\...\GoPro Studio) (Version: 2.5.3 - GoPro, Inc.)
Host App Service (HKU\S-1-5-21-3173931314-375326031-4078295803-1001\...\SweetLabs_AP) (Version: 0.269.7.983 - Pokki)
Host App Service (HKU\S-1-5-21-3173931314-375326031-4078295803-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\SweetLabs_AP) (Version: 0.269.7.983 - Pokki)
HP Deskjet 1050 J410 series Basic Device Software (HKLM\...\{F294770E-F869-400F-81C3-614B5F13CA54}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 1050 J410 series Help (HKLM-x32\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard)
HP Deskjet 1050 J410 series Product Improvement Study (HKLM\...\{D638A23C-5C5F-4B71-A354-EC78B2BDD320}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4358 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{ECCB31F5-435D-4F37-A98D-5854D3C62718}) (Version: 1.1.1 - Intel Corporation)
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Java 7 Update 79 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417079FF}) (Version: 7.0.790 - Oracle)
Java SE Development Kit 7 Update 79 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170790}) (Version: 1.7.0.790 - Oracle)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4859.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50709.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 49.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 49.0.1 (x86 en-US)) (Version: 49.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.1.6109 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Norton Anti-Theft (HKLM-x32\...\NAT) (Version: 1.10.0.9 - Symantec Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4859.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4859.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4859.1002 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 8.6.3.49 - Electronic Arts, Inc.)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pirate Storm (HKU\S-1-5-21-3173931314-375326031-4078295803-1001\...\Pokki_17dd240efdb0c50e8a5015de26b6d100f1b1072c) (Version: v1.1.7 - Pokki)
Pirate Storm (HKU\S-1-5-21-3173931314-375326031-4078295803-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Pokki_17dd240efdb0c50e8a5015de26b6d100f1b1072c) (Version: v1.1.7 - Pokki)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Premium Sound HD (HKLM\...\{94F03B8E-CB73-4653-AFE9-79112C01FED2}) (Version: 1.12.5000 - SRS Labs, Inc.)
Print@Home (HKLM-x32\...\{123D4082-3194-4191-9139-067E9157C2B2}) (Version: 2.0.0 - Valassis Interactive Inc.)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
RealDownloader (x32 Version: 17.0.13 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.13 - RealNetworks)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31225 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6794 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\InstallShield_{95F38874-065A-40AB-AFC1-B764B192FFE7}) (Version: 2.00.0002 - REALTEK Semiconductor Corp.)
REALTEK Wireless LAN Driver (x32 Version: 2.00.0002 - REALTEK Semiconductor Corp.) Hidden
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Respondus LockDown Browser (HKLM-x32\...\{C0E5147E-C9F3-4360-9ED0-2E875F11766C}) (Version: 1.02.0001 - Respondus, Inc.)
simplitec simplicheck (HKLM-x32\...\{1F52F36E-895D-4E01-B4D4-E23C4FA4193B}) (Version: 1.3.10.0 - simplitec GmbH)
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
Start Menu (HKU\S-1-5-21-3173931314-375326031-4078295803-1001\...\SweetLabs_Start_Menu) (Version: 0.269.7.983 - Pokki)
Start Menu (HKU\S-1-5-21-3173931314-375326031-4078295803-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\SweetLabs_Start_Menu) (Version: 0.269.7.983 - Pokki)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.3 - Synaptics Incorporated)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.4 - TOSHIBA)
TOSHIBA Battery Check Utility (HKLM-x32\...\{5468E297-7EF8-4CB3-A091-F8714147793F}) (Version: 1.00.01.01 - Toshiba Corporation)
Toshiba Book Place (HKLM-x32\...\{24B45620-22B6-4E4A-B836-FF30A0B0404E}) (Version: 3.1.9534 - K-NFB Reading Technology, Inc.)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.02.01.6407 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0002.6401 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v1.0.0.8 - TOSHIBA Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.8.0 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{B1F241E1-90BF-4201-8977-A0DF85A38EBB}) (Version: 2.6.16.0 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0032 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.49.124  - Toshiba Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.8.7 - WildTangent) Hidden
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices  (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012  - GoPro)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3173931314-375326031-4078295803-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\ChiemMax\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3173931314-375326031-4078295803-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3173931314-375326031-4078295803-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\ChiemMax\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3173931314-375326031-4078295803-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A16B899-E1A0-4664-84CB-4B74F683B55A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {0F806BA1-F5EB-4125-BD5C-D7449598B520} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {102721B7-6556-4DFC-BAA2-FAA169CB569D} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-13] (Adobe Systems Incorporated)
Task: {10E4C34B-008E-46C8-AA92-FC3AA69D0A18} - \WPD\SqmUpload_S-1-5-21-3173931314-375326031-4078295803-1004 -> No File <==== ATTENTION
Task: {140AC0CE-0B51-4FCE-8B2B-7C6D16FEA64D} - System32\Tasks\RNUpgradeHelperLogonPrompt_ChiemMax => C:\Users\ChiemMax\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.04\agent\rnupgagent.exe [2016-09-19] (RealNetworks, Inc.)
Task: {156179CD-B645-45B8-A0BB-41CB4E11FABD} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-10-08] (Synaptics Incorporated)
Task: {1D3DB222-076A-45F8-ACED-CC59E1714E72} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3173931314-375326031-4078295803-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-07-30] (RealNetworks, Inc.)
Task: {1DD1B969-8EE9-41A3-8EDF-3C6F4B554B16} - System32\Tasks\ReclaimerUpdateFiles_ChiemMax => C:\Users\ChiemMax\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.04\agent\rnupgagent.exe [2016-09-19] (RealNetworks, Inc.)
Task: {2D160DC3-4325-44B0-8494-581D5D5EDBC9} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\ChiemMax\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-08-24] (Microsoft Corporation)
Task: {2D7CE78E-99B7-4080-9F78-A646A99A2B27} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {2E610597-DBBC-479F-A11A-9EFE28FB162F} - \WPD\SqmUpload_S-1-5-21-3173931314-375326031-4078295803-1001 -> No File <==== ATTENTION
Task: {34B05BAE-E9F6-46DA-A374-B0D3EA37027B} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe
Task: {385CCA66-F465-419E-9AB0-C1BD8CC0F27F} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {436236C4-F599-4C6A-A24E-0F163AE59462} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {44C2997F-3662-4BC8-BB8D-E3F87546DD46} - System32\Tasks\SweetLabs App Platform => C:\Users\ChiemMax\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe [2016-09-18] (Pokki)
Task: {4ED443F9-281E-4977-BEC3-C378667A80EE} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-07-26] (Microsoft Corporation)
Task: {58AF4125-4A11-4909-BEF1-63D3F2928D9B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-07-26] (Microsoft Corporation)
Task: {5ADCA1FA-962A-481C-A609-63C4C789FC9C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {6F63242D-2B55-4397-B8B9-D5D1F56387D0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {6F9D386D-0030-4C9B-84A8-96CD4B47A473} - System32\Tasks\RNUpgradeHelperResumePrompt_ChiemMax => C:\Users\ChiemMax\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.04\agent\rnupgagent.exe [2016-09-19] (RealNetworks, Inc.)
Task: {76BB9C74-AA84-4D08-9F8C-1BE57036D17A} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {7748F5B2-7FD4-461E-8AD7-8B76527F3516} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {788542ED-5303-4B16-B824-4968980B730B} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {84BD0DCC-589F-43C8-8CCD-7DFABBA7A7CF} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {87C57A02-095B-4857-B549-8A125556C529} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)
Task: {9486A3F4-64BD-4A83-AC57-1904AA60225C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {9C81902E-3CF4-419D-A0FA-55B208D6964E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {BCDA08FB-27E1-4DFD-891B-442CDB9B3DD5} - \Test TimeTrigger -> No File <==== ATTENTION
Task: {C442543D-96EF-4A8E-8F52-91B385DE8033} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2014-04-03] (TOSHIBA Corporation)
Task: {C62A74B6-DDCC-4E42-8D2E-1ED35D385303} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {C62BA55E-A659-4E58-BA28-A6B85E3FF1CE} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-09-13] (Microsoft Corporation)
Task: {D0C5920B-9496-4BEC-BA36-FD0225F26414} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {D27FD100-1684-423D-9204-1C041F873E6E} - System32\Tasks\ReclaimerUpdateXML_ChiemMax => C:\Users\ChiemMax\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.04\agent\rnupgagent.exe [2016-09-19] (RealNetworks, Inc.)
Task: {DAF2A3AB-96E1-4190-BEDD-4F9D11F91C7C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {EB31C7FE-1DFD-4A66-AE99-F7C6D602B947} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3173931314-375326031-4078295803-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-07-30] (RealNetworks, Inc.)
Task: {EBDF8BA2-82D5-4260-AA37-BB9EB457C828} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {F1B1564D-64DB-42EC-9507-CCF46257B3B9} - System32\Tasks\HPCustParticipation HP Deskjet 1050 J410 series => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
Task: {F20E20E0-247F-485E-8C53-1E94DE388FAE} - System32\Tasks\DivXUpdate => C:\Program Files (x86)\Common Files\DivX Shared\Qt4.8\DivXUpdate.exe [2016-04-13] (DivX, LLC)
Task: {F60131BF-C2F6-43ED-B03B-242F6A349FF3} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-07-26] (Microsoft Corporation)
Task: {FF3309A1-E815-449A-A6AF-B3AE457D10BD} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "

==================== Loaded Modules (Whitelisted) ==============

2014-03-19 22:38 - 2016-05-24 09:51 - 00116416 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-07-30 02:17 - 2014-07-30 02:17 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2015-10-13 06:45 - 2015-10-13 06:45 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 06:45 - 2015-10-13 06:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-07-30 05:04 - 2014-07-30 05:04 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2016-07-16 04:42 - 2016-07-16 04:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-08-24 15:16 - 2016-08-24 15:16 - 01864384 _____ () C:\Users\ChiemMax\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2016-07-27 22:50 - 2016-05-24 09:43 - 08909504 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 09760256 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01401344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 02438144 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-09-25 22:51 - 2016-09-25 22:51 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2012-07-18 18:38 - 2012-07-18 18:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2016-09-28 09:28 - 2016-09-28 09:30 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.190.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-09-28 09:28 - 2016-09-28 09:30 - 00178176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.190.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-09-28 09:28 - 2016-09-28 09:31 - 35250688 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.190.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2012-12-10 04:12 - 2012-12-10 04:12 - 00158536 _____ () C:\WINDOWS\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\slcc3d64.dll
2014-09-08 21:12 - 2014-09-08 21:12 - 00864856 _____ () C:\Program Files (x86)\Real\RealPlayer\RPDS\Plugins\cldplin.dll
2012-09-23 21:56 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2016-08-24 15:16 - 2016-08-24 15:16 - 01383616 _____ () C:\Users\ChiemMax\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll
2016-08-24 15:16 - 2016-08-24 15:16 - 00118976 _____ () C:\Users\ChiemMax\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncViews.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:054203E4 [150]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3173931314-375326031-4078295803-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ChiemMax\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\internet explorer wallpaper.bmp
HKU\S-1-5-21-3173931314-375326031-4078295803-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\ChiemMax\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\internet explorer wallpaper.bmp
HKU\S-1-5-21-3173931314-375326031-4078295803-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3173931314-375326031-4078295803-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "GoPro Importer.lnk"
HKLM\...\StartupApproved\Run32: => "Norton Online Backup"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKU\S-1-5-21-3173931314-375326031-4078295803-1001\...\StartupApproved\Run: => "BitTorrent"
HKU\S-1-5-21-3173931314-375326031-4078295803-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-3173931314-375326031-4078295803-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "BitTorrent"
HKU\S-1-5-21-3173931314-375326031-4078295803-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{90C25AFF-A40B-4810-B9AB-7F8D42E0C524}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{7E7C0F51-092D-4285-A5FF-D05A517D4BD0}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{9BA770AB-650C-4E98-83F4-52AF429C64A6}] => (Allow) C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\USBSetup.exe
FirewallRules: [{C0DAEA4B-3980-4122-A680-3676149F260E}] => (Allow) LPort=1900
FirewallRules: [{D735D71A-BF7C-4585-AD10-C13C9F5702D3}] => (Allow) LPort=2869
FirewallRules: [{B13C748B-2446-4AFD-A916-91C3CE2ACBB3}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{4CE683E0-6C64-43E9-9518-5CD837A4EE22}] => (Allow) C:\Users\ChiemMax\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{EBA2FDAF-8A1E-4D39-B2FB-C4B7F440EB0D}] => (Allow) C:\Users\ChiemMax\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [TCP Query User{9C0651AD-B0B1-46A5-BAD4-62E0C9E4D84C}C:\users\chiemmax\appdata\roaming\bittorrent\updates\7.9.0_30612.exe] => (Block) C:\users\chiemmax\appdata\roaming\bittorrent\updates\7.9.0_30612.exe
FirewallRules: [UDP Query User{5BF0D994-2402-4CEC-9194-01EED48BDBD2}C:\users\chiemmax\appdata\roaming\bittorrent\updates\7.9.0_30612.exe] => (Block) C:\users\chiemmax\appdata\roaming\bittorrent\updates\7.9.0_30612.exe
FirewallRules: [TCP Query User{1FC15E90-E1B2-44C5-93DB-E949ABB32E76}C:\users\chiemmax\appdata\roaming\bittorrent\updates\7.9.0_30612.exe] => (Block) C:\users\chiemmax\appdata\roaming\bittorrent\updates\7.9.0_30612.exe
FirewallRules: [UDP Query User{0B463137-DCC8-4973-AE01-6716862606B2}C:\users\chiemmax\appdata\roaming\bittorrent\updates\7.9.0_30612.exe] => (Block) C:\users\chiemmax\appdata\roaming\bittorrent\updates\7.9.0_30612.exe
FirewallRules: [{C306D245-DBF3-4942-92F7-CA55D39747AA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FAE5F26D-BEA4-4CE0-A15C-E9FA57A8A3E7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{277E7CF2-8E82-4FA8-AF00-ED6EAAFEA5AB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EB124B39-31BB-44F4-BA2A-EDA0E1259062}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{86882D68-CE29-404D-93A6-9017670FEF32}] => (Allow) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [TCP Query User{7AE9C0F6-F6F8-487F-8AA8-BD03E79D9A99}C:\program files (x86)\real\realplayer\realplay.exe] => (Allow) C:\program files (x86)\real\realplayer\realplay.exe
FirewallRules: [UDP Query User{3BF3A90A-AE27-4746-B99A-5EDA2F7DC6AE}C:\program files (x86)\real\realplayer\realplay.exe] => (Allow) C:\program files (x86)\real\realplayer\realplay.exe
FirewallRules: [{5C587D88-F907-47F9-9787-8DB690543FB0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DD3922BE-99B1-4F30-8401-347ABEC16CB8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{83483C1A-34FB-4829-BA90-3044F093D1F0}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{8CAC6E77-3DDC-4CE3-998D-34B7F8E6F01C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{0D1F52A6-F07E-493E-956F-9DEAF21BF8C3}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [UDP Query User{D5E9DCCE-C9F2-404A-BE24-5F4EE463D7EB}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [TCP Query User{2678EFDE-487B-4203-9700-7616318AC260}C:\program files (x86)\divx\divx media server\divxmediaserver.exe] => (Block) C:\program files (x86)\divx\divx media server\divxmediaserver.exe
FirewallRules: [UDP Query User{558B0FAE-276E-45EF-A049-CEB2CF18130F}C:\program files (x86)\divx\divx media server\divxmediaserver.exe] => (Block) C:\program files (x86)\divx\divx media server\divxmediaserver.exe
FirewallRules: [{9CDD2227-F49F-4268-8D78-244F790CC062}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{57C7D6D7-197A-419E-AA71-8D7BF421BF89}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9BE59FFB-70B0-4B9E-A432-90B357711208}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CB882AA0-16F1-46DC-B421-BDDED1A8FAD4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B253286F-9C7C-473A-9E36-B34B579E7A13}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{DA5CD53E-CD54-48DE-94A4-BC8B78710652}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FABC2212-07E8-4C6F-BF88-37DEAF0404E4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

26-09-2016 12:57:20 Windows Update
02-10-2016 23:09:09 Windows Modules Installer

==================== Faulty Device Manager Devices =============

Name: TOSHIBA x64 ACPI-Compliant Value Added Logical and General Purpose Device
Description: TOSHIBA x64 ACPI-Compliant Value Added Logical and General Purpose Device
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: TOSHIBA
Service: TVALZ
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: MATSHITA DVD-RAM UJ8C0
Description: CD-ROM Drive
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

==================== Event log errors: =========================

Application errors:
==================
Error: (10/03/2016 11:23:14 AM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (10/03/2016 02:21:52 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MAX)
Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (10/03/2016 02:21:52 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MAX)
Description: Activation of app Microsoft.WindowsAlarms_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (10/03/2016 02:21:52 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MAX)
Description: Activation of app Microsoft.WindowsAlarms_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (10/03/2016 02:21:43 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MAX)
Description: Activation of app Microsoft.SkypeApp_kzf8qxf38zg5c!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (10/03/2016 02:18:19 AM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (10/02/2016 11:10:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (10/02/2016 11:07:26 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (10/01/2016 12:18:41 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MAX)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (10/01/2016 12:18:41 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MAX)
Description: Activation of app Microsoft.WindowsAlarms_8wekyb3d8bbwe!App failed with error: -2147024865 See the Microsoft-Windows-TWinUI/Operational log for additional information.

System errors:
=============
Error: (10/03/2016 11:28:44 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/03/2016 11:23:37 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

Error: (10/03/2016 11:20:38 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/03/2016 02:21:43 AM) (Source: DCOM) (EventID: 10010) (User: MAX)
Description: The server App.AppX85gcbw533amccd2rr8qswxymhfj649t2.mca did not register with DCOM within the required timeout.

Error: (10/03/2016 02:19:36 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

Error: (10/03/2016 02:17:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (10/03/2016 02:17:06 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.

Error: (10/03/2016 02:16:37 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/02/2016 11:23:51 PM) (Source: DCOM) (EventID: 10016) (User: MAX)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user Max\ChiemMax SID (S-1-5-21-3173931314-375326031-4078295803-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (10/02/2016 11:08:44 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

CodeIntegrity:
===================================
  Date: 2016-10-03 11:23:46.323
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-10-03 11:23:46.141
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-10-01 12:08:43.942
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-10-01 12:08:43.939
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-10-01 12:08:43.934
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-10-01 12:08:29.699
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-10-01 12:08:29.691
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-10-01 12:08:28.745
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-10-01 12:08:28.736
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-10-01 12:08:27.286
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 64%
Total physical RAM: 6028.22 MB
Available physical RAM: 2113.19 MB
Total Virtual: 7692.22 MB
Available Virtual: 3463.67 MB

==================== Drives ================================

Drive c: (TI10653400C) (Fixed) (Total:584.89 GB) (Free:402.62 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

[B-boy/StyLe/]

Hello,

Please download the following file => fixlist.txt and save it to the Desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Regards,
Georgi

[cchao]

Fix result of Farbar Recovery Scan Tool (x64) Version: 03-10-2016
Ran by ChiemMax (03-10-2016 14:27:14) Run:1
Running from C:\Users\ChiemMax\Desktop
Loaded Profiles: ChiemMax (Available Profiles: ChiemMax & Kao & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
BHO: UniDeals -> {2057ff9a-aa1e-4e04-b371-79f0118c986a} -> C:\Program Files (x86)\UniDeals\OeANTqt79FLsuz.x64.dll => No File
C:\Program Files (x86)\UniDeals
BHO: youtubeadblocker -> {78f2079a-7049-47b3-897f-9fbc294bb718} -> C:\Program Files (x86)\youtubeadblocker\TkEZdF7pfyfwBS.x64.dll => No File
C:\Program Files (x86)\youtubeadblocker
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\660636837.js [2016-09-26] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\660636837.cfg [2016-09-26] <==== ATTENTION
CHR Extension: (Chrome Media Router) - C:\Users\ChiemMax\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-28]
CHR HKLM-x32\...\Chrome\Extension: [fceceljfbadldniaddpngjefflokdoea] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha9916\ch\WebexpEnhancedV1alpha9916.crx <not found>
2016-09-26 14:22 - 2016-09-26 14:22 - 00000000 ____D C:\ProgramData\Webitar Production Inc
Unlock: HKLM\SOFTWARE\Wow6432Node\Webitar Production Inc.
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Webitar Production Inc.
AlternateDataStreams: C:\ProgramData\TEMP:054203E4 [150]
cmd: bitsadmin /reset /allusers
cmd: netsh winsock reset catalog
cmd: ipconfig /flushdns
RemoveProxy:
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2057ff9a-aa1e-4e04-b371-79f0118c986a}" => key removed successfully
"HKCR\CLSID\{2057ff9a-aa1e-4e04-b371-79f0118c986a}" => key removed successfully
"C:\Program Files (x86)\UniDeals" => not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78f2079a-7049-47b3-897f-9fbc294bb718}" => key removed successfully
"HKCR\CLSID\{78f2079a-7049-47b3-897f-9fbc294bb718}" => key removed successfully
"C:\Program Files (x86)\youtubeadblocker" => not found.
C:\Program Files (x86)\mozilla firefox\defaults\pref\660636837.js => moved successfully
C:\Program Files (x86)\mozilla firefox\660636837.cfg => moved successfully
C:\Users\ChiemMax\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fceceljfbadldniaddpngjefflokdoea" => key removed successfully
C:\ProgramData\Webitar Production Inc => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Webitar Production Inc." => key was unlocked
HKLM\SOFTWARE\Wow6432Node\Webitar Production Inc. => key removed successfully
C:\ProgramData\TEMP => ":054203E4" ADS removed successfully.

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========

========= netsh winsock reset catalog =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

========= RemoveProxy: =========

HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-3173931314-375326031-4078295803-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-3173931314-375326031-4078295803-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

========= End of RemoveProxy: =========

=========== EmptyTemp: ==========

BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 56773763 B
Java, Flash, Steam htmlcache => 3750 B
Windows/system/drivers => 16299609 B
Edge => 2589783 B
Chrome => 275140830 B
Firefox => 383222630 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 323675 B
NetworkService => 220196 B
ChiemMax => 112876193 B
Kao => 31712 B
Guest => 9470 B

RecycleBin => 0 B
EmptyTemp: => 808.3 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 14:28:06 ====

[B-boy/StyLe/]

Hello,

Nice work!

Let's check for malware remnants:

 

STEP 1

 

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8 users right-click and select Run As Administrator.
• Click on the Scan button.
• AdwCleaner will begin to scan your computer.
• After the scan has finished click on the Clean button.
• Press OK when asked to close all programs and follow the onscreen prompts.
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
• After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
• Copy and paste the contents of that logfile in your next reply.
• A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

STEP 2

 

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

 

STEP 3

 

Please download ZHPCleaner (by NicolasCoolman) to your desktop.

• Double click on ZHPCleaner to run the tool. (Vista/Windows 7/8 users right-click and select Run As Administrator).
• Please click the button.
• Then press the button.
• During the scan any open instances of the browsers will be closed automatically.
• A logfile will automatically open after the scan has finished.
• Please post the contents of that logfile with your next reply.

 

That's it for now.

 

Regards,
Georgi

[cchao]

# AdwCleaner v6.020 - Logfile created 03/10/2016 at 15:36:36
# Updated on 14/09/2016 by ToolsLib
# Database : 2016-10-01.1 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : ChiemMax - MAX
# Running from : C:\Users\ChiemMax\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://toolslib.net/forum

 

***** [ Services ] *****

 

***** [ Folders ] *****

[-] Folder deleted: C:\ProgramData\{bd5801c3-58d5-785d-bd58-801c358d070d}
[-] Folder deleted: C:\Users\ChiemMax\AppData\Local\pokki
[#] Folder deleted on reboot: C:\Users\ChiemMax\AppData\Local\SweetLabs App Platform
[#] Folder deleted on reboot: C:\Users\ChiemMax\AppData\Local\Pokki
[-] Folder deleted: C:\Users\ChiemMax\AppData\LocalLow\Toolbar4
[-] Folder deleted: C:\Users\ChiemMax\AppData\Roaming\catalina – print savings
[-] Folder deleted: C:\Users\ChiemMax\AppData\Roaming\eCyber
[-] Folder deleted: C:\Users\ChiemMax\AppData\Roaming\iSafe
[-] Folder deleted: C:\Users\ChiemMax\AppData\Roaming\pccustubinstaller
[-] Folder deleted: C:\Users\ChiemMax\AppData\Roaming\RHEng
[-] Folder deleted: C:\Users\ChiemMax\Favorites\StumbleUpon
[-] Folder deleted: C:\Users\ChiemMax\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\catalina – print savings
[-] Folder deleted: C:\Users\Kao\Favorites\StumbleUpon
[-] Folder deleted: C:\Users\Guest\Favorites\StumbleUpon
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[-] Folder deleted: C:\Program Files (x86)\Coupons

***** [ Files ] *****

[-] File deleted: C:\Users\ChiemMax\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Goodgame Empire.lnk
[-] File deleted: C:\Users\ChiemMax\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
[-] File deleted: C:\WINDOWS\SysNative\log\iSafeKrnlCall.log
[-] File deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\simplicheck.lnk

***** [ DLL ] *****

 

***** [ WMI ] *****

 

***** [ Shortcuts ] *****

 

***** [ Scheduled Tasks ] *****

 

***** [ Registry ] *****

[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_149b46d4a102c0304583931ceaa3f0bf19785ee3
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_17dd240efdb0c50e8a5015de26b6d100f1b1072c
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_2e9d53cc2b402b6e65aa9551308ca17a19c4721a
[-] Key deleted: HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
[-] Key deleted: HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
[-] Key deleted: HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
[-] Key deleted: HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
[-] Key deleted: HKLM\SOFTWARE\Classes\TbHelper.TbRequest
[-] Key deleted: HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
[-] Key deleted: HKLM\SOFTWARE\Classes\TbHelper.TbTask
[-] Key deleted: HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
[-] Key deleted: HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
[-] Key deleted: HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\TbHelper.TbRequest
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\TbHelper.TbTask
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key deleted: HKU\S-1-5-21-3173931314-375326031-4078295803-1001\Software\APN PIP
[-] Key deleted: HKU\S-1-5-21-3173931314-375326031-4078295803-1001\Software\Pokki
[-] Key deleted: HKU\S-1-5-21-3173931314-375326031-4078295803-1001\Software\SweetLabs App Platform
[-] Key deleted: HKU\S-1-5-21-3173931314-375326031-4078295803-1001\Software\V9
[-] Key deleted: HKU\S-1-5-21-3173931314-375326031-4078295803-1001\Software\WEBAPP
[-] Key deleted: HKU\S-1-5-21-3173931314-375326031-4078295803-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
[-] Key deleted: HKU\S-1-5-21-3173931314-375326031-4078295803-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
[#] Key deleted on reboot: HKCU\Software\APN PIP
[#] Key deleted on reboot: HKCU\Software\Pokki
[#] Key deleted on reboot: HKCU\Software\SweetLabs App Platform
[#] Key deleted on reboot: HKCU\Software\V9
[#] Key deleted on reboot: HKCU\Software\WEBAPP
[-] Key deleted: HKLM\SOFTWARE\Better-Surf
[-] Key deleted: HKLM\SOFTWARE\iSafe
[-] Key deleted: HKLM\SOFTWARE\Pokki
[-] Key deleted: HKLM\SOFTWARE\Webexp Enhanced
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}
[#] Key deleted on reboot: [x64] HKCU\Software\APN PIP
[#] Key deleted on reboot: [x64] HKCU\Software\Pokki
[#] Key deleted on reboot: [x64] HKCU\Software\SweetLabs App Platform
[#] Key deleted on reboot: [x64] HKCU\Software\V9
[#] Key deleted on reboot: [x64] HKCU\Software\WEBAPP
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\499E8534DA7E759419D2048CB780D3D5
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5DCE3C04E576AD15F972B67D0725120C
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\62255E52F19EC97429A42D59D49024FA
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\930D9472A978D7A4EB16BF4DECB173B7
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AEB93799E8B47D14CA356E4343D632A4
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE7C2A75DF08824E9CEFDE20F655BD9
[-] Data restored: HKU\S-1-5-21-3173931314-375326031-4078295803-1001\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
[-] Data restored: HKU\S-1-5-21-3173931314-375326031-4078295803-1001\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages]
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages]
[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages]
[-] Value deleted: HKU\S-1-5-21-3173931314-375326031-4078295803-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [SearchProtection]
[-] Key deleted: HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
[-] Key deleted: HKCU\Software\Classes\Directory\shell\pokki
[-] Key deleted: HKCU\Software\Classes\Drive\shell\pokki
[-] Key deleted: HKCU\Software\Classes\lnkfile\shell\pokki
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE

***** [ Web browsers ] *****

[-] [C:\Users\ChiemMax\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\ChiemMax\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\ChiemMax\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: homepage-web.com
[-] [C:\Users\ChiemMax\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxps://homepage-web.com/?s=toshibaupd&m=start
[-] [C:\Users\ChiemMax\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\ChiemMax\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\Kao\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Kao\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [10006 Bytes] - [03/10/2016 15:36:36]
C:\AdwCleaner\AdwCleaner[S0].txt - [9717 Bytes] - [03/10/2016 15:32:38]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [10153 Bytes] ##########

 

[cchao]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.8 (09.20.2016)
Operating System: Windows 10 Home x64
Ran by ChiemMax (Administrator) on Mon 10/03/2016 at 15:46:52.08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

File System: 1

Successfully deleted: C:\WINDOWS\couponprinter.ocx (File)

 

Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{25A670C9-D00F-49EC-978F-E37C2C7EB4B2} (Registry Key)

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 10/03/2016 at 15:49:57.06
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[cchao]

~ ZHPCleaner v2016.10.3.155 by Nicolas Coolman (2016/10/03)
~ Run by ChiemMax (Administrator)  (03/10/2016 15:54:04)
~ Web: https://www.nicolascoolman.com
~ Blog: https://www.anti-malware.top
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Scan
~ Report : C:\Users\ChiemMax\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\ChiemMax\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Home, 64-bit  (Build 14393)

---\\  Services (0)
~ No malicious or unnecessary items found.

---\\  Browser internet (0)
~ No malicious or unnecessary items found.

---\\  Hosts file (1)
~ The hosts file is legitimate (21)

---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.

---\\  Explorer ( File, Folder) (13)
FOUND file: C:\Windows\Installer\wix{3540181E-340A-4E7A-B409-31663472B2F7}.SchedServiceConfig.rmi    =>.Superfluous.Empty
FOUND file: C:\Windows\Installer\wix{787136D2-F0F8-4625-AA3F-72D7795AC842}.SchedServiceConfig.rmi    =>.Superfluous.Empty
FOUND file: C:\Windows\Installer\wix{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}.SchedServiceConfig.rmi    =>.Superfluous.Empty
FOUND file: C:\Windows\Installer\wix{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}.SchedServiceConfig.rmi    =>.Superfluous.Empty
FOUND folder: C:\Program Files (x86)\QuickTime  =>Riskware.QuickTime
FOUND folder: C:\WINDOWS\Installer\MSI6F23.tmp-  =>.Superfluous.Empty
FOUND folder: C:\WINDOWS\Installer\MSI76C5.tmp-  =>.Superfluous.Empty
FOUND folder: C:\WINDOWS\Installer\MSI7F30.tmp-  =>.Superfluous.Empty
FOUND folder: C:\WINDOWS\Installer\MSI81E1.tmp-  =>.Superfluous.Empty
FOUND folder: C:\WINDOWS\Installer\MSIA56B.tmp-  =>.Superfluous.Empty
FOUND folder: C:\WINDOWS\Installer\MSIB3D0.tmp-  =>.Superfluous.Empty
FOUND folder: C:\WINDOWS\Installer\MSIB6EE.tmp-  =>.Superfluous.Empty
FOUND folder: C:\WINDOWS\Installer\MSIB700.tmp-  =>.Superfluous.Empty

---\\  Registry ( Key, Value, Data) (9)
FOUND value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task ["C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime]  =>Riskware.QuickTime
FOUND key: [X64] HKLM\SOFTWARE\Classes\cpbrkpie.Coupon6Ctrl.1 [cpbrkpie Control]  =>PUP.Optional.CouponBar
FOUND key: [X64] HKLM\SOFTWARE\Classes\P78f2079a_7049_47b3_897f_9fbc294bb718_.P78f2079a_7049_47b3_897f_9fbc294bb718_ [youtubeadblocker]  =>PUP.Optional.Multiplug
FOUND key: [X64] HKLM\SOFTWARE\Classes\P78f2079a_7049_47b3_897f_9fbc294bb718_.P78f2079a_7049_47b3_897f_9fbc294bb718_.9 [youtubeadblocker]  =>PUP.Optional.Multiplug
FOUND key: [X64] HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl [CustomInternetSecurityImpl Class]  =>PUP.Optional.BestToolbars
FOUND key: [X64] HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1 [CustomInternetSecurityImpl Class]  =>PUP.Optional.BestToolbars
FOUND key: [X64] HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager [SearchProviderManager Class]  =>PUP.Optional.BestToolbars
FOUND key: [X64] HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1 [SearchProviderManager Class]  =>PUP.Optional.BestToolbars
FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} [Google Inc.]  =>Heuristic.Suspect

---\\  Summary of the elements found (6)
https://www.nicolascoolman.com/fr/logiciels-superflus =>.Superfluous.Empty
https://www.anti-malware.top/2016/04/21/riskware-quicktime/ =>Riskware.QuickTime
https://www.nicolascoolman.com/fr/pup-couponbar/ =>PUP.Optional.CouponBar
https://www.anti-malware.top/2016/04/28/pup-optional-multiplug/ =>PUP.Optional.Multiplug
https://www.nicolascoolman.com/fr/repaquetage-et_infections/ =>PUP.Optional.BestToolbars
https://www.anti-malware.top/2016/04/22/heuristic-suspect/ =>Heuristic.Suspect

---\\ Result of repair
~ Any repair made
~ Browser not found (Opera Software)

---\\ Statistics
~ Items scanned : 90180
~ Items found : 22
~ Items cancelled : 0
~ Items repaired : 0

~ End of search in 00h05mn05s
~====================
ZHPCleaner--03102016-15_59_09.txt