Inactive Maltule.C trojan

Not sure if I'm infected or not. If not, all is well, but I'd like someone here to tell me. I have pasted the two Farbar Recovery files at the bottom of this post. First, some background.

Windows Defender today claimed it found the Maltule.C trojan in the uninstall directory of Moo disk cleaner, a cleanup utility I've used for several years on at least 2 laptops, including this one. I'm suspecting that this is a false positive, but I'd like to know.

WDefender has quarantined the file. I'd delete it, but I didn't know if anyone would want to get a sample of the file (or whatever). I'm not offering to spread a trojan around.

Anyways, I installed thsi program on March 11; WinDef claims to have found it on May 30. This isn't inspiring a lot of confidence in Windows Defender, as you might imagine. On the other hand, if this is a false positive, all is well.

I did a scan with Malwarebytes as well, but it found nothing.

Here are my two farbar files:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-06-2016
Ran by Paul (administrator) on DESKTOP-GFO74CP (03-06-2016 18:29:40)
Running from C:\Users\Paul\Desktop
Loaded Profiles: Paul (Available Profiles: Paul)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Program Files\Nightly\firefox.exe" -osint -url "%1 ")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Code Sector) C:\Program Files\TeraCopy\TeraCopyService.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidMonitorSvc.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Realtek Semiconductor Corp.) C:\Windows\RtsCM64.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(RaMMicHaeL) C:\Users\Paul\AppData\Roaming\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe
(AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe
() C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
() C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.66.201.0_x86__kgqvnymyfvs32\stritz.exe
(The Document Foundation) C:\Program Files (x86)\LibreOfficeDev 5\program\swriter.exe
(The Document Foundation) C:\Program Files (x86)\LibreOfficeDev 5\program\soffice.exe
(The Document Foundation) C:\Program Files (x86)\LibreOfficeDev 5\program\soffice.bin
(Microsoft Corporation) C:\Windows\splwow64.exe
(Tracker Software Products (Canada) Ltd.) C:\Program Files\Tracker Software\PDF Viewer\PDFXCview.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Mozilla Corporation) C:\Program Files\Nightly\firefox.exe
(Mozilla Corporation) C:\Program Files\Nightly\plugin-container.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [919768 2014-11-20] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161728 2015-11-12] (IvoSoft)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-06] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-3409797038-3744183562-1095253496-1001\...\Run: [7 Taskbar Tweaker] => C:\Users\Paul\AppData\Roaming\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe [380416 2015-12-04] (RaMMicHaeL)
HKU\S-1-5-21-3409797038-3744183562-1095253496-1001\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [488640 2015-04-06] (AppEx Networks Corporation)
HKU\S-1-5-21-3409797038-3744183562-1095253496-1001\...\Run: [OpenDNS Updater] => C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe [839680 2010-06-16] ()
HKU\S-1-5-21-3409797038-3744183562-1095253496-1001\...\Run: [AllMyNotes] => C:\Program Files (x86)\AllMyNotes Organizer\AllMyNotes.exe [3243120 2015-07-29] (Vladonai Software (hxxp://www.vladonai.com))
HKU\S-1-5-21-3409797038-3744183562-1095253496-1001\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-3409797038-3744183562-1095253496-1001\...\MountPoints2: {bb514bf4-e167-11e5-9ce4-c48e8fa7dd58} - "F:\SISetup.exe "
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-12] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft)
Startup: C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-05-30]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 208.67.222.222 208.67.220.220 71.10.216.1
Tcpip\..\Interfaces\{e76819d1-c424-43e0-83c6-993b554207e3}: [DhcpNameServer] 208.67.222.222 208.67.220.220 71.10.216.1

Internet Explorer:
==================
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-05-15] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-12] (IvoSoft)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-05-15] (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2015-11-12] (IvoSoft)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-05-15] (Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-05-15] (Microsoft Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2015-11-12] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-12] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft)
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No File
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-15] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-15] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-15] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-15] (Microsoft Corporation)
Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\Windows\System32\urlmon.dll [2016-04-22] (Microsoft Corporation)
Filter-x32: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\Windows\SysWOW64\urlmon.dll [2016-04-22] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - No File
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - No File
Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - No File

FireFox:
========
FF ProfilePath: C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\49ls881p.dev-edition-default
FF Homepage: about:home
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2016-01-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2016-01-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-05-15] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-05-15] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin HKU\S-1-5-21-3409797038-3744183562-1095253496-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2016-01-18] (Tracker Software Products (Canada) Ltd.)
FF Extension: Clearly - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\49ls881p.dev-edition-default\extensions\readable@evernote.com.xpi [2016-03-03]
FF Extension: RC Print - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\49ls881p.dev-edition-default\extensions\{0bb519bc-bca6-45af-82a6-c982f237acc7}.xpi [2016-04-28]
FF Extension: Restart My Fox - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\49ls881p.dev-edition-default\extensions\Restart-My-Fox@8pecxstudios.com.xpi [2016-06-01]
FF Extension: Paywall Pass - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\49ls881p.dev-edition-default\Extensions\@paywall-pass.xpi [2016-04-27]
FF Extension: Test Pilot - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\49ls881p.dev-edition-default\Extensions\@testpilot-addon.xpi [2016-05-25]
FF Extension: Bookmark Autohider - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\49ls881p.dev-edition-default\Extensions\bookmarkhider@exi.name.xpi [2016-04-27]
FF Extension: Chrome Store Foxified - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\49ls881p.dev-edition-default\Extensions\Chrome-Store-Foxified@jetpack.xpi [2016-06-03]
FF Extension: Click to Play per-element - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\49ls881p.dev-edition-default\Extensions\ClickToPlayPerElement@uaSad.addons.mozilla.org.xpi [2016-03-01]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\49ls881p.dev-edition-default\Extensions\elemhidehelper@adblockplus.org.xpi [2016-05-15]
FF Extension: Focus Keyboard - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\49ls881p.dev-edition-default\Extensions\focusKeyboard@addons.mozilla.org.xpi [2016-04-27]
FF Extension: User-Agent Switcher - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\49ls881p.dev-edition-default\Extensions\jid1-kyxEAcWua7BEKq@jetpack.xpi [2016-05-05]
FF Extension: New Tab Override (browser.newtab.url replacement) - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\49ls881p.dev-edition-default\Extensions\newtaboverride@agenedia.com.xpi [2016-03-04]
FF Extension: New Tab Tools - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\49ls881p.dev-edition-default\Extensions\newtabtools@darktrojan.net.xpi [2016-05-21]
FF Extension: Tab Center - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\49ls881p.dev-edition-default\Extensions\tabcentertest1@mozilla.com.xpi [2016-05-27]
FF Extension: Beyond Australis - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\49ls881p.dev-edition-default\Extensions\thefoxonlybetter@quicksaver.xpi [2016-06-01]
FF Extension: uBlock Origin - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\49ls881p.dev-edition-default\Extensions\uBlock0@raymondhill.net.xpi [2016-05-25]
FF Extension: PrefBar - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\49ls881p.dev-edition-default\Extensions\{8A6C82A1-F6C9-481a-AAE7-C96444C9A754} [2016-04-27]
FF Extension: Simple bookmarks menu - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\49ls881p.dev-edition-default\Extensions\{8e1651be-1f0f-469e-baaa-003bf71d973c}.xpi [2016-03-04]
FF Extension: Adblock Plus - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\49ls881p.dev-edition-default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-05-26]
FF Extension: User Agent Switcher - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\49ls881p.dev-edition-default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2016-04-27]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [not signed]
StartMenuInternet: FIREFOX.EXE - C:\Program Files\Nightly\firefox.exe

Opera:
=======
StartMenuInternet: (HKLM) Operabeta - C:\Program Files (x86)\Opera beta\Launcher.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ApHidMonitorService; C:\Program Files\Apoint2K\HidMonitorSvc.exe [102224 2015-10-26] (Alps Electric Co., Ltd.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2911472 2016-05-15] (Microsoft Corporation)
R2 TeraCopyService; C:\Program Files\TeraCopy\TeraCopyService.exe [92160 2015-02-17] (Code Sector) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [84224 2015-08-22] (Advanced Micro Devices, Inc.)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [229056 2015-04-03] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-07-22] (Advanced Micro Devices)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [895256 2015-06-18] (Realtek )
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [624456 2015-07-07] (Realtek Semiconductor Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [761600 2015-06-15] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [3096856 2015-12-11] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\Windows\System32\drivers\rtwlane.sys [3445248 2015-10-30] (Realtek Semiconductor Corporation )
S3 tpflhlp; C:\Drivers\Flash\htuj46ww\tpflhlp.sys [18232 2014-04-04] (Lenovo Group Limited)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)






OK it looks like post is too big. I'll split up the files.

 

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-03 18:29 - 2016-06-03 18:29 - 02384384 _____ (Farbar) C:\Users\Paul\Desktop\FRST64.exe
2016-06-03 18:29 - 2016-06-03 18:29 - 00017001 _____ C:\Users\Paul\Desktop\FRST.txt
2016-06-03 18:29 - 2016-06-03 18:29 - 00000000 ____D C:\FRST
2016-06-03 18:09 - 2016-06-03 18:10 - 00011500 _____ C:\Users\Paul\Desktop\Malware.odt
2016-06-03 18:09 - 2016-06-03 18:10 - 00000110 ____H C:\Users\Paul\Desktop\.~lock.Malware.odt#
2016-06-03 06:38 - 2016-06-03 06:38 - 00000000 ____D C:\Program Files\Nightly
2016-06-02 19:04 - 2016-06-02 19:04 - 00140188 _____ C:\Users\Paul\Desktop\CleopatraCleopatra.pdf
2016-06-02 07:47 - 2016-06-02 21:41 - 00013882 _____ C:\Users\Paul\Desktop\Parking.odt
2016-06-01 18:18 - 2016-06-01 18:18 - 00000000 ____D C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TouchPad
2016-06-01 17:24 - 2016-06-01 17:24 - 00081666 _____ C:\Users\Paul\Desktop\James Hill, Railroad Baron & Entrepreneur.pdf
2016-06-01 17:11 - 2016-06-01 17:11 - 00108050 _____ C:\Users\Paul\Desktop\Socialist Self Deception.pdf
2016-06-01 16:15 - 2016-06-01 16:15 - 00549477 _____ C:\Users\Paul\Desktop\Thermo-Fisher_Evaluating-the-Chemistry_White-Paper.pdf
2016-06-01 12:55 - 2016-06-01 12:55 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOfficeDev 5.2
2016-06-01 12:54 - 2016-06-01 12:55 - 00000000 ____D C:\Program Files (x86)\LibreOfficeDev 5
2016-06-01 06:54 - 2016-06-03 06:32 - 00000000 ____D C:\Users\Paul\Desktop\Finals
2016-05-30 10:20 - 2016-05-30 10:20 - 00001185 _____ C:\Users\Paul\Desktop\historynot.pdf - Shortcut.lnk
2016-05-29 19:17 - 2016-05-29 19:18 - 03780535 _____ C:\Users\Paul\Desktop\lenovo_n22_hmm_201602.pdf
2016-05-29 14:24 - 2016-06-03 07:35 - 00000000 ____D C:\Users\Paul\AppData\Local\CutePDF Writer
2016-05-29 14:24 - 2016-05-29 14:24 - 00000000 ____D C:\Program Files (x86)\GPLGS
2016-05-29 14:23 - 2016-05-29 14:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF
2016-05-29 14:23 - 2016-05-29 14:23 - 00000000 ____D C:\Program Files (x86)\Acro Software
2016-05-29 14:23 - 2016-01-22 16:57 - 00089008 _____ C:\WINDOWS\system32\cpwmon64.dll
2016-05-29 12:28 - 2016-05-29 12:29 - 00000000 ____D C:\Users\Paul\AppData\Local\Adobe
2016-05-29 12:17 - 2016-05-29 12:17 - 00008735 _____ C:\Users\Paul\Desktop\Piano Songs.odt
2016-05-29 06:11 - 2016-05-29 06:11 - 00241080 ____T C:\Users\Paul\Desktop\Oil Filter Effectiveness Studies.pdf
2016-05-29 05:58 - 2016-05-29 05:58 - 00823457 _____ C:\Users\Paul\Desktop\Form327.pdf
2016-05-28 12:23 - 2016-05-28 12:23 - 00970912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120.dll
2016-05-28 12:23 - 2016-05-28 12:23 - 00455328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120.dll
2016-05-28 12:23 - 2016-05-28 12:23 - 00247984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vccorlib120.dll
2016-05-28 07:57 - 2016-05-28 14:52 - 00019609 _____ C:\Users\Paul\Desktop\Laptop or Desktop.odt
2016-05-27 12:35 - 2016-05-27 12:35 - 04678898 ____T C:\Users\Paul\Desktop\Liberal California Refuses John Wayne Day but Honors Leftists.pdf
2016-05-27 12:32 - 2016-05-27 12:32 - 00241133 ____T C:\Users\Paul\Desktop\Is Just War Obsolete.pdf
2016-05-26 20:56 - 2016-05-27 08:18 - 00002933 _____ C:\WINDOWS\system32\Drivers\etc\HOSTS.FL
2016-05-26 18:59 - 2016-05-26 18:59 - 00388020 ____T C:\Users\Paul\Desktop\Women Are Misogynistic Online Twice as Often as Men.pdf
2016-05-26 18:30 - 2016-05-26 18:30 - 00196408 ____T C:\Users\Paul\Desktop\Beyond Ancient Hatreds.pdf
2016-05-26 14:25 - 2016-05-28 14:02 - 00014802 _____ C:\Users\Paul\Desktop\Adblocker Comparison.odt
2016-05-26 13:36 - 2016-05-26 13:36 - 00827475 ____T C:\Users\Paul\Desktop\Hosts File Windows 10.pdf
2016-05-25 16:45 - 2016-05-25 16:45 - 00118153 ____T C:\Users\Paul\Desktop\Time Magazine Hypocrisy on Whistleblowers.pdf
2016-05-25 16:43 - 2016-05-25 16:43 - 00300296 ____T C:\Users\Paul\Desktop\North. Reagan Knew.pdf
2016-05-25 09:33 - 2016-05-25 09:33 - 00031151 _____ C:\Users\Paul\Desktop\ENGINE_COOLANT_COLOR_CHANGE_T-PG010-02.pdf
2016-05-25 09:10 - 2016-05-25 09:10 - 00151282 ____T C:\Users\Paul\Desktop\Adidas Robot Factory in Germany.pdf
2016-05-24 21:02 - 2016-06-03 18:06 - 00000000 ____D C:\Users\Paul\AppData\LocalLow\Mozilla
2016-05-24 20:16 - 2016-05-24 20:16 - 00430503 _____ C:\Users\Paul\Desktop\Statement.pdf
2016-05-24 16:17 - 2016-05-24 16:17 - 00284528 _____ C:\Users\Paul\Desktop\2016 Summer Schedule Request.pdf
2016-05-24 14:32 - 2016-05-24 14:33 - 11515714 _____ C:\Users\Paul\Desktop\Mean.pdf
2016-05-24 12:25 - 2016-05-24 12:25 - 00007405 _____ C:\Users\Paul\Desktop\Katherine Exam, Ishamel Works Cited.odt
2016-05-24 07:51 - 2016-05-24 07:51 - 00000376 _____ C:\WINDOWS\ODBC.INI
2016-05-24 07:50 - 2016-05-24 07:50 - 00000000 ____D C:\WINDOWS\PCHEALTH
2016-05-24 07:50 - 2016-05-24 07:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2016-05-24 07:50 - 2016-05-24 07:50 - 00000000 ____D C:\Program Files (x86)\Microsoft ActiveSync
2016-05-24 07:48 - 2016-05-24 07:48 - 00000000 __RHD C:\MSOCache
2016-05-24 06:58 - 2016-05-24 06:58 - 00000000 ____D C:\Users\Paul\AppData\Roaming\LibreOfficeDev
2016-05-23 00:19 - 2016-05-23 00:19 - 00002252 _____ C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Brave.lnk
2016-05-21 07:58 - 2016-05-21 07:58 - 00535322 _____ C:\Users\Paul\Desktop\Molybdenum 3%.pdf
2016-05-21 07:52 - 2016-05-21 07:52 - 00542733 _____ C:\Users\Paul\Downloads\2399-7266-1-PB.pdf
2016-05-21 06:00 - 2016-05-21 06:00 - 00727348 _____ C:\Users\Paul\Downloads\XPFlyer.pdf
2016-05-20 15:06 - 2016-05-20 15:33 - 00010450 _____ C:\Users\Paul\Desktop\Quiz CHANGES.odt
2016-05-20 08:42 - 2016-05-20 08:42 - 00443045 ____T C:\Users\Paul\Desktop\Importance of Dirt Holding Capacity in Oil Filters.pdf
2016-05-20 07:50 - 2016-05-20 07:50 - 00528463 ____T C:\Users\Paul\Desktop\Louisiana Purchase as a Percentage of the Cost of Napoleonic Wars.pdf
2016-05-20 07:36 - 2016-05-20 07:36 - 00028831 _____ C:\Users\Paul\Desktop\ideapad_310_15_inch_Platform_Specifications.pdf
2016-05-20 06:10 - 2016-05-20 06:10 - 00428656 ____T C:\Users\Paul\Desktop\90 Percent American Indians Not Bothered by Redskins Name.pdf
2016-05-19 18:29 - 2016-05-19 18:29 - 00007405 _____ C:\Users\Paul\Desktop\Clean up test templates.odt
2016-05-18 21:27 - 2016-05-18 21:27 - 00619638 ____T C:\Users\Paul\Desktop\Justifying the Cost of Excluding a Gram of Dirt.pdf
2016-05-18 01:36 - 2016-05-18 01:36 - 00000000 ____D C:\Users\Paul\Desktop\Contemporary Populism
2016-05-18 01:24 - 2016-05-18 03:19 - 00032743 _____ C:\Users\Paul\Desktop\Bolivia.odt
2016-05-16 20:48 - 2016-05-16 20:48 - 00009686 _____ C:\Users\Paul\Desktop\Youth Camp July Church.odt
2016-05-16 07:26 - 2016-05-16 07:26 - 00016754 _____ C:\Users\Paul\Desktop\Pope Pius & Holy League Against Turks.odt
2016-05-15 15:46 - 2016-05-15 15:46 - 00009236 _____ C:\Users\Paul\Desktop\Water Bucket.odt
2016-05-15 07:30 - 2016-05-15 07:30 - 00000000 ____D C:\Users\Paul\Desktop\Federalism New Map for America
2016-05-15 06:20 - 2016-05-15 06:20 - 00858913 ____T C:\Users\Paul\Desktop\Mine of San Albino.pdf
2016-05-13 22:14 - 2016-05-13 22:14 - 21886378 _____ C:\Users\Paul\Desktop\Cheap and quick DIY car ramps from wood boards when working on your car.mp4
2016-05-13 20:00 - 2016-05-13 20:00 - 00444301 _____ C:\Users\Paul\Desktop\Mastadons in North America Killed 14,500 Years Ago.pdf
2016-05-13 03:42 - 2016-05-13 03:42 - 00000000 ____D C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tools
2016-05-12 18:37 - 2016-05-12 18:37 - 00007405 _____ C:\Users\Paul\Desktop\Neitzhe change to Clallicles Gorgia.odt
2016-05-11 08:42 - 2016-04-22 21:31 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-05-11 08:42 - 2016-04-22 21:28 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-05-11 08:42 - 2016-04-22 21:26 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-05-11 08:42 - 2016-04-22 21:25 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-05-11 08:42 - 2016-04-22 21:22 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-05-11 08:42 - 2016-04-22 21:19 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-05-11 08:42 - 2016-04-22 21:19 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-05-11 08:42 - 2016-04-22 21:19 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-05-11 08:42 - 2016-04-22 21:19 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-05-11 08:42 - 2016-04-22 21:18 - 24604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-05-11 08:42 - 2016-04-22 21:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-05-11 08:42 - 2016-04-22 21:18 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-05-11 08:42 - 2016-04-22 21:18 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-05-11 08:42 - 2016-04-22 21:16 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-05-11 08:42 - 2016-04-22 21:15 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-05-11 08:42 - 2016-04-22 21:15 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-05-11 08:42 - 2016-04-22 21:14 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-05-11 08:42 - 2016-04-22 21:13 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-05-11 08:42 - 2016-04-22 21:13 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-05-11 08:42 - 2016-04-22 21:09 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-05-11 08:42 - 2016-04-22 21:08 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-05-11 08:42 - 2016-04-22 21:07 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-05-11 08:41 - 2016-05-05 21:53 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdport.sys
2016-05-11 08:41 - 2016-05-05 21:03 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-05-11 08:41 - 2016-05-05 20:53 - 00351232 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-05-11 08:41 - 2016-05-05 20:49 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2016-05-11 08:41 - 2016-05-05 20:44 - 00582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-05-11 08:41 - 2016-05-05 20:23 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2016-05-11 08:41 - 2016-04-29 23:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-05-11 08:41 - 2016-04-29 23:31 - 03591168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-05-11 08:41 - 2016-04-22 23:12 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-05-11 08:41 - 2016-04-22 23:12 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-05-11 08:41 - 2016-04-22 23:12 - 00713920 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-05-11 08:41 - 2016-04-22 23:12 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-05-11 08:41 - 2016-04-22 23:12 - 00294592 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-05-11 08:41 - 2016-04-22 23:12 - 00190144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-05-11 08:41 - 2016-04-22 23:12 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-05-11 08:41 - 2016-04-22 23:12 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-05-11 08:41 - 2016-04-22 22:28 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-05-11 08:41 - 2016-04-22 22:28 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-05-11 08:41 - 2016-04-22 22:26 - 00707608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2016-05-11 08:41 - 2016-04-22 22:24 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-05-11 08:41 - 2016-04-22 22:24 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-05-11 08:41 - 2016-04-22 22:24 - 01819208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-05-11 08:41 - 2016-04-22 22:24 - 00754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-05-11 08:41 - 2016-04-22 22:22 - 01161120 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-05-11 08:41 - 2016-04-22 22:13 - 00306832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2016-05-11 08:41 - 2016-04-22 22:12 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-05-11 08:41 - 2016-04-22 22:12 - 00451928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-05-11 08:41 - 2016-04-22 22:12 - 00413536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-05-11 08:41 - 2016-04-22 22:11 - 01092464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-05-11 08:41 - 2016-04-22 22:11 - 00498960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-05-11 08:41 - 2016-04-22 22:11 - 00390496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-05-11 08:41 - 2016-04-22 22:10 - 03673424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-05-11 08:41 - 2016-04-22 22:10 - 02919832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-05-11 08:41 - 2016-04-22 22:10 - 00330072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-05-11 08:41 - 2016-04-22 22:09 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-05-11 08:41 - 2016-04-22 22:09 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-05-11 08:41 - 2016-04-22 22:09 - 05240960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-05-11 08:41 - 2016-04-22 22:09 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-05-11 08:41 - 2016-04-22 22:09 - 00569744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2016-05-11 08:41 - 2016-04-22 22:09 - 00565600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-05-11 08:41 - 2016-04-22 22:09 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-05-11 08:41 - 2016-04-22 22:09 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-05-11 08:41 - 2016-04-22 22:08 - 06605504 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-05-11 08:41 - 2016-04-22 22:08 - 04515256 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-05-11 08:41 - 2016-04-22 22:08 - 00725776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2016-05-11 08:41 - 2016-04-22 22:07 - 01848072 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-05-11 08:41 - 2016-04-22 22:07 - 01536088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-05-11 08:41 - 2016-04-22 22:06 - 00291360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2016-05-11 08:41 - 2016-04-22 22:02 - 00188256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-05-11 08:41 - 2016-04-22 22:01 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-05-11 08:41 - 2016-04-22 22:01 - 00650304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-05-11 08:41 - 2016-04-22 22:01 - 00619296 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2016-05-11 08:41 - 2016-04-22 22:01 - 00577368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-05-11 08:41 - 2016-04-22 22:01 - 00522176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-05-11 08:41 - 2016-04-22 22:01 - 00513368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
2016-05-11 08:41 - 2016-04-22 22:01 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-05-11 08:41 - 2016-04-22 22:01 - 00217440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-05-11 08:41 - 2016-04-22 22:00 - 01776768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-05-11 08:41 - 2016-04-22 22:00 - 01594920 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-05-11 08:41 - 2016-04-22 22:00 - 01522152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-05-11 08:41 - 2016-04-22 22:00 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-05-11 08:41 - 2016-04-22 22:00 - 01372304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-05-11 08:41 - 2016-04-22 22:00 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-05-11 08:41 - 2016-04-22 22:00 - 00550656 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2016-05-11 08:41 - 2016-04-22 22:00 - 00453472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2016-05-11 08:41 - 2016-04-22 21:56 - 00534872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-05-11 08:41 - 2016-04-22 21:39 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-05-11 08:41 - 2016-04-22 21:35 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-05-11 08:41 - 2016-04-22 21:32 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-05-11 08:41 - 2016-04-22 21:32 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-05-11 08:41 - 2016-04-22 21:31 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-05-11 08:41 - 2016-04-22 21:30 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-05-11 08:41 - 2016-04-22 21:30 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-05-11 08:41 - 2016-04-22 21:30 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-05-11 08:41 - 2016-04-22 21:29 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-05-11 08:41 - 2016-04-22 21:29 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-05-11 08:41 - 2016-04-22 21:28 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2016-05-11 08:41 - 2016-04-22 21:26 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-05-11 08:41 - 2016-04-22 21:25 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-05-11 08:41 - 2016-04-22 21:25 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-05-11 08:41 - 2016-04-22 21:25 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2016-05-11 08:41 - 2016-04-22 21:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-05-11 08:41 - 2016-04-22 21:24 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2016-05-11 08:41 - 2016-04-22 21:24 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2016-05-11 08:41 - 2016-04-22 21:24 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2016-05-11 08:41 - 2016-04-22 21:24 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2016-05-11 08:41 - 2016-04-22 21:23 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-05-11 08:41 - 2016-04-22 21:22 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-05-11 08:41 - 2016-04-22 21:21 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-05-11 08:41 - 2016-04-22 21:21 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-05-11 08:41 - 2016-04-22 21:20 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-05-11 08:41 - 2016-04-22 21:20 - 18676224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-05-11 08:41 - 2016-04-22 21:20 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-05-11 08:41 - 2016-04-22 21:20 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-05-11 08:41 - 2016-04-22 21:20 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-05-11 08:41 - 2016-04-22 21:20 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-05-11 08:41 - 2016-04-22 21:20 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-05-11 08:41 - 2016-04-22 21:20 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2016-05-11 08:41 - 2016-04-22 21:19 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-05-11 08:41 - 2016-04-22 21:18 - 00988672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-05-11 08:41 - 2016-04-22 21:18 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-05-11 08:41 - 2016-04-22 21:18 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-05-11 08:41 - 2016-04-22 21:18 - 00804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-05-11 08:41 - 2016-04-22 21:18 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-05-11 08:41 - 2016-04-22 21:18 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-05-11 08:41 - 2016-04-22 21:18 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-05-11 08:41 - 2016-04-22 21:18 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-05-11 08:41 - 2016-04-22 21:17 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-05-11 08:41 - 2016-04-22 21:17 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-05-11 08:41 - 2016-04-22 21:17 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-05-11 08:41 - 2016-04-22 21:16 - 01319424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-05-11 08:41 - 2016-04-22 21:16 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-05-11 08:41 - 2016-04-22 21:15 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-05-11 08:41 - 2016-04-22 21:15 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-05-11 08:41 - 2016-04-22 21:15 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-05-11 08:41 - 2016-04-22 21:15 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-05-11 08:41 - 2016-04-22 21:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-05-11 08:41 - 2016-04-22 21:14 - 13383168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-05-11 08:41 - 2016-04-22 21:14 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-05-11 08:41 - 2016-04-22 21:14 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-05-11 08:41 - 2016-04-22 21:14 - 00647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-05-11 08:41 - 2016-04-22 21:14 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-05-11 08:41 - 2016-04-22 21:14 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-05-11 08:41 - 2016-04-22 21:14 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-05-11 08:41 - 2016-04-22 21:13 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-05-11 08:41 - 2016-04-22 21:13 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-05-11 08:41 - 2016-04-22 21:13 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-05-11 08:41 - 2016-04-22 21:12 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2016-05-11 08:41 - 2016-04-22 21:10 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-05-11 08:41 - 2016-04-22 21:10 - 00639488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-05-11 08:41 - 2016-04-22 21:09 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-05-11 08:41 - 2016-04-22 21:08 - 05324288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-05-11 08:41 - 2016-04-22 21:07 - 02598912 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-05-11 08:41 - 2016-04-22 21:07 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-05-11 08:41 - 2016-04-22 21:07 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-05-11 08:41 - 2016-04-22 21:06 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-05-11 08:41 - 2016-04-22 21:05 - 05502976 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-05-11 08:41 - 2016-04-22 21:05 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-05-11 08:41 - 2016-04-22 21:05 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-05-11 08:41 - 2016-04-22 21:05 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-05-11 08:41 - 2016-04-22 21:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-05-11 08:41 - 2016-04-22 21:05 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-05-11 08:41 - 2016-04-22 21:04 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-05-11 08:41 - 2016-04-22 21:04 - 01731072 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-05-11 08:41 - 2016-04-22 21:03 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-05-11 08:41 - 2016-04-22 21:03 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-05-11 08:41 - 2016-04-22 21:03 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-05-11 08:41 - 2016-04-22 21:03 - 02000896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-05-11 08:41 - 2016-04-22 21:03 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-05-11 08:41 - 2016-04-22 21:03 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-05-11 08:41 - 2016-04-22 21:02 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-05-11 08:41 - 2016-04-22 21:02 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-05-11 08:41 - 2016-04-22 21:01 - 04775424 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-05-11 08:41 - 2016-04-22 21:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-05-11 08:41 - 2016-04-22 21:00 - 00984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-05-11 08:41 - 2016-04-22 20:45 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-05-11 08:41 - 2016-04-22 19:10 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-05-11 08:40 - 2016-05-05 21:05 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-05-11 08:40 - 2016-05-05 20:43 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-05-11 08:40 - 2016-04-22 22:24 - 00638816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2016-05-11 08:40 - 2016-04-22 22:24 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-05-11 08:40 - 2016-04-22 22:24 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-05-11 08:40 - 2016-04-22 22:18 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-05-11 08:40 - 2016-04-22 22:13 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-05-11 08:40 - 2016-04-22 22:13 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-05-11 08:40 - 2016-04-22 22:11 - 00696672 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-05-11 08:40 - 2016-04-22 22:11 - 00131424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufxsynopsys.sys
2016-05-11 08:40 - 2016-04-22 22:11 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-05-11 08:40 - 2016-04-22 22:09 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-05-11 08:40 - 2016-04-22 22:07 - 00204048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2016-05-11 08:40 - 2016-04-22 22:07 - 00183904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2016-05-11 08:40 - 2016-04-22 22:00 - 00058208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwminit.dll
2016-05-11 08:40 - 2016-04-22 21:34 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-05-11 08:40 - 2016-04-22 21:34 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2016-05-11 08:40 - 2016-04-22 21:34 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-05-11 08:40 - 2016-04-22 21:33 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2016-05-11 08:40 - 2016-04-22 21:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-05-11 08:40 - 2016-04-22 21:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2016-05-11 08:40 - 2016-04-22 21:33 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ByteCodeGenerator.exe
2016-05-11 08:40 - 2016-04-22 21:32 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2016-05-11 08:40 - 2016-04-22 21:30 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-05-11 08:40 - 2016-04-22 21:29 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2016-05-11 08:40 - 2016-04-22 21:29 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-05-11 08:40 - 2016-04-22 21:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\filecrypt.sys
2016-05-11 08:40 - 2016-04-22 21:29 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
2016-05-11 08:40 - 2016-04-22 21:29 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe
2016-05-11 08:40 - 2016-04-22 21:29 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2016-05-11 08:40 - 2016-04-22 21:28 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-05-11 08:40 - 2016-04-22 21:28 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-05-11 08:40 - 2016-04-22 21:28 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-05-11 08:40 - 2016-04-22 21:28 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-05-11 08:40 - 2016-04-22 21:27 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-05-11 08:40 - 2016-04-22 21:27 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2016-05-11 08:40 - 2016-04-22 21:26 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2016-05-11 08:40 - 2016-04-22 21:25 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-05-11 08:40 - 2016-04-22 21:24 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-05-11 08:40 - 2016-04-22 21:24 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-05-11 08:40 - 2016-04-22 21:23 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-05-11 08:40 - 2016-04-22 21:23 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-05-11 08:40 - 2016-04-22 21:23 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
2016-05-11 08:40 - 2016-04-22 21:23 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-05-11 08:40 - 2016-04-22 21:22 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-05-11 08:40 - 2016-04-22 21:19 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlansec.dll
2016-05-11 08:40 - 2016-04-22 21:19 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll
2016-05-11 08:40 - 2016-04-22 21:18 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-05-11 08:40 - 2016-04-22 21:18 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-05-11 08:40 - 2016-04-22 21:18 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-05-11 08:40 - 2016-04-22 21:17 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2016-05-11 08:40 - 2016-04-22 21:05 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-05-11 08:40 - 2016-04-22 21:05 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-05-11 08:40 - 2016-04-22 21:03 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-05-11 08:40 - 2016-04-22 19:10 - 00002186 _____ C:\WINDOWS\system32\AppxProvisioning.xml
2016-05-11 08:40 - 2016-04-18 15:30 - 00002186 _____ C:\WINDOWS\SysWOW64\AppxProvisioning.xml
2016-05-09 08:49 - 2016-05-09 16:17 - 00009196 _____ C:\Users\Paul\Desktop\AAE Extensions.odt
2016-05-07 17:00 - 2016-05-07 17:00 - 00001316 _____ C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo! Messenger.lnk
2016-05-07 16:15 - 2016-05-07 16:15 - 00000000 ____D C:\Users\Paul\AppData\Roaming\Yahoo!
2016-05-07 16:13 - 2016-05-07 16:13 - 00000000 ____D C:\ProgramData\Yahoo!
2016-05-07 16:13 - 2016-05-07 16:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
2016-05-07 16:13 - 2016-05-07 16:13 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2016-05-06 17:17 - 2016-05-06 17:17 - 00228005 _____ C:\Users\Paul\Desktop\CSET Grades.pdf
2016-05-05 13:10 - 2016-05-05 13:10 - 20415941 _____ C:\Users\Paul\Desktop\Exposing the 'One Arm Bandit' - AMSOIL Information Series.mp4
2016-05-04 00:02 - 2016-05-04 00:08 - 00010628 _____ C:\Users\Paul\Desktop\Iron Rates per 000 Miles.odt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-03 18:11 - 2016-03-01 20:23 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-06-03 18:08 - 2016-03-02 08:50 - 00000000 ____D C:\Users\Paul\AppData\Local\ClassicShell
2016-06-03 05:44 - 2015-10-30 00:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-03 05:44 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-06-02 06:28 - 2016-03-01 20:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-06-01 18:11 - 2016-05-03 22:26 - 00003980 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1462339570
2016-06-01 18:11 - 2016-05-03 22:25 - 00000000 ____D C:\Program Files (x86)\Opera beta
2016-06-01 18:10 - 2016-03-01 19:46 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-06-01 18:10 - 2015-10-30 00:21 - 00000000 ____D C:\WINDOWS\INF
2016-06-01 18:07 - 2015-10-30 00:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-06-01 18:06 - 2016-03-01 20:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-06-01 18:05 - 2016-03-01 19:45 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2016-06-01 18:05 - 2016-03-01 19:41 - 00000000 ____D C:\Users\Paul
2016-06-01 18:05 - 2016-03-01 19:34 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-01 18:05 - 2016-03-01 19:32 - 00428536 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-06-01 18:05 - 2015-10-29 23:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-06-01 06:38 - 2016-03-08 17:38 - 00000000 ____D C:\Users\Paul\Desktop\2A Files
2016-05-31 20:23 - 2016-03-11 19:16 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2016-05-31 19:25 - 2016-04-05 15:59 - 00000000 ____D C:\Users\Paul\Desktop\SG & Midterms
2016-05-27 13:47 - 2016-03-08 16:37 - 00000000 ____D C:\Users\Paul\AppData\Roaming\brave
2016-05-26 14:10 - 2016-03-14 23:10 - 00000000 ____D C:\Users\Paul\AppData\Roaming\vlc
2016-05-25 06:20 - 2016-03-02 08:53 - 00000000 ____D C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browsers
2016-05-24 20:42 - 2016-03-25 18:04 - 00000000 ____D C:\Users\Paul\AppData\Roaming\KeePass
2016-05-24 09:00 - 2016-03-01 19:42 - 00000000 ____D C:\Users\Paul\AppData\Local\VirtualStore
2016-05-24 07:50 - 2015-10-30 02:07 - 00000000 ____D C:\WINDOWS\ShellNew
2016-05-24 07:48 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\System
2016-05-24 05:55 - 2016-03-01 20:20 - 00000000 ____D C:\Program Files\Firefox Developer Edition
2016-05-21 05:45 - 2016-04-22 09:33 - 00000000 ____D C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brave Inc
2016-05-21 05:45 - 2016-03-08 16:37 - 00000000 ____D C:\Users\Paul\AppData\Local\Brave
2016-05-16 20:53 - 2016-04-15 09:23 - 00000000 ____D C:\Users\Paul\Desktop\Staffing
2016-05-15 19:49 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\rescache
2016-05-14 07:04 - 2015-10-30 00:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-13 03:42 - 2016-03-01 19:42 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-05-13 01:38 - 2015-10-30 02:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-13 01:38 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-05-13 01:38 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-05-13 01:38 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\Provisioning
2016-05-13 01:38 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-05-13 01:37 - 2015-10-30 00:24 - 00015703 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-05-11 12:57 - 2015-10-30 00:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-05-11 12:57 - 2015-10-30 00:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-11 08:49 - 2016-03-01 21:57 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-05-11 08:46 - 2016-03-01 21:57 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-05-10 13:23 - 2016-03-03 14:59 - 00000000 ____D C:\Users\Paul\Desktop\103
2016-05-10 09:10 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\NDF

==================== Files in the root of some directories =======

2016-04-11 22:10 - 2016-04-11 22:10 - 0001793 _____ () C:\Users\Paul\AppData\Local\recently-used.xbel
2016-03-01 19:51 - 2016-03-01 19:51 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Paul\AppData\Local\Temp\converter.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-05-30 22:15

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:03-06-2016
Ran by Paul (2016-06-03 18:30:19)
Running from C:\Users\Paul\Desktop
Windows 10 Pro Version 1511 (X64) (2016-03-02 02:38:58)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3409797038-3744183562-1095253496-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3409797038-3744183562-1095253496-503 - Limited - Disabled)
Guest (S-1-5-21-3409797038-3744183562-1095253496-501 - Limited - Disabled)
Paul (S-1-5-21-3409797038-3744183562-1095253496-1001 - Administrator - Enabled) => C:\Users\Paul

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7+ Taskbar Tweaker v5.1 (HKU\S-1-5-21-3409797038-3744183562-1095253496-1001\...\7 Taskbar Tweaker) (Version: 5.1 - RaMMicHaeL)
7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
AllMyNotes Organizer (HKLM-x32\...\AllMyNotes Organizer) (Version: 2.84 - Vladonai Software)
Amazon Cloud Drive (HKU\S-1-5-21-3409797038-3744183562-1095253496-1001\...\Amazon Cloud Drive) (Version: 3.3.1.32 - Amazon.com, Inc.)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{901F5061-8E2E-ABB9-83E1-E8F7C5903E21}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 4.0.0.0 - AppEx Networks)
BatteryMon V2.1 (HKLM-x32\...\BatteryMon_is1) (Version: - PassMark Software)
Brave (HKU\S-1-5-21-3409797038-3744183562-1095253496-1001\...\Brave) (Version: 0.10.0 - Brave Software)
CherryTree version 0.36.9 (HKLM-x32\...\{DBA7384C-E1C6-44B5-A3B4-C94F2F0B8C0C}_is1) (Version: 0.36.9 - Giuseppe Penone)
Classic Shell (HKLM\...\{D4B3454F-7529-4F5F-851D-2C36933F7D64}) (Version: 4.2.5 - IvoSoft)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.4.51 - Conexant)
CutePDF Writer 3.1 (HKLM\...\CutePDF Writer Installation) (Version: 3.1 - Acro Software Inc.)
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.6.5.1 - Dolby Laboratories Inc)
e-Sword (HKLM-x32\...\{463178C4-E707-41EE-BE8A-080C62BF526D}) (Version: 10.04.0000 - Rick Meyers)
FastStone Image Viewer 5.5 (HKLM-x32\...\FastStone Image Viewer) (Version: 5.5 - FastStone Soft)
Firefox Developer Edition 48.0a2 (x64 en-US) (HKLM\...\Firefox Developer Edition 48.0a2 (x64 en-US)) (Version: 48.0a2 - Mozilla)
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version: - )
Integrated Camera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 10.0.10240.11138 - Realtek Semiconductor Corp.)
KeePass Password Safe 2.32 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.32 - Dominik Reichl)
K-Lite Mega Codec Pack 11.9.6 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.9.6 - KLCP)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.11.08 - Lenovo)
LibreOfficeDev 5.2.0.0.beta1 (HKLM-x32\...\{C6EC1A94-8EB9-42A2-A600-51E3EBCB935C}) (Version: 5.2.0.0.beta1 - The Document Foundation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.6868.2067 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM-x32\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.0.5998 - Mozilla)
Nightly 49.0a1 (x64 en-US) (HKLM\...\Nightly 49.0a1 (x64 en-US)) (Version: 49.0a1 - Mozilla)
OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6828.1019 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6828.1019 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6828.1019 - Microsoft Corporation) Hidden
OpenDNS Updater 2.2.1 (HKLM-x32\...\OpenDNS Updater) (Version: 2.2.1 - )
OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
Opera beta 38.0.2220.25 (HKLM-x32\...\Opera 38.0.2220.25) (Version: 38.0.2220.25 - Opera Software)
PandoraRecovery (Remove Only) (HKLM-x32\...\PandoraRecovery) (Version: - )
Paragon Partition Manager™ 14 Free (HKLM\...\{47E5588F-C3A0-11DE-9857-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 12.0 - PlotSoft LLC)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.316.1 - Tracker Software Products Ltd)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
SyncBackFree (HKLM-x32\...\SyncBackFree_is1) (Version: 7.5.19.0 - 2BrightSparks)
TeraCopy 3.0 alpha 5 (HKLM\...\TeraCopy_is1) (Version: - Code Sector)
ThinkPad UltraNav Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.216.1616.137 - ALPS ELECTRIC CO., LTD.)
TouchpadPal 1.4 (HKLM-x32\...\TouchpadPal) (Version: 1.4 - DeSofto)
Ultimate Reference Suite (HKLM-x32\...\Ultimate Reference Suite) (Version: 2011.0.0.0 - Encyclopaedia Britannica, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN)
WikidPad 2.2 (HKLM-x32\...\{22A83C29-58A8-4CAB-8EDC-918D74F8429E}_is1) (Version: - )
WikidPad help and first steps (HKLM-x32\...\{8C751029-AC6E-43AC-B2CE-F13EB8D84DAD}_is1) (Version: - )
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
Zim Desktop Wiki (HKLM-x32\...\Zim Desktop Wiki) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3409797038-3744183562-1095253496-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Paul\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00333BDF-A22F-4058-A633-E6D5FF1E8F9F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-05-15] (Microsoft Corporation)
Task: {6A200B4E-222D-4B93-9FE3-72614EE336EC} - System32\Tasks\RtsCM => C:\Windows\RtsCM64.exe [2015-12-11] (Realtek Semiconductor Corp.)
Task: {9D465358-1A33-4D04-9183-724374D4A54A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-05-16] (Microsoft Corporation)
Task: {B3724726-3966-4898-9A45-26CE9F24EF73} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-05-15] (Microsoft Corporation)
Task: {C82651E8-0102-49AF-B779-2332F5261E60} - System32\Tasks\Opera scheduled Autoupdate 1462339570 => C:\Program Files (x86)\Opera beta\launcher.exe [2016-05-31] (Opera Software)
Task: {D4F12F00-9D39-47AE-B978-CE3D7B33CDB4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-05-16] (Microsoft Corporation)
Task: {E0915A04-AC72-4838-8177-F0C3D5789900} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-05-11] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 00:18 - 2015-10-30 00:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-05-29 14:23 - 2016-01-22 16:57 - 00089008 _____ () C:\WINDOWS\System32\cpwmon64.dll
2016-03-04 13:12 - 2012-08-21 17:07 - 00288768 _____ () C:\WINDOWS\System32\HP1100LM.DLL
2016-03-04 13:12 - 2012-08-21 17:07 - 00074240 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2016-03-01 20:51 - 2016-05-15 11:51 - 00417480 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2016-04-13 10:48 - 2016-03-29 03:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 10:48 - 2016-03-29 03:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-03-15 06:26 - 2016-05-15 11:51 - 08919752 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-03-02 17:27 - 2015-04-21 23:55 - 03755008 _____ () C:\Program Files\TeraCopy\TeraCopyExt.dll
2016-03-02 17:27 - 2015-04-22 00:10 - 01736192 _____ () C:\Program Files\TeraCopy\TeraCopy64.dll
2016-04-19 05:12 - 2016-04-19 05:12 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-03-01 21:54 - 2015-12-06 21:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-11 08:40 - 2016-04-22 21:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-05-11 08:41 - 2016-04-22 21:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-05-11 08:41 - 2016-04-22 20:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-05-11 08:41 - 2016-04-22 20:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-05-11 08:41 - 2016-04-22 21:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2010-06-16 14:42 - 2010-06-16 14:42 - 00839680 _____ () C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe
2016-05-31 05:40 - 2016-05-31 05:40 - 07409664 _____ () C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.66.201.0_x86__kgqvnymyfvs32\stritz.exe
2016-03-04 13:12 - 2012-08-21 17:07 - 00373760 _____ () C:\WINDOWS\system32\spool\DRIVERS\x64\3\hp1100sd.dll
2016-03-04 13:12 - 2012-08-21 17:07 - 01038336 _____ () C:\WINDOWS\system32\spool\DRIVERS\x64\3\HP1100GC.dll
2016-03-04 13:12 - 2012-08-21 17:07 - 03034112 _____ () C:\WINDOWS\system32\spool\DRIVERS\x64\3\hp1100su.dll
2016-04-19 05:12 - 2016-04-19 05:12 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 05:12 - 2016-04-19 05:12 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-05-04 06:51 - 2016-05-04 06:52 - 00029840 _____ () C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.66.201.0_x86__kgqvnymyfvs32\libEGL.dll
2016-05-04 06:51 - 2016-05-04 06:52 - 01259160 _____ () C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.66.201.0_x86__kgqvnymyfvs32\libGLESv2.dll
2016-03-01 19:55 - 2016-03-01 20:00 - 00255488 _____ () C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.66.201.0_x86__kgqvnymyfvs32\curl.dll
2016-03-01 19:55 - 2016-03-01 20:00 - 01602560 _____ () C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.66.201.0_x86__kgqvnymyfvs32\LIBEAY32.dll
2016-03-01 19:55 - 2016-03-01 20:00 - 00479232 _____ () C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.66.201.0_x86__kgqvnymyfvs32\SSLEAY32.dll
2016-03-01 19:55 - 2016-03-01 20:00 - 00066560 _____ () C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.66.201.0_x86__kgqvnymyfvs32\zlib.dll
2016-05-28 12:03 - 2016-05-28 12:03 - 00404072 _____ () C:\Program Files (x86)\LibreOfficeDev 5\program\glew32.dll
2016-05-28 12:03 - 2016-05-28 12:03 - 01034856 _____ () C:\Program Files (x86)\LibreOfficeDev 5\program\libxml2.dll
2016-05-28 12:03 - 2016-05-28 12:03 - 00182376 _____ () C:\Program Files (x86)\LibreOfficeDev 5\program\libxslt.dll
2016-05-28 12:04 - 2016-05-28 12:04 - 00116328 _____ () C:\Program Files (x86)\LibreOfficeDev 5\program\python3.dll
2016-05-28 10:14 - 2016-05-28 10:14 - 00049152 _____ () C:\Program Files (x86)\LibreOfficeDev 5\program\python-core-3.3.0\lib\_socket.pyd
2016-03-15 06:24 - 2016-05-15 10:58 - 08919752 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 00:24 - 2015-10-30 00:21 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3409797038-3744183562-1095253496-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Paul\AppData\Roaming\FastStone\FSIV\FSViewerWallPaper.png
DNS Servers: 208.67.222.222 - 208.67.220.220
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{93526F6D-7417-4121-B83F-6AFA52D7DACA}] => (Allow) C:\Program Files\Firefox Developer Edition\firefox.exe
FirewallRules: [{A29DC542-D63E-478D-A386-3F9F0C7359C3}] => (Allow) C:\Program Files\Firefox Developer Edition\firefox.exe
FirewallRules: [{591C3ED0-BBF6-40D8-BE51-F0D2774D6A75}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{F1FDDDEC-6525-4416-A20C-96B260972739}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{5E520158-4ED3-490E-9ABB-1A856D3599BC}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{6694A612-0FCE-4587-A6F8-E364D918A9A3}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{A6411B83-8BB9-4782-A0E9-D0C72D66DF7C}] => (Allow) E:\ProductInst64.exe
FirewallRules: [{8FD25335-5571-462D-A35D-57EF68E3B2E7}] => (Allow) E:\ProductInst64.exe
FirewallRules: [{6DEC58A2-0616-414D-B911-1EEF9372F55C}] => (Allow) LPort=9100
FirewallRules: [{87F6E02F-0215-40F2-9C56-31C7E6B8ED37}] => (Allow) LPort=427
FirewallRules: [{FE336A9E-5CD1-4FC4-A6E4-DE178FFB01F7}] => (Allow) LPort=161
FirewallRules: [{8439E295-53F4-4713-8158-B7DE37C32AA7}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{F848B36C-F33B-43BF-A4DC-31A86C32889C}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{0A32BF4B-159F-4FF9-85EC-6E79CE2FD22F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{507B5207-C36B-4BE0-AF63-309A7B9AE04C}] => (Allow) C:\Program Files\Nightly\firefox.exe
FirewallRules: [{35092283-2822-4C5D-81DE-542FD225BF47}] => (Allow) C:\Program Files\Nightly\firefox.exe

==================== Restore Points =========================

11-05-2016 08:45:56 Windows Update
20-05-2016 06:36:48 Scheduled Checkpoint
24-05-2016 06:56:01 Installed LibreOfficeDev 5.2.0.0.alpha1
31-05-2016 19:53:33 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/03/2016 04:24:53 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (06/01/2016 06:07:03 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: Recovery phase failed.

Context: Application, SystemIndex Catalog

Details:
The gatherer is shutting down. (HRESULT : 0x80040d23) (0x80040d23)

Error: (06/01/2016 06:07:03 PM) (Source: Windows Search Service) (EventID: 3602) (User: )
Description: Error ID 1 happened in Windows Search recovery stage, please restart the service. If this error persists, please recreate the index.

Context: Application, SystemIndex Catalog

Details:
The gatherer is shutting down. (HRESULT : 0x80040d23) (0x80040d23)

Error: (06/01/2016 02:50:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: soffice.bin, version: 5.2.0.0, time stamp: 0x574964b8
Faulting module name: KERNELBASE.dll, version: 10.0.10586.306, time stamp: 0x571afb9a
Exception code: 0x00000000
Fault offset: 0x000bdae8
Faulting process id: 0x32b4
Faulting application start time: 0xsoffice.bin0
Faulting application path: soffice.bin1
Faulting module path: soffice.bin2
Report Id: soffice.bin3
Faulting package full name: soffice.bin4
Faulting package-relative application ID: soffice.bin5

Error: (06/01/2016 01:04:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: soffice.bin, version: 5.2.0.0, time stamp: 0x574964b8
Faulting module name: KERNELBASE.dll, version: 10.0.10586.306, time stamp: 0x571afb9a
Exception code: 0x00000000
Fault offset: 0x000bdae8
Faulting process id: 0x21d0
Faulting application start time: 0xsoffice.bin0
Faulting application path: soffice.bin1
Faulting module path: soffice.bin2
Report Id: soffice.bin3
Faulting package full name: soffice.bin4
Faulting package-relative application ID: soffice.bin5

Error: (05/31/2016 07:53:35 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (05/29/2016 03:18:10 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-GFO74CP)
Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2147024891 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/29/2016 02:23:19 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest1 ".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest2" on line C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.

Error: (05/27/2016 01:19:08 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (05/24/2016 06:25:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 10.0.10586.0, time stamp: 0x5632d8f4
Faulting module name: ntdll.dll, version: 10.0.10586.306, time stamp: 0x571af2eb
Exception code: 0xc0000409
Fault offset: 0x00000000000953f7
Faulting process id: 0xbc0
Faulting application start time: 0xDllHost.exe0
Faulting application path: DllHost.exe1
Faulting module path: DllHost.exe2
Report Id: DllHost.exe3
Faulting package full name: DllHost.exe4
Faulting package-relative application ID: DllHost.exe5


System errors:
=============
Error: (06/02/2016 09:46:41 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.

Code: 8 0x0 0x0

Error: (06/02/2016 09:46:40 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.

Code: 2 0xdeaddeed 0xeeec

Error: (06/02/2016 09:46:40 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.

Code: 1 0xc 0x4

Error: (06/01/2016 06:05:57 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:05:19 PM on ‎6/‎1/‎2016 was unexpected.

Error: (06/01/2016 06:04:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_2ffba service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (06/01/2016 06:04:45 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (05/31/2016 04:11:51 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (05/31/2016 09:59:21 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.

Code: 8 0x0 0x0

Error: (05/31/2016 09:59:20 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.

Code: 2 0xdeaddeed 0xeeec

Error: (05/31/2016 09:59:20 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.

Code: 1 0xc 0x4


CodeIntegrity:
===================================
Date: 2016-06-01 18:06:47.533
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-24 07:00:56.737
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-15 04:51:49.128
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-14 06:34:54.613
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-13 01:41:04.863
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-11 17:24:19.710
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-08 05:07:16.737
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-07 16:23:39.941
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-06 06:25:39.389
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-04-22 15:24:28.210
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD A10-7300 Radeon R6, 10 Compute Cores 4C+6G
Percentage of memory in use: 43%
Total physical RAM: 6989.48 MB
Available physical RAM: 3935.41 MB
Total Virtual: 8141.48 MB
Available Virtual: 5218.83 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:229.63 GB) (Free:177.42 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (New Volume) (Fixed) (Total:245.84 GB) (Free:153.78 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 56CDE85B)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=229.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=245.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

I think this is all I need to do, according to the sticky.

 

I can do that---they might like to know that Windows Defender has declared their uninstaller (has) a trojan.

So you are saying that this is a false positive? This is actually a better result than finding that I've been infected, and running a second rate antimalware app, that took over two months to find the malware.

 

OK thanks, I'll let them know that its being seen as a false positive.

OK---just to be sure, I'd like your opinion---what do you say, to having windows defender restore it to the original location, and then my having Malwarebytes scan that file?

 

MWB had no problem with it. I'll forward the info to Moo disk cleaner.

Broni---thanks a lot. I was already shopping around for pro antimalware programs, thinking that Windows Defender had really let me down. You saved me $30/yr on up.