Solved a really slow laptop

mtnet · 2016/04/06

[Solved] a really slow laptop

this laptop is super slow and does not act normal

frst.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Beth (administrator) on BETHSPC (06-04-2016 13:59:52)
Running from C:\Users\Beth\Downloads
Loaded Profiles: Beth (Available Profiles: Beth)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.8\ToolbarUpdater.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.8\loggingserver.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Apple Inc.) C:\Config.Msi\26dac3.rbf
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Apple Inc.) C:\Config.Msi\26db8f.rbf
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3951280 2016-01-07] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-03-18] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3795880 2016-02-04] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2875464 2016-03-18] ()
HKU\S-1-5-21-128070282-2949247487-322690973-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8686296 2016-03-11] (Piriform Ltd)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Beth\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64\FileSyncShell64.dll [2016-04-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Beth\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64\FileSyncShell64.dll [2016-04-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Beth\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64\FileSyncShell64.dll [2016-04-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Beth\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileSyncShell.dll [2016-04-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Beth\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileSyncShell.dll [2016-04-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Beth\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileSyncShell.dll [2016-04-06] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.5.130 206.127.64.131
Tcpip\..\Interfaces\{072e7a7a-c4c5-421e-bf1b-9cd9d2af526f}: [DhcpNameServer] 192.168.5.130 206.127.64.131
Tcpip\..\Interfaces\{1df74a27-39fc-4e8c-aa22-e45fede32491}: [DhcpNameServer] 10.5.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-21-128070282-2949247487-322690973-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={2088A121-15F2-4028-8086-818E7344BD95}&mid=88217ffc7cad47d29d2afd10a345e20f-3b32ff2b31a81bd1f60bfc3056f5e99a46883812&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-12-11 20:42:22&v=4.1.4.948&pid=wtu&sg=&sap=hp
HKU\S-1-5-21-128070282-2949247487-322690973-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-21-128070282-2949247487-322690973-1002\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/HPNOT13/1
SearchScopes: HKLM -> {398BD15B-68FD-456E-A1E5-DD9149D2BC10} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {398BD15B-68FD-456E-A1E5-DD9149D2BC10} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-128070282-2949247487-322690973-1002 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={2088A121-15F2-4028-8086-818E7344BD95}&mid=88217ffc7cad47d29d2afd10a345e20f-3b32ff2b31a81bd1f60bfc3056f5e99a46883812&lang=en&ds=AVG&coid=avgtbavg&cmpid=0316tb&pr=fr&d=2014-12-11 20:42:22&v=4.2.8.608&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-128070282-2949247487-322690973-1002 -> {398BD15B-68FD-456E-A1E5-DD9149D2BC10} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-128070282-2949247487-322690973-1002 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={2088A121-15F2-4028-8086-818E7344BD95}&mid=88217ffc7cad47d29d2afd10a345e20f-3b32ff2b31a81bd1f60bfc3056f5e99a46883812&lang=en&ds=AVG&coid=avgtbavg&cmpid=0316tb&pr=fr&d=2014-12-11 20:42:22&v=4.2.8.608&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-128070282-2949247487-322690973-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-03-18] (Microsoft Corporation)
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.2.8.608\AVG Web TuneUp.dll [2016-03-18] (AVG)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-03-18] (Microsoft Corporation)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.2.8.608\AVG Web TuneUp.dll [2016-03-18] (AVG)
Toolbar: HKU\S-1-5-21-128070282-2949247487-322690973-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.2.0\ViProtocol.dll [2014-12-11] (AVG Secure Search)

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.2.8\\npsitesafety.dll [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-12-15] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://yahoo.com/ "
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll => No File
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll => No File
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll => No File
CHR Profile: C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-07]
CHR Extension: (Google Drive) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (Google Search) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Google Docs Offline) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-05]
CHR Extension: (Gmail) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-21] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3646888 2016-02-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [335656 2016-02-04] (AVG Technologies CZ, s.r.o.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2828016 2016-02-09] (Microsoft Corporation)
R2 HPConnectedRemote; C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-12] (Hewlett-Packard)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246448 2016-01-07] (Synaptics Incorporated)
R2 vToolbarUpdater40.2.8; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.8\ToolbarUpdater.exe [1957448 2016-03-18] (AVG Secure Search)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1216584 2016-03-18] ()

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\System32\drivers\athw10x.sys [4318760 2015-08-28] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [111120 2016-03-01] (Advanced Micro Devices)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21152 2015-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2015-12-16] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [299440 2016-01-13] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [296368 2015-12-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [255920 2016-01-22] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [304560 2015-08-04] (AVG Technologies CZ, s.r.o.)
S3 c811bus; C:\Windows\System32\drivers\c811bus.sys [169800 2012-12-07] (MCCI Corporation)
S3 c811serd; C:\Windows\system32\DRIVERS\c811serd.sys [159048 2012-12-07] (MCCI Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-25] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-25] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)

========================== Drivers MD5 =======================

C:\Windows\System32\drivers\1394ohci.sys DF1C3D7E6C7929AD83BE22852B5B08CB
C:\Windows\System32\drivers\3ware.sys 2C5B3035B86770ADD2FE9BFBAF5B35A4
C:\Windows\System32\drivers\ACPI.sys 469441BAE3FF8A16826FC62C51EF5E18
C:\Windows\System32\Drivers\acpiex.sys 7EADED8087C392876521F7EBCE846EF4
C:\Windows\System32\drivers\acpipagr.sys C498887123327CDFD73A05E7A2780920
C:\Windows\System32\drivers\acpipmi.sys C8DBE6EFFCF014CAA010B9BDDAC833EC
C:\Windows\System32\drivers\acpitime.sys 17039DBEB3B7B9ADCDB4B4533AA9771F
C:\Windows\System32\drivers\ADP80XX.SYS F7D0CD345D2DA42E7042ABCD73662403
C:\Windows\system32\drivers\afd.sys 70148EFA9A562E7185B75BBE7D376BF7
C:\Windows\System32\drivers\agp440.sys 870F1A2C936F92B5D053DF7EC75B352F
C:\Windows\System32\DRIVERS\ahcache.sys 3DF7751D5DC6525E7DC6617FBB45054F
C:\Windows\System32\drivers\amdk8.sys B70F0F2F54B4A4DB6E9C830454752F5A
C:\Windows\system32\DRIVERS\atikmdag.sys D1F059A530620DCF71303B525D52CA97
C:\Windows\system32\DRIVERS\atikmpag.sys AD96CC96B6A0CEE8910A13679426C970
C:\Windows\System32\drivers\amdppm.sys 35E890482C9728DD5C552B85DA8A5AB2
C:\Windows\System32\drivers\amdsata.sys 5B30BCFE6E02E45D3EE268FF001BC5E0
C:\Windows\System32\drivers\amdsbs.sys F20B30F35A5C7888441B4DCA001ECF8E
C:\Windows\System32\drivers\amdxata.sys AFE838D7576C581D6483529621AB10CC
C:\Windows\System32\drivers\amd_sata.sys 0E6F9683928F99DF16E0E7924E4807D9
C:\Windows\System32\drivers\amd_xata.sys F9254DE6FA0A2782A4810726F2D677EF
C:\Windows\System32\drivers\appid.sys EDDB0D726DBECDFC1DBCC6DB464E5A13
C:\Windows\System32\drivers\arcsas.sys E3FE8F610B1CC12BC3B2E6BC43DC97E2
C:\Windows\System32\drivers\asyncmac.sys 5E00748A1AD246CAECBBB7553BED36CC
C:\Windows\System32\drivers\atapi.sys 492B99D2E3D5D7BFD5F0AE1BE7BD37DD
C:\Windows\System32\drivers\athw10x.sys 3009647315A75D0BB08A6BFF8310FA70
C:\Windows\system32\drivers\AtihdWT6.sys 2A38B5218A7BE3CE0E0B3D92E3844782
C:\Windows\System32\DRIVERS\avgboota.sys D5CC906EB32CD7E0E88472FA3B3F3CBE
C:\Windows\System32\DRIVERS\avgdiska.sys E7C8FBDCB1C079C332F962DD1C075E5E
C:\Windows\System32\DRIVERS\avgidsdrivera.sys 4F015560090A0CBE5174389F448BC6B1
C:\Windows\System32\DRIVERS\avgidsha.sys 1BD94555EDAABE8613522AF3085E1514
C:\Windows\System32\DRIVERS\avgldx64.sys FECC5605B7C62B2B327CBBBA38CCEEA6
C:\Windows\System32\DRIVERS\avgloga.sys 7EC2B7BBA7A30691D2E0D8478F219B90
C:\Windows\System32\DRIVERS\avgmfx64.sys 57544F5CB6000CF55F7B437109A01F65
C:\Windows\System32\DRIVERS\avgrkx64.sys 719EF00B1C5BED9CF5675274A4F774B9
C:\Windows\system32\DRIVERS\avgwfpa.sys 8B3B72D2C6E953B158EE238D092B0B2C
C:\Windows\System32\drivers\bxvbda.sys 6447BA6FA709514B6C803D159B4C7D1E
C:\Windows\System32\drivers\BasicDisplay.sys B4AC08B1D04D0CE085435E5CD0E663C5
C:\Windows\System32\drivers\BasicRender.sys 25B5BB369DEE2BAE4BF459C978FF9035
C:\Windows\System32\drivers\bcmfn.sys 3F5523DCEFE42B385659C5CB46A6B810
C:\Windows\System32\drivers\bcmfn2.sys 0B750A6A6D847E73CA48ADD7A0F5A393
C:\Windows\System32\Drivers\Beep.sys 5A88834AEE15D97695FAE0837B73B3E4
C:\Windows\System32\DRIVERS\bowser.sys DA2C6F7ACE392193C424FEA975C5BFFB
C:\Windows\System32\drivers\BthAvrcpTg.sys CAEC7BC11AF69A181AF7932E636E09E4
C:\Windows\System32\drivers\bthhfenum.sys 5F2B4B32E986C058525D3BA2A475A16C
C:\Windows\System32\drivers\BthHFHid.sys 5406289E8AE2CB52FC408154E0A64BA7
C:\Windows\System32\drivers\bthmodem.sys A76F20CCCA31895A1DA78A875E50F946
C:\Windows\System32\drivers\buttonconverter.sys BF89BDBA5D3A0B4256D3F6FC8D31880D
C:\Windows\System32\drivers\c811bus.sys B15D3C8B0BBD1110A40DB812F18426B7
C:\Windows\system32\DRIVERS\c811serd.sys 7ADB153CFA66D3CDF886B0798743938D
C:\Windows\System32\drivers\capimg.sys C24C27FDF93B85A4EFCF25F830253AA2
C:\Windows\System32\DRIVERS\cdfs.sys 7F9C7226D743B232907ED2537B8A574F
C:\Windows\System32\drivers\cdrom.sys 82D97776BF982AA143BDC7DFB5054EA8
C:\Windows\System32\drivers\circlass.sys 0505C1D991D0F9D47F3353BB98597C7E
C:\Windows\System32\drivers\CLFS.sys 8B4B39C507ABA09AAFE8E3932D1B392C
C:\Windows\System32\drivers\CmBatt.sys 95832B049E2833B9F5189823CDF946C7
C:\Windows\System32\Drivers\cng.sys A1105260EEEE3DBD8D38FD054B22BD00
C:\Windows\System32\DRIVERS\cnghwassist.sys 58D640BC2294C71BDE0953F12D4B432F
C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys 14F9883588398A1BDE49C75098C75DE6
C:\Windows\System32\drivers\condrv.sys 02B8E49148DE5E0A2F6FDF28CE94A6AC
C:\Windows\System32\drivers\dam.sys 2619DC483579DB9FE804044C1ADFFD1A
C:\Windows\System32\Drivers\dfsc.sys C9478D7DB7BE5D7ACE65CB1167F07320
C:\Windows\System32\drivers\disk.sys 4904B152E4942BF700F2D73228B4D477
C:\Windows\System32\drivers\dmvsc.sys 0197AE4B9790A4E73751CACFAA480126
C:\Windows\system32\DRIVERS\drmkaud.sys 25FA06D3B49D6ADF8E874FFCDCD76B50
C:\Windows\System32\drivers\dxgkrnl.sys F45665E77D11F3C1552EDBEAD1559DC8
C:\Windows\System32\drivers\evbda.sys 491275B864B704B54EC08168344E0F38
C:\Windows\System32\drivers\EhStorClass.sys CEF108FCE06892CFA5F1B49527D4BF49
C:\Windows\System32\drivers\EhStorTcgDrv.sys 5B1EAAE3001A7A320C106FC3859F4111
C:\Windows\System32\drivers\errdev.sys 7A2705148A4BB3CA255F81624338B461
C:\Windows\System32\Drivers\exfat.sys DFE8A33FBCF6F38182631A4D6097B92D
C:\Windows\System32\Drivers\fastfat.sys 03DE0EC072C5EBD5B018CAD83F1E522A
C:\Windows\System32\drivers\fdc.sys 9D299AE86D671488926126A84DF77BFD
C:\Windows\System32\drivers\filecrypt.sys 8F12AB59336143B680F71B217B495AD2
C:\Windows\System32\drivers\fileinfo.sys 92ECCFA58C8195B8EA33ED942469D4E6
C:\Windows\System32\drivers\filetrace.sys 87C51FDD50C17882BA93E28BBABB9847
C:\Windows\System32\drivers\flpydisk.sys E99261DD76D1C9E05AF575939CAE5AC5
C:\Windows\System32\drivers\fltmgr.sys 25D7A58625E1453E40D36825DE74E4F1
C:\Windows\System32\drivers\FsDepends.sys B4175E8BE60B099686FF55CA7D692316
C:\Windows\System32\Drivers\Fs_Rec.sys CC71372CEB811A72F1DC99089C5CBF53
C:\Windows\System32\DRIVERS\fvevol.sys 421497634C86EF4B8F86D0EBC076728F
C:\Windows\System32\drivers\gagp30kx.sys B9981A4CB9F728B3312A3885BFAA7204
C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\System32\drivers\vmgencounter.sys 77555B11B264991DDC26872FFCF1AB97
C:\Windows\System32\drivers\genericusbfn.sys F3AC9652D88BF87BA6596CBEA28CE10F
C:\Windows\System32\Drivers\msgpioclx.sys F802FBABF0C4DF1BAA733187B2E476F5
C:\Windows\System32\drivers\gpuenergydrv.sys D011B0ADB15F4815310CE1BF4780B33E
C:\Windows\System32\drivers\HDAudBus.sys 84BC034B6BB763733C1949B7B9BAF976
C:\Windows\System32\drivers\HidBatt.sys 6B8CB114B8E64C0636EB49F7B914D1FC
C:\Windows\System32\drivers\hidbth.sys D1AD197CCDAAC0CB4819DA1D6EB17BAE
C:\Windows\System32\drivers\hidi2c.sys 64909DECCFCC6FB5D9A5BAFDCCB31FEE
C:\Windows\System32\drivers\hidinterrupt.sys F510F7B7BF61DEAAC04E65C3B65E8D59
C:\Windows\System32\drivers\hidir.sys 90F3ED42D423C942BA5EA54E2FFE7AC7
C:\Windows\System32\drivers\hidusb.sys 128DEDDD61915DBA4D451D91D21F0513
C:\Windows\System32\drivers\HpSAMD.sys FF442DCDCE1F6E9FAA9C8AD0CD1D199B
C:\Windows\System32\drivers\HTTP.sys 318E816717431D3C23DC82779900C744
C:\Windows\System32\drivers\hwpolicy.sys CBA5E88A0F0475B7F49653BB72150BEF
C:\Windows\System32\drivers\hyperkbd.sys D668FAB4B0397B426EE3D41683B9A1C0
C:\Windows\system32\DRIVERS\HyperVideo.sys 40115A0F8E7FF9E786EBBD1D33D39AD7
C:\Windows\System32\drivers\i8042prt.sys 53FDD9E69189E546DE4740F8C4D8AB2F
C:\Windows\System32\drivers\iai2c.sys 9A2A2F3C69B9A30B6E78536F6D258BAD
C:\Windows\System32\drivers\iaLPSS2i_I2C.sys 59A20F5AD9F4AE54098154359519408E
C:\Windows\System32\drivers\iaLPSSi_GPIO.sys 16A10CCEDCF5AC4CAAE43DC9FC40392F
C:\Windows\System32\drivers\iaLPSSi_I2C.sys EB82A11613326691508D9ED9A4FE29E7
C:\Windows\System32\drivers\iaStorA.sys 6C91E425ACE29594BD574DE38AC9B76D
C:\Windows\System32\drivers\iaStorAV.sys 6B0029A0253098CCE28EACCFDB9E7208
C:\Windows\System32\drivers\iaStorV.sys 9652E1E35A92D8C75710C17A63B15796
C:\Windows\System32\drivers\ibbus.sys FFADF691F7BF727AF5C863454A372723
C:\Windows\system32\drivers\RTKVHD64.sys C2F868881D48A568B525255F084EF063
C:\Windows\System32\drivers\intelide.sys ECDB27420D3A98424666904525A8562A
C:\Windows\System32\drivers\intelpep.sys 8FF1978643EFD219C5BA49690191D701
C:\Windows\System32\drivers\intelppm.sys B61B60F36E1C8022FA8166ABF0F66B07
C:\Windows\System32\drivers\ioqos.sys CA0D42029AFFC4514D295E1EF823D02D
C:\Windows\System32\DRIVERS\ipfltdrv.sys 6E3F9D95235DFC9417384080A216F310
C:\Windows\System32\drivers\IPMIDrv.sys 4F527ECB5EAB47D8EAF34A469666C469
C:\Windows\System32\drivers\ipnat.sys 9E5E8F2A1996F23B7E9687846AA81B01
C:\Windows\System32\drivers\irenum.sys C317EB660138BC9CBFE37CCDE56351AE
C:\Windows\System32\drivers\isapnp.sys 531994A6D9399D9B74BE12B5BB58A81E
C:\Windows\System32\drivers\msiscsi.sys 68D5354A4A9692EEC24664C60F47D4A2
C:\Windows\System32\drivers\kbdclass.sys 701D7DB13B0815E7076EF4CB4CE981F8
C:\Windows\System32\drivers\kbdhid.sys 884EBBDDBF5968003B40185BD96FF0E6
C:\Windows\System32\drivers\kdnic.sys 6B3A0C7902811E6372643447E41F7048
C:\Windows\System32\Drivers\ksecdd.sys 982C795DE20CED7AEDD2E7899B5D9BC1
C:\Windows\System32\Drivers\ksecpkg.sys 7D8B9214692C4D0F1646215D9984E19A
C:\Windows\system32\drivers\ksthunk.sys E9BB0023D730701BB5D9839B44F5E6B5
C:\Windows\System32\drivers\lltdio.sys EC34EED89C34B27C292166B725AC7A7B
C:\Windows\System32\drivers\lsi_sas.sys 961F28D879D345BFA50AF51285C90F2E
C:\Windows\System32\drivers\lsi_sas2i.sys 6BFB8D1B3407518BE06B6F81F92FA0F5
C:\Windows\System32\drivers\lsi_sas3i.sys BE0E47988D78F731DEC2C0CB03E765CB
C:\Windows\System32\drivers\lsi_sss.sys F99BF02BE9219986817BF094981EEB18
C:\Windows\system32\drivers\luafv.sys 2FCF837196082864F66CFD9CAB256275
C:\Windows\System32\drivers\megasas.sys 2ED29B635F35E31A1C0D3DDB7DD2AD03
C:\Windows\System32\drivers\megasr.sys 22E3CB85870879CBAE13C5095A8B12E3

broni · 2016/04/06

Welcome aboard

Please, complete all steps listed HERE

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==============================

Please don't create multiple topics.

While running FRST don't checkmark any extra boxes.

mtnet · 2016/04/07

i did not mean to create multiple topics, i was having trouble posting, and it kept telling me i was over the limit.

here is frst.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Beth (administrator) on BETHSPC (07-04-2016 08:07:32)
Running from C:\Users\Beth\Downloads
Loaded Profiles: Beth (Available Profiles: Beth)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.8\ToolbarUpdater.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.8\loggingserver.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Apple Inc.) C:\Config.Msi\26dac3.rbf
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Apple Inc.) C:\Config.Msi\26db8f.rbf
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_2016.29.13.0_x64__8wekyb3d8bbwe\WinStore.Mobile.exe
() C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.62.900.0_x86__kgqvnymyfvs32\stritz.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1603.12020.0_x64__8wekyb3d8bbwe\Time.exe
() C:\Program Files\WindowsApps\Microsoft.BingWeather_4.8.277.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe
() C:\Program Files\WindowsApps\Microsoft.BingFinance_4.8.268.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Money.exe
() C:\Program Files\WindowsApps\Microsoft.ConnectivityStore_1.1603.1.0_x64__8wekyb3d8bbwe\ConnectivityStore.Windows.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3951280 2016-01-07] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-03-18] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3795880 2016-02-04] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2875464 2016-03-18] ()
HKU\S-1-5-21-128070282-2949247487-322690973-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8686296 2016-03-11] (Piriform Ltd)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Beth\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64\FileSyncShell64.dll [2016-04-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Beth\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64\FileSyncShell64.dll [2016-04-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Beth\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64\FileSyncShell64.dll [2016-04-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Beth\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileSyncShell.dll [2016-04-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Beth\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileSyncShell.dll [2016-04-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Beth\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileSyncShell.dll [2016-04-06] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.5.130 206.127.64.131
Tcpip\..\Interfaces\{072e7a7a-c4c5-421e-bf1b-9cd9d2af526f}: [DhcpNameServer] 192.168.5.130 206.127.64.131
Tcpip\..\Interfaces\{1df74a27-39fc-4e8c-aa22-e45fede32491}: [DhcpNameServer] 10.5.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-21-128070282-2949247487-322690973-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={2088A121-15F2-4028-8086-818E7344BD95}&mid=88217ffc7cad47d29d2afd10a345e20f-3b32ff2b31a81bd1f60bfc3056f5e99a46883812&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-12-11 20:42:22&v=4.1.4.948&pid=wtu&sg=&sap=hp
HKU\S-1-5-21-128070282-2949247487-322690973-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-21-128070282-2949247487-322690973-1002\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/HPNOT13/1
SearchScopes: HKLM -> {398BD15B-68FD-456E-A1E5-DD9149D2BC10} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {398BD15B-68FD-456E-A1E5-DD9149D2BC10} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-128070282-2949247487-322690973-1002 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={2088A121-15F2-4028-8086-818E7344BD95}&mid=88217ffc7cad47d29d2afd10a345e20f-3b32ff2b31a81bd1f60bfc3056f5e99a46883812&lang=en&ds=AVG&coid=avgtbavg&cmpid=0316tb&pr=fr&d=2014-12-11 20:42:22&v=4.2.8.608&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-128070282-2949247487-322690973-1002 -> {398BD15B-68FD-456E-A1E5-DD9149D2BC10} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-128070282-2949247487-322690973-1002 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={2088A121-15F2-4028-8086-818E7344BD95}&mid=88217ffc7cad47d29d2afd10a345e20f-3b32ff2b31a81bd1f60bfc3056f5e99a46883812&lang=en&ds=AVG&coid=avgtbavg&cmpid=0316tb&pr=fr&d=2014-12-11 20:42:22&v=4.2.8.608&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-128070282-2949247487-322690973-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-03-18] (Microsoft Corporation)
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.2.8.608\AVG Web TuneUp.dll [2016-03-18] (AVG)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-03-18] (Microsoft Corporation)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.2.8.608\AVG Web TuneUp.dll [2016-03-18] (AVG)
Toolbar: HKU\S-1-5-21-128070282-2949247487-322690973-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.2.0\ViProtocol.dll [2014-12-11] (AVG Secure Search)

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.2.8\\npsitesafety.dll [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-12-15] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://yahoo.com/ "
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll => No File
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll => No File
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll => No File
CHR Profile: C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-07]
CHR Extension: (Google Drive) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (Google Search) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Google Docs Offline) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-05]
CHR Extension: (Gmail) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-21] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3646888 2016-02-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [335656 2016-02-04] (AVG Technologies CZ, s.r.o.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2828016 2016-02-09] (Microsoft Corporation)
R2 HPConnectedRemote; C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-12] (Hewlett-Packard)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246448 2016-01-07] (Synaptics Incorporated)
R2 vToolbarUpdater40.2.8; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.8\ToolbarUpdater.exe [1957448 2016-03-18] (AVG Secure Search)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1216584 2016-03-18] ()

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\System32\drivers\athw10x.sys [4318760 2015-08-28] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [111120 2016-03-01] (Advanced Micro Devices)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21152 2015-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2015-12-16] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [299440 2016-01-13] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [296368 2015-12-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [255920 2016-01-22] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [304560 2015-08-04] (AVG Technologies CZ, s.r.o.)
S3 c811bus; C:\Windows\System32\drivers\c811bus.sys [169800 2012-12-07] (MCCI Corporation)
S3 c811serd; C:\Windows\system32\DRIVERS\c811serd.sys [159048 2012-12-07] (MCCI Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-25] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-25] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-06 14:08 - 2016-04-06 14:08 - 00038811 _____ C:\Users\Beth\Downloads\Shortcut.txt
2016-04-06 14:05 - 2016-04-06 14:08 - 00030091 _____ C:\Users\Beth\Downloads\Addition.txt
2016-04-06 13:59 - 2016-04-07 08:07 - 00020732 _____ C:\Users\Beth\Downloads\FRST.txt
2016-04-06 13:57 - 2016-04-07 08:02 - 00000000 ____D C:\FRST
2016-04-06 13:56 - 2016-04-06 13:57 - 02374144 _____ (Farbar) C:\Users\Beth\Downloads\FRST64.exe
2016-04-06 13:55 - 2016-04-06 13:55 - 00001822 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-04-06 13:55 - 2016-04-06 13:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-04-06 13:54 - 2016-04-06 13:55 - 00000000 ____D C:\Program Files\iTunes
2016-04-06 13:54 - 2016-04-06 13:54 - 00000000 ____D C:\Program Files\iPod
2016-04-06 13:54 - 2016-04-06 13:54 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-04-06 13:48 - 2016-04-06 13:48 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2016-04-06 13:47 - 2016-04-06 13:47 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-04-06 13:32 - 2016-04-06 12:38 - 00000000 ___DC C:\WINDOWS\Panther
2016-04-06 13:22 - 2016-04-06 13:23 - 00000000 ____D C:\Windows.old
2016-04-06 13:19 - 2016-04-06 13:19 - 24600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 22376960 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 12586496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 09919488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 08705672 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 07533568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-04-06 13:19 - 2016-04-06 13:19 - 06972416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 06952088 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 06740992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 06607080 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 05661696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 05321728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 04827136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 04412928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-04-06 13:19 - 2016-04-06 13:19 - 03449168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 03425792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 02912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 02793472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 02773096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 02654872 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 02635264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 02604032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 02581504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 02544264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 02186864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 02152288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-04-06 13:19 - 2016-04-06 13:19 - 02061312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 01997152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-04-06 13:19 - 2016-04-06 13:19 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 01859960 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 01847808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2016-04-06 13:19 - 2016-04-06 13:19 - 01831936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 01818696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 01799168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 01613664 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 01497088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2016-04-06 13:19 - 2016-04-06 13:19 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 01390592 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-04-06 13:19 - 2016-04-06 13:19 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 01322248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-04-06 13:19 - 2016-04-06 13:19 - 01224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 01152328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-04-06 13:19 - 2016-04-06 13:19 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSave.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-04-06 13:19 - 2016-04-06 13:19 - 01017032 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00997376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00990720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-04-06 13:19 - 2016-04-06 13:19 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00980352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00915456 _____ (Microsoft Corporation) C:\WINDOWS\system32\configurationclient.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00895080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00882720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-04-06 13:19 - 2016-04-06 13:19 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00848168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00819648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-04-06 13:19 - 2016-04-06 13:19 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00791744 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00779384 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00769536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2016-04-06 13:19 - 2016-04-06 13:19 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00713824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00713728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-04-06 13:19 - 2016-04-06 13:19 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\scapi.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00652392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00640472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-04-06 13:19 - 2016-04-06 13:19 - 00625000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00591872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-04-06 13:19 - 2016-04-06 13:19 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00572272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00563552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2016-04-06 13:19 - 2016-04-06 13:19 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00557056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-04-06 13:19 - 2016-04-06 13:19 - 00540160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00538736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00534368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-04-06 13:19 - 2016-04-06 13:19 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00523752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2016-04-06 13:19 - 2016-04-06 13:19 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00493568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00476728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00474624 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00450912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00430944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-04-06 13:19 - 2016-04-06 13:19 - 00420928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-04-06 13:19 - 2016-04-06 13:19 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\sharemediacpl.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2016-04-06 13:19 - 2016-04-06 13:19 - 00394752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00394080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-04-06 13:19 - 2016-04-06 13:19 - 00389992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00376536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2016-04-06 13:19 - 2016-04-06 13:19 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-04-06 13:19 - 2016-04-06 13:19 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00307712 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00287712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-04-06 13:19 - 2016-04-06 13:19 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqmapi.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00250880 _____ (Microsoft Corporation)

part1

mtnet · 2016/04/07

frst part 2

C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\cemapi.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-04-06 13:19 - 2016-04-06 13:19 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2016-04-06 13:19 - 2016-04-06 13:19 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00220064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqmapi.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuickActionsDataModel.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00216416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cemapi.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-04-06 13:19 - 2016-04-06 13:19 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00187744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwbase.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerServer.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwbase.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-04-06 13:19 - 2016-04-06 13:19 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-04-06 13:19 - 2016-04-06 13:19 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00147808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2016-04-06 13:19 - 2016-04-06 13:19 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00146272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2016-04-06 13:19 - 2016-04-06 13:19 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00141664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2016-04-06 13:19 - 2016-04-06 13:19 - 00141560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2016-04-06 13:19 - 2016-04-06 13:19 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxSip.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00127840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2016-04-06 13:19 - 2016-04-06 13:19 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2016-04-06 13:19 - 2016-04-06 13:19 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2016-04-06 13:19 - 2016-04-06 13:19 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-04-06 13:19 - 2016-04-06 13:19 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-04-06 13:19 - 2016-04-06 13:19 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\provpackageapidll.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\POSyncServices.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataPlatformHelperUtil.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenanceClient.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataPlatformHelperUtil.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\POSyncServices.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PimIndexMaintenanceClient.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTypeHelperUtil.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataLanguageUtil.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerClient.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTypeHelperUtil.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataLanguageUtil.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-04-06 13:19 - 2016-04-06 13:19 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TimeBrokerClient.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-04-06 13:19 - 2016-04-06 13:19 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-04-06 13:19 - 2016-04-06 13:19 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfapigp.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\irmon.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExtrasXmlParser.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfapigp.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExtrasXmlParser.dll
2016-04-06 13:08 - 2016-04-06 13:08 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-04-06 13:07 - 2016-04-06 13:07 - 00000000 ___HD C:\OneDriveTemp
2016-04-06 13:03 - 2016-04-06 13:03 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-04-06 13:03 - 2016-04-06 13:03 - 00000000 ____D C:\Program Files\MSBuild
2016-04-06 13:03 - 2016-04-06 13:03 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-04-06 13:03 - 2016-04-06 13:03 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-04-06 13:03 - 2016-04-06 13:03 - 00000000 ____D C:\inetpub
2016-04-06 13:02 - 2015-10-23 19:47 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2016-04-06 13:02 - 2015-10-23 19:47 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-04-06 13:02 - 2015-10-23 19:47 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2016-04-06 13:02 - 2015-10-23 19:46 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2016-04-06 13:02 - 2015-10-23 19:46 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2016-04-06 13:02 - 2015-10-23 19:45 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2016-04-06 13:01 - 2016-04-06 13:01 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-04-06 13:01 - 2016-04-06 13:01 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-04-06 13:01 - 2016-04-06 13:01 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-04-06 13:01 - 2016-04-06 13:01 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-04-06 12:57 - 2016-04-06 12:57 - 00004296 _____ C:\WINDOWS\System32\Tasks\AMD Updater
2016-04-06 12:57 - 2016-04-06 12:57 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2016-04-06 12:54 - 2016-04-06 12:54 - 08886976 _____ (Microsoft Corporation) C:\Users\Beth\Downloads\OneDriveSetup.exe
2016-04-06 12:52 - 2016-04-06 14:23 - 00000000 ____D C:\Users\Beth\AppData\Local\MicrosoftEdge
2016-04-06 12:50 - 2016-04-06 12:52 - 00002397 _____ C:\Users\Beth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-04-06 12:48 - 2016-04-06 12:48 - 00000000 ____D C:\ProgramData\ATI
2016-04-06 12:44 - 2016-04-06 12:44 - 00000000 ____D C:\Users\Beth\AppData\Local\Publishers
2016-04-06 12:42 - 2016-04-06 16:03 - 00000000 ____D C:\Users\Beth\AppData\Local\Comms
2016-04-06 12:41 - 2016-04-06 12:41 - 00000000 ____D C:\Users\Beth\AppData\Local\ActiveSync
2016-04-06 12:39 - 2016-04-06 12:39 - 00000020 ___SH C:\Users\Beth\ntuser.ini
2016-04-06 12:39 - 2016-04-06 12:39 - 00000000 ____D C:\Users\Beth\AppData\Local\TileDataLayer
2016-04-06 12:29 - 2016-04-06 12:29 - 00000000 _SHDL C:\Users\Default\My Documents
2016-04-06 12:29 - 2016-04-06 12:29 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2016-04-06 12:29 - 2016-04-06 12:29 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2016-04-06 12:29 - 2016-04-06 12:29 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2016-04-06 12:29 - 2016-04-06 12:29 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2016-04-06 12:29 - 2016-04-06 12:29 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2016-04-06 12:29 - 2016-04-06 12:29 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2016-04-06 12:03 - 2016-04-06 12:03 - 00001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-04-06 12:03 - 2016-04-06 12:03 - 00000000 ____D C:\Users\Default\Documents\hp.system.package.metadata
2016-04-06 12:03 - 2016-04-06 12:03 - 00000000 ____D C:\Users\Default\Documents\hp.applications.package.appdata
2016-04-06 12:03 - 2016-04-06 12:03 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2016-04-06 12:03 - 2016-04-06 12:03 - 00000000 ____D C:\Users\Default User\Documents\hp.system.package.metadata
2016-04-06 12:03 - 2016-04-06 12:03 - 00000000 ____D C:\Users\Default User\Documents\hp.applications.package.appdata
2016-04-06 12:03 - 2016-04-06 12:03 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2016-04-06 11:47 - 2016-04-06 11:47 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2016-04-06 11:44 - 2016-04-06 12:39 - 00000000 ____D C:\Users\Beth
2016-04-06 11:44 - 2016-04-06 11:44 - 00000000 _SHDL C:\Users\Beth\My Documents
2016-04-06 11:44 - 2016-04-06 11:44 - 00000000 _SHDL C:\Users\Beth\Documents\My Videos
2016-04-06 11:44 - 2016-04-06 11:44 - 00000000 _SHDL C:\Users\Beth\Documents\My Pictures
2016-04-06 11:44 - 2016-04-06 11:44 - 00000000 _SHDL C:\Users\Beth\Documents\My Music
2016-04-06 11:43 - 2016-04-06 13:11 - 00972104 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-06 11:43 - 2016-04-06 11:43 - 00929278 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2016-04-06 11:40 - 2016-04-06 11:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2016-04-06 11:40 - 2016-04-06 11:40 - 00000000 ____D C:\ProgramData\AMD
2016-04-06 11:40 - 2016-04-06 11:40 - 00000000 ____D C:\Program Files\ATI Technologies
2016-04-06 11:39 - 2016-04-06 11:48 - 00000000 ____D C:\ProgramData\Package Cache
2016-04-06 11:39 - 2016-04-06 11:48 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2016-04-06 11:38 - 2016-04-06 12:56 - 00000000 ____D C:\Program Files\AMD
2016-04-06 11:38 - 2016-04-06 11:38 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2016-04-06 11:38 - 2016-04-06 11:38 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-04-06 11:38 - 2016-04-06 11:38 - 00000000 ____D C:\Program Files\Realtek
2016-04-06 11:38 - 2016-04-06 11:38 - 00000000 _____ C:\WINDOWS\ativpsrm.bin
2016-04-06 11:37 - 2016-04-06 11:37 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2016-04-06 11:36 - 2016-04-06 11:36 - 00000000 ____D C:\Program Files\Synaptics
2016-04-05 17:24 - 2016-04-05 17:24 - 00000000 ____D C:\Users\Beth\Documents\Avatar
2016-04-05 15:59 - 2016-04-05 15:59 - 02001540 _____ C:\Users\Beth\Downloads\pc-decrapifier-3.0.0.exe
2016-04-05 15:42 - 2016-04-06 12:24 - 00002092 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-04-05 15:42 - 2016-04-06 12:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-04-05 15:42 - 2016-04-05 15:42 - 06868672 _____ (Piriform Ltd) C:\Users\Beth\Downloads\ccsetup516.exe
2016-04-05 15:42 - 2016-04-05 15:42 - 00000834 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-04-05 15:42 - 2016-04-05 15:42 - 00000000 ____D C:\Program Files\CCleaner
2016-04-05 15:29 - 2016-04-05 15:29 - 00359194 _____ C:\Users\Beth\AppData\Local\census.cache
2016-04-05 15:28 - 2016-04-05 15:28 - 00109915 _____ C:\Users\Beth\AppData\Local\ars.cache
2016-04-05 14:31 - 2016-04-05 14:31 - 02406064 _____ (Trend Micro Inc.) C:\Users\Beth\Downloads\HousecallLauncher64.exe
2016-04-05 14:31 - 2016-04-05 14:31 - 00000036 _____ C:\Users\Beth\AppData\Local\housecall.guid.cache
2016-04-05 13:04 - 2016-04-06 12:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-05 13:04 - 2016-04-05 13:08 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-04-05 13:04 - 2016-04-05 13:04 - 00001114 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-05 13:04 - 2016-04-05 13:04 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-04-05 13:04 - 2016-04-05 13:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-05 13:04 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-04-05 13:04 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-04-05 13:04 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-04-05 12:55 - 2016-04-05 13:02 - 22851472 _____ (Malwarebytes ) C:\Users\Beth\Downloads\mbam-setup-2.2.1.1043.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-07 07:42 - 2013-07-25 17:07 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-07 07:19 - 2014-10-02 18:43 - 00000000 ____D C:\ProgramData\MFAData
2016-04-07 03:58 - 2015-10-30 01:21 - 00000000 ____D C:\WINDOWS\INF
2016-04-07 03:54 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\appcompat
2016-04-07 02:39 - 2014-12-13 18:50 - 00004146 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B7D19124-2ED1-41AD-AE26-6233D0921A67}
2016-04-06 17:42 - 2013-07-25 17:07 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-06 14:18 - 2015-10-30 01:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-06 14:18 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-06 13:54 - 2013-08-10 15:25 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-04-06 13:47 - 2013-08-10 15:25 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-04-06 13:32 - 2015-10-30 01:24 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-04-06 13:28 - 2013-07-25 16:38 - 00000000 ____D C:\Users\Beth\AppData\Local\Packages
2016-04-06 13:22 - 2016-02-13 07:03 - 00000000 ____D C:\Program Files\Windows Journal
2016-04-06 13:22 - 2015-10-30 01:24 - 00000000 __RSD C:\WINDOWS\Media
2016-04-06 13:22 - 2015-10-30 01:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-04-06 13:22 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-04-06 13:22 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-04-06 13:22 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-04-06 13:22 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-04-06 13:22 - 2015-10-30 01:24 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-04-06 13:22 - 2015-10-30 01:24 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-04-06 13:22 - 2015-10-30 01:24 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-04-06 13:22 - 2015-10-30 01:24 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-04-06 13:22 - 2015-10-30 00:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-04-06 13:22 - 2015-10-30 00:28 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-04-06 13:07 - 2014-12-13 18:54 - 00000000 __RDO C:\Users\Beth\OneDrive
2016-04-06 13:03 - 2016-02-13 07:14 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-06 13:03 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2016-04-06 13:03 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2016-04-06 13:03 - 2015-10-30 01:19 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2016-04-06 13:03 - 2015-10-30 01:19 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2016-04-06 13:03 - 2015-10-30 01:19 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2016-04-06 13:03 - 2015-10-30 01:19 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2016-04-06 13:03 - 2015-10-30 01:19 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2016-04-06 13:03 - 2015-10-30 01:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2016-04-06 13:03 - 2015-10-30 01:18 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2016-04-06 13:03 - 2015-10-30 01:18 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2016-04-06 13:03 - 2015-10-30 01:18 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2016-04-06 13:03 - 2015-10-30 01:18 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2016-04-06 13:03 - 2015-10-30 01:18 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2016-04-06 13:03 - 2015-10-30 01:18 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2016-04-06 13:02 - 2015-10-30 00:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-04-06 12:53 - 2014-12-13 17:59 - 00000000 ____D C:\AMD
2016-04-06 12:40 - 2016-02-13 07:20 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-04-06 12:31 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\rescache
2016-04-06 12:30 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-04-06 12:28 - 2014-12-13 18:17 - 00030483 _____ C:\WINDOWS\diagwrn.xml
2016-04-06 12:28 - 2014-12-13 18:17 - 00030483 _____ C:\WINDOWS\diagerr.xml
2016-04-06 12:25 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\Registration
2016-04-06 12:24 - 2016-01-26 19:45 - 00002236 _____ C:\WINDOWS\System32\Tasks\AVG_SYS_TASK_0116tb_DELETE
2016-04-06 12:24 - 2014-12-13 18:45 - 00022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2016-04-06 12:24 - 2013-07-25 17:15 - 00002808 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-128070282-2949247487-322690973-1002
2016-04-06 12:24 - 2013-07-25 17:07 - 00003290 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-04-06 12:24 - 2013-07-25 17:07 - 00003062 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-04-06 12:24 - 2013-04-04 04:42 - 00002316 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-128070282-2949247487-322690973-500
2016-04-06 12:24 - 2013-04-04 03:10 - 00002340 _____ C:\WINDOWS\System32\Tasks\MirageAgent
2016-04-06 12:24 - 2013-04-04 02:49 - 00002048 _____ C:\WINDOWS\System32\Tasks\Synaptics TouchPad Enhancements
2016-04-06 12:15 - 2015-06-30 17:53 - 00000000 ____D C:\Program Files\Common Files\AV
2016-04-06 12:14 - 2015-10-30 01:24 - 00000000 __RHD C:\Users\Public\Libraries
2016-04-06 12:14 - 2015-10-30 01:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-04-06 12:14 - 2014-10-02 19:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-04-06 12:12 - 2013-07-25 17:09 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-06 12:07 - 2016-02-13 07:11 - 00349312 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-04-06 12:05 - 2015-10-30 01:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-04-06 12:05 - 2015-10-30 00:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-04-06 12:05 - 2015-02-14 23:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-04-06 12:05 - 2013-12-15 13:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-04-06 12:05 - 2013-09-05 23:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-04-06 12:05 - 2013-04-04 03:10 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2016-04-06 12:05 - 2013-04-04 02:57 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2016-04-06 12:05 - 2012-10-19 20:46 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-04-06 12:05 - 2012-10-19 20:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2016-04-06 12:05 - 2012-10-19 20:33 - 00000000 ____D C:\WINDOWS\en
2016-04-06 12:03 - 2013-08-22 07:36 - 00000000 ____D C:\Users\Default.migrated
2016-04-06 11:53 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2016-04-06 11:53 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2016-04-06 11:53 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2016-04-06 11:53 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2016-04-06 11:53 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\SysWOW64\et-EE
2016-04-06 11:53 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2016-04-06 11:53 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-04-06 11:53 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-04-06 11:53 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2016-04-06 11:53 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2016-04-06 11:53 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2016-04-06 11:53 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\IME
2016-04-06 11:53 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\et-EE
2016-04-06 11:53 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\en-GB
2016-04-06 11:53 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2016-04-06 11:53 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2016-04-06 11:50 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-04-06 11:50 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\InputMethod
2016-04-06 11:50 - 2015-10-30 01:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-06 11:50 - 2014-11-10 17:19 - 00000000 ____D C:\WINDOWS\system32\AutoUpdateLicense
2016-04-06 11:50 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\MediaViewer
2016-04-06 11:49 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\ADFS
2016-04-06 11:48 - 2015-10-30 01:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-04-06 11:48 - 2014-09-24 03:50 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Embedded Lockdown Manager
2016-04-06 11:48 - 2013-07-25 16:38 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
2016-04-06 11:48 - 2012-10-19 20:41 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2016-04-06 11:48 - 2012-10-19 20:26 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2016-04-06 11:48 - 2012-10-19 20:21 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2016-04-06 11:48 - 2012-08-03 16:29 - 00000000 ____D C:\ProgramData\PRICache
2016-04-06 11:46 - 2014-12-28 17:28 - 00000000 ____D C:\Users\Beth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EndUserUpgradeTool
2016-04-06 11:42 - 2015-10-30 00:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-04-06 10:30 - 2016-02-13 08:21 - 00000000 ___HD C:\$WINDOWS.~BT
2016-04-05 17:25 - 2014-10-02 18:36 - 00000000 ____D C:\Users\Beth\Documents\Youcam
2016-04-05 16:04 - 2013-08-14 22:32 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-04-05 15:56 - 2013-08-06 21:26 - 143659408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-05 15:46 - 2013-07-25 17:09 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-05 14:26 - 2014-10-02 18:43 - 00000000 ____D C:\Users\Beth\AppData\Local\Avg2015
2016-04-05 11:05 - 2013-08-22 09:36 - 00000000 ___RD C:\WINDOWS\ToastData
2016-03-18 11:51 - 2014-12-11 21:41 - 00000000 ____D C:\ProgramData\AVG Web TuneUp
2016-03-18 11:50 - 2015-03-04 20:50 - 00000000 ____D C:\Program Files\AVG Web TuneUp
2016-03-18 11:50 - 2014-12-11 21:41 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp
2016-03-18 10:44 - 2013-12-15 13:10 - 00000000 ____D C:\Program Files\Microsoft Office 15

==================== Files in the root of some directories =======

2016-04-05 15:28 - 2016-04-05 15:28 - 0109915 _____ () C:\Users\Beth\AppData\Local\ars.cache
2016-04-05 15:29 - 2016-04-05 15:29 - 0359194 _____ () C:\Users\Beth\AppData\Local\census.cache
2016-04-05 14:31 - 2016-04-05 14:31 - 0000036 _____ () C:\Users\Beth\AppData\Local\housecall.guid.cache
2013-07-25 16:40 - 2013-07-25 16:40 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

Some files in TEMP:
====================
C:\Users\Beth\AppData\Local\Temp\tmp64D2.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-04-06 11:34

==================== End of FRST.txt ============================

mtnet · 2016/04/07

addition part 1

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Beth (2016-04-06 14:05:18)
Running from C:\Users\Beth\Downloads
Windows 10 Home Version 1511 (X64) (2016-04-06 18:38:22)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-128070282-2949247487-322690973-500 - Administrator - Disabled)
Beth (S-1-5-21-128070282-2949247487-322690973-1002 - Administrator - Enabled) => C:\Users\Beth
DefaultAccount (S-1-5-21-128070282-2949247487-322690973-503 - Limited - Disabled)
Guest (S-1-5-21-128070282-2949247487-322690973-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-128070282-2949247487-322690973-1004 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6189 - AVG Technologies)
AVG 2015 (Version: 15.0.4545 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.6189 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.2.8.608 - AVG Technologies)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3.6326 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.3.2608 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.7.4528 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.5.5811 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.110 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
G'zOne Commando 4G LTE USB Driver (HKLM-x32\...\{99E1CC2D-EB4F-498B-B6ED-492654677E7E}) (Version: 5.30.17.1 - NEC CASIO Mobile Communications, Ltd.)
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1218 - Hewlett-Packard)
HP Documentation (HKLM-x32\...\{711EA7BB-5FF5-487F-8379-46BB5696FE40}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{C2E428EB-116E-41C0-9E84-B22DE9CCA42F}) (Version: 1.1.6232.4245 - Hewlett-Packard)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.8 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company)
iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4805.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
OEM Application Profile (HKLM-x32\...\{C89A97B6-F991-EBB5-77B7-927BCF420EBE}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29034 - Realtek Semiconductor Corp.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.1 - Synaptics Incorporated)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VZ-TL-PC (HKLM-x32\...\{9A25A804-4303-4787-B2DE-99AD745B1CBB}) (Version: 1.1.6 - NEC CASIO Mobile Communications, Ltd.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-128070282-2949247487-322690973-1002_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Beth\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02EE324A-60EF-40C6-AB37-38C185CF9015} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-03-21] (Advanced Micro Devices, Inc.)
Task: {062B4743-26F9-4AA1-B3A4-AA0513A777D0} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-03-18] (Microsoft Corporation)
Task: {0CAEEDEC-3F72-45B8-A8F1-F0B689821F1F} - System32\Tasks\AVG_SYS_TASK_0116tb_DELETE => C:\ProgramData\Avg_Update_0116tb\AVG-Secure-Search-Update_0116tb.exe [2016-01-26] ()
Task: {0E6AB2C6-B461-41E7-9B73-2B47B9671611} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2016-01-07] (Synaptics Incorporated)
Task: {0F372550-861D-43A9-BEC7-121494386F73} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {122909A1-99E1-4984-8054-4C516F597ED8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {2DCF92D9-925A-492D-AC3D-CD88E2CFCA3D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {3E1F5A42-BFD1-4606-8977-C257730EDC1A} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-10-12] (CyberLink)
Task: {52F52C53-501D-4612-957D-DF26CAB30FC2} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {6CBE3370-CB61-4A58-9209-5ECAAD29E94A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {6F069FB1-BE8F-442F-AD7C-0574138A5EAC} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {6F4BCB05-1323-4300-9400-A2EF0BCC22CF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {8E997508-5246-4C2B-B655-5530858CD8B2} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {9FC171D9-AF1F-4B55-A46E-AC9E39C60227} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {A375B280-728F-4C55-BCD7-8F0998CE9F68} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {C10E754A-EAE3-44C7-9BBC-45E7F009DBAD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {C158A210-27D2-4ECA-9E23-FC4F5A7F8626} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {CF4C1BA7-89D7-4B86-9402-88E2C825DBB4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {DF307D46-2137-4F76-AFAF-C9AB8EBD2815} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {E47EE88C-02EA-43A7-9BBD-B3BFDBE4F9C0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {E51E7408-FCB1-4790-8201-DBD549CAF3F9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {E99D8317-5B85-4094-96DB-B6261778E7ED} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {F31C59BA-058C-459F-A041-664235BD8D08} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {F5D15715-5267-4512-8FE4-51DE879EF34C} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {FB70780F-67AE-48FE-8E15-8960C08627DE} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {FCFC7056-38C9-4891-9E73-EFFAD80C8EA7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-03-11] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\AVG_SYS_TASK_0116tb_DELETE.job =>
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 01:18 - 2015-10-30 01:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-03-04 20:49 - 2016-03-18 11:50 - 01216584 ____N () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
2015-08-21 22:09 - 2015-08-21 22:09 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-03-25 12:24 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2016-03-18 11:50 - 2016-03-18 11:50 - 00192584 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.8\loggingserver.exe
2016-04-06 13:19 - 2016-04-06 13:19 - 02654872 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 02654872 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-10-28 21:29 - 2015-09-01 10:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-02-13 06:54 - 2016-02-13 06:54 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-02-13 06:54 - 2016-02-13 06:54 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-02-13 06:54 - 2016-02-13 06:54 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-02-13 06:54 - 2016-02-13 06:54 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-02-13 06:54 - 2016-02-13 06:54 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2014-12-11 21:41 - 2016-03-18 11:50 - 02875464 _____ () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
2015-08-21 22:09 - 2015-08-21 22:09 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-04-06 13:47 - 2016-04-06 13:48 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-03-18 22:55 - 2016-03-18 22:55 - 00306960 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll
2016-03-18 11:50 - 2016-03-18 11:50 - 00533576 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.8\log4cplusU.dll
2016-03-18 10:40 - 2016-03-18 10:40 - 00325824 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2016-04-06 13:47 - 2016-04-06 13:48 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-06 13:47 - 2016-04-06 13:48 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 01040656 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-05 15:46 - 2016-03-27 01:58 - 01675928 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\libglesv2.dll
2016-04-05 15:46 - 2016-03-27 01:58 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\libegl.dll
2016-04-05 22:07 - 2016-04-05 12:27 - 17532096 _____ () C:\Users\Beth\AppData\Local\Google\Chrome\User Data\PepperFlash\21.0.0.213\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

mtnet · 2016/04/07

addition part 2

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-128070282-2949247487-322690973-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Beth\Documents\Youcam\Snapshot_20160405_1.JPG
DNS Servers: 192.168.5.130 - 206.127.64.131
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "iTunesHelper "
HKLM\...\StartupApproved\Run32: => "APSDaemon "
HKLM\...\StartupApproved\Run32: => "AVG_UI "
HKLM\...\StartupApproved\Run32: => "vProt "

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{8DD6FF22-7175-4280-991C-FD9A33496B05}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{B98F739D-11A8-465A-99D1-73BF020495E3}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{C2E021DB-8205-459F-9736-87F5BCD4870D}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{4BC6176B-CEB0-4052-B491-35D628C98FCA}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{331E8D1A-45D2-4F08-85B7-22216C14225F}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{B1139CBB-9C11-4C6F-A77E-BD9FF741299D}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{694189EB-7288-4870-899E-DE7E7156FBF1}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{37D0D5CF-704E-4D1D-9703-924A4B9760D4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7DE9B8C1-4D82-4EB5-85E7-F0F41202E436}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7DB68511-DD4C-4633-9C43-3273109A5632}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4E7A5851-3D0E-4EB3-B55C-FE8383063AED}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{63F1E2F1-B597-4815-866C-1AD074CBA59B}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{FDD7D54A-758A-479D-AAEC-3ACBEC4D9405}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{700F49E4-DFCA-4578-A171-33287B230557}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{CFB81582-BEFD-43B3-AF8A-6106CF8E47B8}] => (Allow) LPort=2869
FirewallRules: [{0EB35F5A-3462-4420-8D1B-939E8E630BCF}] => (Allow) LPort=1900
FirewallRules: [{274CDE73-75C0-4514-8167-FDA5AE96C20A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{6AC1C35D-3346-4ED0-BBB0-3F30F20C6299}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{6F2ACC86-5978-46D3-8555-02DC0B10E748}] => (Allow) LPort=53000
FirewallRules: [{9A4EA75A-CCAF-4247-A231-DED3DFFE52CB}] => (Allow) LPort=52000
FirewallRules: [{785AE4E5-DF6B-4E62-948C-D8DE6B0397C3}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Restore Points =========================

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (04/06/2016 01:51:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SkypeHost.exe, version: 10.0.0.355, time stamp: 0x561ce698
Faulting module name: SkypeBackgroundTasks.dll, version: 0.0.0.0, time stamp: 0x561ce64b
Exception code: 0xc0000005
Fault offset: 0x0000ca79
Faulting process id: 0x51c
Faulting application start time: 0xSkypeHost.exe0
Faulting application path: SkypeHost.exe1
Faulting module path: SkypeHost.exe2
Report Id: SkypeHost.exe3
Faulting package full name: SkypeHost.exe4
Faulting package-relative application ID: SkypeHost.exe5

Error: (04/06/2016 01:41:04 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BETHSPC)
Description: Activation of app Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App failed with error: -2147024770 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (04/06/2016 01:35:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BETHSPC)
Description: Activation of app Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App failed with error: -2147024770 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (04/06/2016 01:33:49 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BETHSPC)
Description: Activation of app Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App failed with error: -2147024770 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (04/06/2016 01:26:21 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BETHSPC)
Description: Activation of app Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App failed with error: -2147024770 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (04/06/2016 01:18:49 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BETHSPC)
Description: Activation of app Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App failed with error: -2147024770 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (04/06/2016 01:16:20 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BETHSPC)
Description: Activation of app Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App failed with error: -2147024770 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (04/06/2016 12:58:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPPU.exe, version: 1.0.0.0, time stamp: 0x501b7575
Faulting module name: d2d1.dll, version: 10.0.10586.71, time stamp: 0x5699d1ef
Exception code: 0xc0000005
Fault offset: 0x002deb59
Faulting process id: 0x1408
Faulting application start time: 0xHPPU.exe0
Faulting application path: HPPU.exe1
Faulting module path: HPPU.exe2
Report Id: HPPU.exe3
Faulting package full name: HPPU.exe4
Faulting package-relative application ID: HPPU.exe5

Error: (04/06/2016 12:24:43 PM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: 0x8007085A

Error: (04/06/2016 12:11:57 PM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: 0x8007085A

System errors:
=============
Error: (04/06/2016 01:02:18 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Delivery Optimization service did not shut down properly after receiving a preshutdown control.

Error: (04/06/2016 01:01:38 PM) (Source: DCOM) (EventID: 10010) (User: BETHSPC)
Description: {D63B10C5-BB46-4990-A94F-E40B9D520160}

Error: (04/06/2016 01:01:35 PM) (Source: DCOM) (EventID: 10010) (User: BETHSPC)
Description: {260EB9DE-5CBE-4BFF-A99A-3710AF55BF1E}

Error: (04/06/2016 01:01:32 PM) (Source: DCOM) (EventID: 10010) (User: BETHSPC)
Description: {0002DF02-0000-0000-C000-000000000046}

Error: (04/06/2016 01:01:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_2d3c08 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/06/2016 01:01:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_2d3c08 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/06/2016 01:01:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_2d3c08 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/06/2016 01:01:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_2d3c08 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/06/2016 01:01:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/06/2016 12:53:44 PM) (Source: DCOM) (EventID: 10010) (User: BETHSPC)
Description: {14286318-B6CF-49A1-81FC-D74AD94902F9}

CodeIntegrity:
===================================
Date: 2016-04-06 12:15:42.574
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-04-06 12:12:07.248
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-04-06 11:36:27.570
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD E1-1500 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 55%
Total physical RAM: 3682.26 MB
Available physical RAM: 1623.32 MB
Total Virtual: 4322.26 MB
Available Virtual: 2127.31 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:274.4 GB) (Free:218.82 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:22.11 GB) (Free:2.72 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 1E1F4777)

Partition: GPT.

==================== End of Addition.txt ============================

broni · 2016/04/07

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all the running programs

Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator

Otherwise just double-click on RogueKiller.exe

Pre-scan will start. Let it finish.

Click on SCAN button.

Wait until the Status box shows Scan Finished

Click on Delete.

Wait until the Status box shows Deleting Finished.

Click on Report and copy/paste the content of the Notepad into your next reply.

RKreport.txt could also be found on your desktop.

If more than one log is produced post all logs.

If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.

At the end, be sure a checkmark is placed next to the following:

Launch Malwarebytes Anti-Malware

A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

Click Finish.

On the Dashboard, click the 'Update Now >>' link

After the update completes, click the 'Scan Now >>' button.

Or, on the Dashboard, click the Scan Now >> button.

If an update is available, click the Update Now button.

A Threat Scan will begin.

When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

In most cases, a restart will be required.

Wait for the prompt to restart the computer to appear, then click on Yes.

If you already have MBAM 2.0 installed:

On the Dashboard, click the 'Update Now >>' link

After the update completes, click the 'Scan Now >>' button.

Or, on the Dashboard, click the Scan Now >> button.

If an update is available, click the Update Now button.

A Threat Scan will begin.

When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

In most cases, a restart will be required.

Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs:
(Export log to save as txt)

After the restart once you are back at your desktop, open MBAM once more.

Click on the History tab > Application Logs.

Double click on the Scan Log which shows the Date and time of the scan just performed.

Click 'Export'.

Click 'Text file (*.txt)'

In the Save File dialog box which appears, click on Desktop.

In the File name: box type a name for your scan log.

A message box named 'File Saved' should appear stating "Your file has been successfully exported ".

Click Ok

Attach that saved log to your next reply.

(Copy to clipboard for pasting into forum replies or tickets)

After the restart once you are back at your desktop, open MBAM once more.

Click on the History tab > Application Logs.

Double click on the Scan Log which shows the Date and time of the scan just performed.

Click 'Copy to Clipboard'

Paste the contents of the clipboard into your reply.

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.

Double click on adwcleaner.exe to run the tool.

Click on Scan button.

When the scan has finished click on Clean button.

Your computer will be rebooted automatically. A text file will open after the restart.

Please post the contents of that logfile with your next reply.

You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.

Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator ".

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

mtnet · 2016/04/11

doing the RogueKiller scan now, hope to submit it before it is time to go home.

mtnet · 2016/04/11

rogue killer log

RogueKiller V12.1.2.0 [Apr 11 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.10586) 64 bits version
Started in : Normal mode
User : Beth [Administrator]
Started from : C:\Users\Beth\Downloads\RogueKiller.exe
Mode : Delete -- Date : 04/11/2016 17:17:09

¤¤¤ Processes : 1 ¤¤¤
[Proc.RunPE] SoftwareUpdate.exe(4116) -- C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe[7] -> Killed [TermThr]

¤¤¤ Registry : 4 ¤¤¤
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} (C:\Program Files\AVG Web TuneUp\4.2.8.608\AVG Web TuneUp.dll) -> Deleted
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} (C:\Program Files\AVG Web TuneUp\4.2.8.608\AVG Web TuneUp.dll) -> Deleted
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-128070282-2949247487-322690973-1002\Software\Microsoft\Internet Explorer\Main | Start Page : https://mysearch.avg.com/?cid={2088A121-15F2-4028-8086-818E7344BD95}&mid=88217ffc7cad47d29d2afd10a345e20f-3b32ff2b31a81bd1f60bfc3056f5e99a46883812&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-12-11 20:42:22&v=4.1.4.948&pid=wtu&sg=&sap=hp -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-128070282-2949247487-322690973-1002\Software\Microsoft\Internet Explorer\Main | Start Page : https://mysearch.avg.com/?cid={2088A121-15F2-4028-8086-818E7344BD95}&mid=88217ffc7cad47d29d2afd10a345e20f-3b32ff2b31a81bd1f60bfc3056f5e99a46883812&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-12-11 20:42:22&v=4.1.4.948&pid=wtu&sg=&sap=hp -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD3200BPVT-60JJ5 SATA Disk Device +++++
--- User ---
[MBR] fd9c45f893067b4140b808bdc8664c76
[BSP] f5d2fdebf049248a4e68d20ee572f3c3 : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 400 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 821248 | Size: 260 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1353728 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1615872 | Size: 280984 MB
4 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 577073152 | Size: 834 MB
5 - [SYSTEM] Basic data partition | Offset (sectors): 578781184 | Size: 22637 MB
User = LL1 ... OK
User = LL2 ... OK

mtnet · 2016/04/12

mbam

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/11/2016
Scan Time: 5:25 PM
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.04.11.07
Rootkit Database: v2016.04.09.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Beth

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 356300
Time Elapsed: 32 min, 32 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

mtnet · 2016/04/12

original mbam scan

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/5/2016
Scan Time: 1:09 PM
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.04.05.05
Rootkit Database: v2016.04.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Beth

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 348637
Time Elapsed: 44 min, 59 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 2
PUP.Optional.Solimba, C:\Users\Beth\Downloads\Setup.exe, Quarantined, [04352c7fdabf4aec368079fa16ebd927],
PUP.Optional.Solimba, C:\Users\Beth\Downloads\PluginInstall.exe, Quarantined, [3dfc2e7dddbcd561a016b9baf0116d93],

Physical Sectors: 0
(No malicious items detected)

(end)

mtnet · 2016/04/12

awcleaner

# AdwCleaner v5.110 - Logfile created 12/04/2016 at 09:10:45
# Updated 10/04/2016 by Xplode
# Database : 2016-04-11.4 [Server]
# Operating system : Windows 10 Home (X64)
# Username : Beth - BETHSPC
# Running from : C:\Users\Beth\Downloads\adwcleaner_5.110.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : WtuSystemSupport
[-] Service Deleted : vToolbarUpdater40.2.8

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files\avg web tuneup
[-] Folder Deleted : C:\Program Files (x86)\avg web tuneup
[-] Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
[-] Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
[-] Folder Deleted : C:\ProgramData\AVG Secure Search
[-] Folder Deleted : C:\ProgramData\AVG Security Toolbar
[-] Folder Deleted : C:\ProgramData\avg web tuneup
[-] Folder Deleted : C:\ProgramData\Avg_Update_0116av
[-] Folder Deleted : C:\ProgramData\Avg_Update_0116tb
[-] Folder Deleted : C:\ProgramData\Avg_Update_0215tb
[-] Folder Deleted : C:\ProgramData\Avg_Update_0914av
[-] Folder Deleted : C:\ProgramData\Avg_Update_1015av
[-] Folder Deleted : C:\ProgramData\Avg_Update_1215av
[#] Folder Deleted : C:\ProgramData\Application Data\AVG Secure Search
[#] Folder Deleted : C:\ProgramData\Application Data\AVG Security Toolbar
[#] Folder Deleted : C:\ProgramData\Application Data\avg web tuneup
[#] Folder Deleted : C:\ProgramData\Application Data\Avg_Update_0116av
[#] Folder Deleted : C:\ProgramData\Application Data\Avg_Update_0116tb
[#] Folder Deleted : C:\ProgramData\Application Data\Avg_Update_0215tb
[#] Folder Deleted : C:\ProgramData\Application Data\Avg_Update_0914av
[#] Folder Deleted : C:\ProgramData\Application Data\Avg_Update_1015av
[#] Folder Deleted : C:\ProgramData\Application Data\Avg_Update_1215av
[-] Folder Deleted : C:\Users\Beth\AppData\Local\avg web tuneup
[-] Folder Deleted : C:\Users\Beth\AppData\LocalLow\avg web tuneup

***** [ Files ] *****

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\handler\viprotocol
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
[-] Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj
[-] Key Deleted : HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\AVG Tuneup
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Data Restored : HKU\S-1-5-21-128070282-2949247487-322690973-1002\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

***** [ Web browsers ] *****

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [6271 bytes] - [12/04/2016 09:10:45]
C:\AdwCleaner\AdwCleaner[S1].txt - [6163 bytes] - [12/04/2016 09:04:35]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [6417 bytes] ##########

mtnet · 2016/04/12

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.4 (03.14.2016)
Operating System: Windows 10 Home x64
Ran by Beth (Administrator) on Tue 04/12/2016 at 9:22:17.63
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 1

Successfully deleted: C:\Users\Beth\AppData\Roaming\alawarentertainment (Folder)

Registry: 2

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{398BD15B-68FD-456E-A1E5-DD9149D2BC10} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{398BD15B-68FD-456E-A1E5-DD9149D2BC10} (Registry Key)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 04/12/2016 at 9:28:05.04
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

broni · 2016/04/12

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

Double click to run it.

Make sure you checkmark Addition.txt box.

Press Scan button.

Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

mtnet · 2016/04/12

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Beth (administrator) on BETHSPC (12-04-2016 15:20:31)
Running from C:\Users\Beth\Downloads
Loaded Profiles: Beth (Available Profiles: Beth)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_2016.29.13.0_x64__8wekyb3d8bbwe\WinStore.Mobile.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Inc.) C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.8.4092.0_x64__8wekyb3d8bbwe\Solitaire.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3951280 2016-01-07] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-03-18] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3795880 2016-02-04] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-128070282-2949247487-322690973-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8686296 2016-03-11] (Piriform Ltd)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Beth\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64\FileSyncShell64.dll [2016-04-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Beth\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64\FileSyncShell64.dll [2016-04-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Beth\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64\FileSyncShell64.dll [2016-04-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Beth\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileSyncShell.dll [2016-04-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Beth\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileSyncShell.dll [2016-04-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Beth\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileSyncShell.dll [2016-04-06] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [55808 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\napinsp.dll "
Winsock: Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll "
Winsock: Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll "
Winsock: Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65024 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll "
Winsock: Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll "
Winsock: Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23552 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\System32\winrnr.dll "
Tcpip\Parameters: [DhcpNameServer] 192.168.5.130 206.127.64.131
Tcpip\..\Interfaces\{072e7a7a-c4c5-421e-bf1b-9cd9d2af526f}: [DhcpNameServer] 192.168.5.130 206.127.64.131
Tcpip\..\Interfaces\{1df74a27-39fc-4e8c-aa22-e45fede32491}: [DhcpNameServer] 192.168.5.130 206.127.64.131

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-21-128070282-2949247487-322690973-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-21-128070282-2949247487-322690973-1002\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/HPNOT13/1
SearchScopes: HKLM -> {398BD15B-68FD-456E-A1E5-DD9149D2BC10} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-128070282-2949247487-322690973-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-03-18] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-03-18] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-128070282-2949247487-322690973-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-12-15] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://yahoo.com/ "
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll => No File
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll => No File
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll => No File
CHR Profile: C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-07]
CHR Extension: (Google Drive) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (Google Search) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Google Docs Offline) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-05]
CHR Extension: (Gmail) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-21] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3646888 2016-02-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [335656 2016-02-04] (AVG Technologies CZ, s.r.o.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2828016 2016-02-09] (Microsoft Corporation)
R2 HPConnectedRemote; C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-12] (Hewlett-Packard)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246448 2016-01-07] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 athr; C:\Windows\System32\drivers\athw10x.sys [4318760 2015-08-28] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [111120 2016-03-01] (Advanced Micro Devices)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21152 2015-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2015-12-16] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [299440 2016-01-13] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [296368 2015-12-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [255920 2016-01-22] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [304560 2015-08-04] (AVG Technologies CZ, s.r.o.)
S3 c811bus; C:\Windows\System32\drivers\c811bus.sys [169800 2012-12-07] (MCCI Corporation)
S3 c811serd; C:\Windows\system32\DRIVERS\c811serd.sys [159048 2012-12-07] (MCCI Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-25] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-25] (Synaptics Incorporated)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-04-11] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-12 09:28 - 2016-04-12 09:28 - 00000901 _____ C:\Users\Beth\Desktop\JRT.txt
2016-04-12 09:24 - 2016-04-12 09:24 - 00000000 ____D C:\Users\Beth\AppData\Local\CrashDumps
2016-04-12 09:04 - 2016-04-12 09:10 - 00000000 ____D C:\AdwCleaner
2016-04-12 09:03 - 2016-04-12 09:04 - 03465280 _____ C:\Users\Beth\Downloads\adwcleaner_5.110.exe
2016-04-12 09:02 - 2016-04-12 09:21 - 01610352 _____ (Malwarebytes) C:\Users\Beth\Downloads\JRT.exe
2016-04-11 18:19 - 2016-04-11 18:19 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-04-11 17:23 - 2016-04-11 17:23 - 00002833 _____ C:\Users\Beth\Desktop\roguekiller.txt
2016-04-11 16:18 - 2016-04-11 16:18 - 00024688 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-04-11 16:17 - 2016-04-12 09:04 - 00000000 ____D C:\ProgramData\RogueKiller
2016-04-11 16:15 - 2016-04-11 16:17 - 19765832 _____ C:\Users\Beth\Downloads\RogueKiller.exe
2016-04-06 14:08 - 2016-04-06 14:08 - 00038811 _____ C:\Users\Beth\Downloads\Shortcut.txt
2016-04-06 14:05 - 2016-04-06 14:08 - 00030091 _____ C:\Users\Beth\Downloads\Addition.txt
2016-04-06 13:59 - 2016-04-12 15:20 - 00016737 _____ C:\Users\Beth\Downloads\FRST.txt
2016-04-06 13:57 - 2016-04-12 15:20 - 00000000 ____D C:\FRST
2016-04-06 13:56 - 2016-04-06 13:57 - 02374144 _____ (Farbar) C:\Users\Beth\Downloads\FRST64.exe
2016-04-06 13:55 - 2016-04-06 13:55 - 00001822 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-04-06 13:55 - 2016-04-06 13:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-04-06 13:54 - 2016-04-06 13:55 - 00000000 ____D C:\Program Files\iTunes
2016-04-06 13:54 - 2016-04-06 13:54 - 00000000 ____D C:\Program Files\iPod
2016-04-06 13:54 - 2016-04-06 13:54 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-04-06 13:48 - 2016-04-06 13:48 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2016-04-06 13:47 - 2016-04-06 13:47 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-04-06 13:32 - 2016-04-06 12:38 - 00000000 ___DC C:\WINDOWS\Panther
2016-04-06 13:22 - 2016-04-06 13:23 - 00000000 ____D C:\Windows.old
2016-04-06 13:19 - 2016-04-06 13:19 - 24600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 22376960 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 12586496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 09919488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 08705672 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 07533568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-04-06 13:19 - 2016-04-06 13:19 - 06972416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 06952088 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 06740992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 06607080 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 05661696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 05321728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 04827136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 04412928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-04-06 13:19 - 2016-04-06 13:19 - 03449168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 03425792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 02912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 02793472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 02773096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 02654872 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 02635264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 02604032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 02581504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 02544264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 02186864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 02152288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-04-06 13:19 - 2016-04-06 13:19 - 02061312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 01997152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-04-06 13:19 - 2016-04-06 13:19 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 01859960 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 01847808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2016-04-06 13:19 - 2016-04-06 13:19 - 01831936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 01818696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 01799168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 01613664 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 01497088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2016-04-06 13:19 - 2016-04-06 13:19 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 01390592 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-04-06 13:19 - 2016-04-06 13:19 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 01322248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-04-06 13:19 - 2016-04-06 13:19 - 01224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 01152328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-04-06 13:19 - 2016-04-06 13:19 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSave.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-04-06 13:19 - 2016-04-06 13:19 - 01017032 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00997376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00990720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-04-06 13:19 - 2016-04-06 13:19 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00980352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00915456 _____ (Microsoft Corporation) C:\WINDOWS\system32\configurationclient.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00895080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00882720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-04-06 13:19 - 2016-04-06 13:19 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00848168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00819648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-04-06 13:19 - 2016-04-06 13:19 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00791744 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00779384 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00769536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2016-04-06 13:19 - 2016-04-06 13:19 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00713824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00713728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-04-06 13:19 - 2016-04-06 13:19 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\scapi.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00652392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00640472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-04-06 13:19 - 2016-04-06 13:19 - 00625000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll============================

mtnet · 2016/04/12

2016-04-06 13:19 - 2016-04-06 13:19 - 00591872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-04-06 13:19 - 2016-04-06 13:19 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00572272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00563552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2016-04-06 13:19 - 2016-04-06 13:19 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00557056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-04-06 13:19 - 2016-04-06 13:19 - 00540160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00538736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00534368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-04-06 13:19 - 2016-04-06 13:19 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00523752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2016-04-06 13:19 - 2016-04-06 13:19 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00493568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00476728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00474624 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00450912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00430944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-04-06 13:19 - 2016-04-06 13:19 - 00420928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-04-06 13:19 - 2016-04-06 13:19 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\sharemediacpl.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2016-04-06 13:19 - 2016-04-06 13:19 - 00394752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00394080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-04-06 13:19 - 2016-04-06 13:19 - 00389992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00376536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2016-04-06 13:19 - 2016-04-06 13:19 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-04-06 13:19 - 2016-04-06 13:19 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00307712 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00287712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-04-06 13:19 - 2016-04-06 13:19 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqmapi.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\cemapi.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-04-06 13:19 - 2016-04-06 13:19 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2016-04-06 13:19 - 2016-04-06 13:19 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00220064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqmapi.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuickActionsDataModel.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00216416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cemapi.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-04-06 13:19 - 2016-04-06 13:19 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00187744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwbase.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerServer.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwbase.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-04-06 13:19 - 2016-04-06 13:19 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-04-06 13:19 - 2016-04-06 13:19 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00147808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2016-04-06 13:19 - 2016-04-06 13:19 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00146272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2016-04-06 13:19 - 2016-04-06 13:19 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00141664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2016-04-06 13:19 - 2016-04-06 13:19 - 00141560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2016-04-06 13:19 - 2016-04-06 13:19 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxSip.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00127840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2016-04-06 13:19 - 2016-04-06 13:19 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2016-04-06 13:19 - 2016-04-06 13:19 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2016-04-06 13:19 - 2016-04-06 13:19 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-04-06 13:19 - 2016-04-06 13:19 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-04-06 13:19 - 2016-04-06 13:19 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\provpackageapidll.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\POSyncServices.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataPlatformHelperUtil.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenanceClient.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataPlatformHelperUtil.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\POSyncServices.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PimIndexMaintenanceClient.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTypeHelperUtil.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataLanguageUtil.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerClient.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTypeHelperUtil.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataLanguageUtil.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-04-06 13:19 - 2016-04-06 13:19 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TimeBrokerClient.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-04-06 13:19 - 2016-04-06 13:19 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-04-06 13:19 - 2016-04-06 13:19 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfapigp.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\irmon.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExtrasXmlParser.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfapigp.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExtrasXmlParser.dll
2016-04-06 13:08 - 2016-04-06 13:08 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-04-06 13:07 - 2016-04-06 13:07 - 00000000 ___HD C:\OneDriveTemp
2016-04-06 13:03 - 2016-04-06 13:03 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-04-06 13:03 - 2016-04-06 13:03 - 00000000 ____D C:\Program Files\MSBuild
2016-04-06 13:03 - 2016-04-06 13:03 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-04-06 13:03 - 2016-04-06 13:03 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-04-06 13:03 - 2016-04-06 13:03 - 00000000 ____D C:\inetpub
2016-04-06 13:02 - 2015-10-23 19:47 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2016-04-06 13:02 - 2015-10-23 19:47 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-04-06 13:02 - 2015-10-23 19:47 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2016-04-06 13:02 - 2015-10-23 19:46 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2016-04-06 13:02 - 2015-10-23 19:46 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2016-04-06 13:02 - 2015-10-23 19:45 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2016-04-06 13:01 - 2016-04-06 13:01 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-04-06 13:01 - 2016-04-06 13:01 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-04-06 13:01 - 2016-04-06 13:01 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-04-06 13:01 - 2016-04-06 13:01 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-04-06 12:57 - 2016-04-06 12:57 - 00004296 _____ C:\WINDOWS\System32\Tasks\AMD Updater
2016-04-06 12:54 - 2016-04-06 12:54 - 08886976 _____ (Microsoft Corporation) C:\Users\Beth\Downloads\OneDriveSetup.exe
2016-04-06 12:52 - 2016-04-06 14:23 - 00000000 ____D C:\Users\Beth\AppData\Local\MicrosoftEdge
2016-04-06 12:50 - 2016-04-06 12:52 - 00002397 _____ C:\Users\Beth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-04-06 12:48 - 2016-04-06 12:48 - 00000000 ____D C:\ProgramData\ATI
2016-04-06 12:44 - 2016-04-06 12:44 - 00000000 ____D C:\Users\Beth\AppData\Local\Publishers
2016-04-06 12:42 - 2016-04-06 16:03 - 00000000 ____D C:\Users\Beth\AppData\Local\Comms
2016-04-06 12:41 - 2016-04-06 12:41 - 00000000 ____D C:\Users\Beth\AppData\Local\ActiveSync
2016-04-06 12:39 - 2016-04-06 12:39 - 00000020 ___SH C:\Users\Beth\ntuser.ini
2016-04-06 12:39 - 2016-04-06 12:39 - 00000000 ____D C:\Users\Beth\AppData\Local\TileDataLayer
2016-04-06 12:29 - 2016-04-06 12:29 - 00000000 _SHDL C:\Users\Default\My Documents
2016-04-06 12:29 - 2016-04-06 12:29 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2016-04-06 12:29 - 2016-04-06 12:29 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2016-04-06 12:29 - 2016-04-06 12:29 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2016-04-06 12:29 - 2016-04-06 12:29 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2016-04-06 12:29 - 2016-04-06 12:29 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2016-04-06 12:29 - 2016-04-06 12:29 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2016-04-06 12:03 - 2016-04-06 12:03 - 00001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-04-06 12:03 - 2016-04-06 12:03 - 00000000 ____D C:\Users\Default\Documents\hp.system.package.metadata
2016-04-06 12:03 - 2016-04-06 12:03 - 00000000 ____D C:\Users\Default\Documents\hp.applications.package.appdata
2016-04-06 12:03 - 2016-04-06 12:03 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2016-04-06 12:03 - 2016-04-06 12:03 - 00000000 ____D C:\Users\Default User\Documents\hp.system.package.metadata
2016-04-06 12:03 - 2016-04-06 12:03 - 00000000 ____D C:\Users\Default User\Documents\hp.applications.package.appdata
2016-04-06 12:03 - 2016-04-06 12:03 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2016-04-06 11:47 - 2016-04-06 11:47 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2016-04-06 11:44 - 2016-04-06 12:39 - 00000000 ____D C:\Users\Beth
2016-04-06 11:44 - 2016-04-06 11:44 - 00000000 _SHDL C:\Users\Beth\My Documents
2016-04-06 11:44 - 2016-04-06 11:44 - 00000000 _SHDL C:\Users\Beth\Documents\My Videos
2016-04-06 11:44 - 2016-04-06 11:44 - 00000000 _SHDL C:\Users\Beth\Documents\My Pictures
2016-04-06 11:44 - 2016-04-06 11:44 - 00000000 _SHDL C:\Users\Beth\Documents\My Music
2016-04-06 11:43 - 2016-04-12 09:23 - 00972104 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-06 11:43 - 2016-04-06 11:43 - 00929278 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2016-04-06 11:40 - 2016-04-06 11:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2016-04-06 11:40 - 2016-04-06 11:40 - 00000000 ____D C:\ProgramData\AMD
2016-04-06 11:40 - 2016-04-06 11:40 - 00000000 ____D C:\Program Files\ATI Technologies
2016-04-06 11:39 - 2016-04-07 11:52 - 00000000 ____D C:\ProgramData\Package Cache
2016-04-06 11:39 - 2016-04-06 11:48 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2016-04-06 11:38 - 2016-04-06 12:56 - 00000000 ____D C:\Program Files\AMD
2016-04-06 11:38 - 2016-04-06 11:38 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2016-04-06 11:38 - 2016-04-06 11:38 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-04-06 11:38 - 2016-04-06 11:38 - 00000000 ____D C:\Program Files\Realtek
2016-04-06 11:38 - 2016-04-06 11:38 - 00000000 _____ C:\WINDOWS\ativpsrm.bin
2016-04-06 11:37 - 2016-04-06 11:37 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2016-04-06 11:36 - 2016-04-06 11:36 - 00000000 ____D C:\Program Files\Synaptics
2016-04-05 17:24 - 2016-04-05 17:24 - 00000000 ____D C:\Users\Beth\Documents\Avatar
2016-04-05 15:59 - 2016-04-05 15:59 - 02001540 _____ C:\Users\Beth\Downloads\pc-decrapifier-3.0.0.exe
2016-04-05 15:42 - 2016-04-06 12:24 - 00002092 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-04-05 15:42 - 2016-04-06 12:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-04-05 15:42 - 2016-04-05 15:42 - 06868672 _____ (Piriform Ltd) C:\Users\Beth\Downloads\ccsetup516.exe
2016-04-05 15:42 - 2016-04-05 15:42 - 00000834 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-04-05 15:42 - 2016-04-05 15:42 - 00000000 ____D C:\Program Files\CCleaner
2016-04-05 15:29 - 2016-04-05 15:29 - 00359194 _____ C:\Users\Beth\AppData\Local\census.cache
2016-04-05 15:28 - 2016-04-05 15:28 - 00109915 _____ C:\Users\Beth\AppData\Local\ars.cache
2016-04-05 14:31 - 2016-04-05 14:31 - 02406064 _____ (Trend Micro Inc.) C:\Users\Beth\Downloads\HousecallLauncher64.exe
2016-04-05 14:31 - 2016-04-05 14:31 - 00000036 _____ C:\Users\Beth\AppData\Local\housecall.guid.cache
2016-04-05 13:04 - 2016-04-11 17:25 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-04-05 13:04 - 2016-04-06 12:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-05 13:04 - 2016-04-05 13:04 - 00001114 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-05 13:04 - 2016-04-05 13:04 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-04-05 13:04 - 2016-04-05 13:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-05 13:04 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-04-05 13:04 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-04-05 13:04 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-04-05 12:55 - 2016-04-05 13:02 - 22851472 _____ (Malwarebytes ) C:\Users\Beth\Downloads\mbam-setup-2.2.1.1043.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-12 14:42 - 2013-07-25 17:07 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-12 12:36 - 2015-10-30 01:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-12 12:36 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-12 12:35 - 2013-07-25 16:38 - 00000000 ____D C:\Users\Beth\AppData\Local\Packages
2016-04-12 11:03 - 2014-12-13 18:50 - 00004146 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B7D19124-2ED1-41AD-AE26-6233D0921A67}
2016-04-12 09:23 - 2015-10-30 01:21 - 00000000 ____D C:\WINDOWS\INF
2016-04-12 09:23 - 2014-12-13 18:54 - 00000000 __RDO C:\Users\Beth\OneDrive
2016-04-12 09:22 - 2014-10-02 18:43 - 00000000 ____D C:\ProgramData\MFAData
2016-04-12 09:19 - 2013-07-25 17:07 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-12 09:16 - 2016-02-13 07:14 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-12 09:15 - 2015-10-30 00:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-04-11 18:00 - 2013-07-25 17:09 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-11 18:00 - 2013-07-25 17:09 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-11 16:13 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-04-07 11:53 - 2015-10-30 01:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-07 03:54 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\appcompat
2016-04-06 13:54 - 2013-08-10 15:25 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-04-06 13:47 - 2013-08-10 15:25 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-04-06 13:32 - 2015-10-30 01:24 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-04-06 13:22 - 2016-02-13 07:03 - 00000000 ____D C:\Program Files\Windows Journal
2016-04-06 13:22 - 2015-10-30 01:24 - 00000000 __RSD C:\WINDOWS\Media
2016-04-06 13:22 - 2015-10-30 01:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-04-06 13:22 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-04-06 13:22 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-04-06 13:22 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-04-06 13:22 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-04-06 13:22 - 2015-10-30 01:24 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-04-06 13:22 - 2015-10-30 01:24 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-04-06 13:22 - 2015-10-30 01:24 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-04-06 13:22 - 2015-10-30 01:24 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-04-06 13:22 - 2015-10-30 00:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-04-06 13:22 - 2015-10-30 00:28 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-04-06 13:03 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2016-04-06 13:03 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2016-04-06 13:03 - 2015-10-30 01:19 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2016-04-06 13:03 - 2015-10-30 01:19 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2016-04-06 13:03 - 2015-10-30 01:19 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2016-04-06 13:03 - 2015-10-30 01:19 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2016-04-06 13:03 - 2015-10-30 01:19 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2016-04-06 13:03 - 2015-10-30 01:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2016-04-06 13:03 - 2015-10-30 01:18 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2016-04-06 13:03 - 2015-10-30 01:18 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2016-04-06 13:03 - 2015-10-30 01:18 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2016-04-06 13:03 - 2015-10-30 01:18 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2016-04-06 13:03 - 2015-10-30 01:18 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2016-04-06 13:03 - 2015-10-30 01:18 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2016-04-06 12:53 - 2014-12-13 17:59 - 00000000 ____D C:\AMD
2016-04-06 12:40 - 2016-02-13 07:20 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-04-06 12:31 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\rescache
2016-04-06 12:30 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-04-06 12:28 - 2014-12-13 18:17 - 00030483 _____ C:\WINDOWS\diagwrn.xml
2016-04-06 12:28 - 2014-12-13 18:17 - 00030483 _____ C:\WINDOWS\diagerr.xml
2016-04-06 12:25 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\Registration
2016-04-06 12:24 - 2016-01-26 19:45 - 00002236 _____ C:\WINDOWS\System32\Tasks\AVG_SYS_TASK_0116tb_DELETE
2016-04-06 12:24 - 2014-12-13 18:45 - 00022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2016-04-06 12:24 - 2013-07-25 17:15 - 00002808 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-128070282-2949247487-322690973-1002
2016-04-06 12:24 - 2013-07-25 17:07 - 00003290 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-04-06 12:24 - 2013-07-25 17:07 - 00003062 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-04-06 12:24 - 2013-04-04 04:42 - 00002316 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-128070282-2949247487-322690973-500
2016-04-06 12:24 - 2013-04-04 03:10 - 00002340 _____ C:\WINDOWS\System32\Tasks\MirageAgent
2016-04-06 12:24 - 2013-04-04 02:49 - 00002048 _____ C:\WINDOWS\System32\Tasks\Synaptics TouchPad Enhancements
2016-04-06 12:15 - 2015-06-30 17:53 - 00000000 ____D C:\Program Files\Common Files\AV
2016-04-06 12:14 - 2015-10-30 01:24 - 00000000 __RHD C:\Users\Public\Libraries
2016-04-06 12:14 - 2015-10-30 01:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-04-06 12:14 - 2014-10-02 19:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-04-06 12:07 - 2016-02-13 07:11 - 00349312 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-04-06 12:05 - 2015-10-30 01:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-04-06 12:05 - 2015-10-30 00:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-04-06 12:05 - 2015-02-14 23:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-04-06 12:05 - 2013-12-15 13:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-04-06 12:05 - 2013-09-05 23:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-04-06 12:05 - 2013-04-04 03:10 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2016-04-06 12:05 - 2013-04-04 02:57 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2016-04-06 12:05 - 2012-10-19 20:46 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-04-06 12:05 - 2012-10-19 20:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2016-04-06 12:05 - 2012-10-19 20:33 - 00000000 ____D C:\WINDOWS\en
2016-04-06 12:03 - 2013-08-22 07:36 - 00000000 ____D C:\Users\Default.migrated
2016-04-06 11:53 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2016-04-06 11:53 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2016-04-06 11:53 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2016-04-06 11:53 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2016-04-06 11:53 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\SysWOW64\et-EE
2016-04-06 11:53 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2016-04-06 11:53 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-04-06 11:53 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2016-04-06 11:53 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2016-04-06 11:53 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2016-04-06 11:53 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\IME
2016-04-06 11:53 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\et-EE
2016-04-06 11:53 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\en-GB
2016-04-06 11:53 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2016-04-06 11:53 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2016-04-06 11:50 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-04-06 11:50 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\InputMethod
2016-04-06 11:50 - 2014-11-10 17:19 - 00000000 ____D C:\WINDOWS\system32\AutoUpdateLicense
2016-04-06 11:50 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\MediaViewer
2016-04-06 11:49 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\ADFS
2016-04-06 11:48 - 2015-10-30 01:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-04-06 11:48 - 2014-09-24 03:50 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Embedded Lockdown Manager
2016-04-06 11:48 - 2013-07-25 16:38 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
2016-04-06 11:48 - 2012-10-19 20:41 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2016-04-06 11:48 - 2012-10-19 20:26 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2016-04-06 11:48 - 2012-10-19 20:21 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2016-04-06 11:48 - 2012-08-03 16:29 - 00000000 ____D C:\ProgramData\PRICache
2016-04-06 11:46 - 2014-12-28 17:28 - 00000000 ____D C:\Users\Beth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EndUserUpgradeTool
2016-04-06 11:42 - 2015-10-30 00:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-04-06 10:30 - 2016-02-13 08:21 - 00000000 ___HD C:\$WINDOWS.~BT
2016-04-05 17:25 - 2014-10-02 18:36 - 00000000 ____D C:\Users\Beth\Documents\Youcam
2016-04-05 16:04 - 2013-08-14 22:32 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-04-05 15:56 - 2013-08-06 21:26 - 143659408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-05 14:26 - 2014-10-02 18:43 - 00000000 ____D C:\Users\Beth\AppData\Local\Avg2015
2016-04-05 11:05 - 2013-08-22 09:36 - 00000000 ___RD C:\WINDOWS\ToastData
2016-03-18 10:44 - 2013-12-15 13:10 - 00000000 ____D C:\Program Files\Microsoft Office 15

==================== Files in the root of some directories =======

2016-04-05 15:28 - 2016-04-05 15:28 - 0109915 _____ () C:\Users\Beth\AppData\Local\ars.cache
2016-04-05 15:29 - 2016-04-05 15:29 - 0359194 _____ () C:\Users\Beth\AppData\Local\census.cache
2016-04-05 14:31 - 2016-04-05 14:31 - 0000036 _____ () C:\Users\Beth\AppData\Local\housecall.guid.cache
2013-07-25 16:40 - 2013-07-25 16:40 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

Some files in TEMP:
====================
C:\Users\Beth\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Beth\AppData\Local\Temp\libeay32.dll
C:\Users\Beth\AppData\Local\Temp\msvcr120.dll
C:\Users\Beth\AppData\Local\Temp\sqlite3.dll
C:\Users\Beth\AppData\Local\Temp\tmp64D2.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-04-06 11:34

==================== End of FRST.txt

broni · 2016/04/12

I still need Addition.txt log.

mtnet · 2016/04/13

2016-04-06 13:19 - 2016-04-06 13:19 - 00591872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-04-06 13:19 - 2016-04-06 13:19 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00572272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00563552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2016-04-06 13:19 - 2016-04-06 13:19 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00557056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-04-06 13:19 - 2016-04-06 13:19 - 00540160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00538736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00534368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-04-06 13:19 - 2016-04-06 13:19 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00523752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2016-04-06 13:19 - 2016-04-06 13:19 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00493568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00476728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00474624 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00450912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00430944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-04-06 13:19 - 2016-04-06 13:19 - 00420928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-04-06 13:19 - 2016-04-06 13:19 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\sharemediacpl.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2016-04-06 13:19 - 2016-04-06 13:19 - 00394752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00394080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-04-06 13:19 - 2016-04-06 13:19 - 00389992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00376536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2016-04-06 13:19 - 2016-04-06 13:19 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-04-06 13:19 - 2016-04-06 13:19 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00307712 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00287712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-04-06 13:19 - 2016-04-06 13:19 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqmapi.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\cemapi.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-04-06 13:19 - 2016-04-06 13:19 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2016-04-06 13:19 - 2016-04-06 13:19 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00220064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqmapi.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuickActionsDataModel.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00216416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cemapi.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-04-06 13:19 - 2016-04-06 13:19 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00187744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwbase.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerServer.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwbase.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-04-06 13:19 - 2016-04-06 13:19 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-04-06 13:19 - 2016-04-06 13:19 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00147808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2016-04-06 13:19 - 2016-04-06 13:19 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00146272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2016-04-06 13:19 - 2016-04-06 13:19 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00141664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2016-04-06 13:19 - 2016-04-06 13:19 - 00141560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2016-04-06 13:19 - 2016-04-06 13:19 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxSip.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00127840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2016-04-06 13:19 - 2016-04-06 13:19 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2016-04-06 13:19 - 2016-04-06 13:19 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2016-04-06 13:19 - 2016-04-06 13:19 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-04-06 13:19 - 2016-04-06 13:19 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-04-06 13:19 - 2016-04-06 13:19 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\provpackageapidll.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\POSyncServices.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataPlatformHelperUtil.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenanceClient.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataPlatformHelperUtil.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\POSyncServices.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PimIndexMaintenanceClient.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTypeHelperUtil.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataLanguageUtil.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerClient.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTypeHelperUtil.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataLanguageUtil.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-04-06 13:19 - 2016-04-06 13:19 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TimeBrokerClient.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-04-06 13:19 - 2016-04-06 13:19 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-04-06 13:19 - 2016-04-06 13:19 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfapigp.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\irmon.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExtrasXmlParser.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfapigp.dll
2016-04-06 13:19 - 2016-04-06 13:19 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExtrasXmlParser.dll
2016-04-06 13:08 - 2016-04-06 13:08 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-04-06 13:07 - 2016-04-06 13:07 - 00000000 ___HD C:\OneDriveTemp
2016-04-06 13:03 - 2016-04-06 13:03 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-04-06 13:03 - 2016-04-06 13:03 - 00000000 ____D C:\Program Files\MSBuild
2016-04-06 13:03 - 2016-04-06 13:03 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-04-06 13:03 - 2016-04-06 13:03 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-04-06 13:03 - 2016-04-06 13:03 - 00000000 ____D C:\inetpub
2016-04-06 13:02 - 2015-10-23 19:47 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2016-04-06 13:02 - 2015-10-23 19:47 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-04-06 13:02 - 2015-10-23 19:47 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2016-04-06 13:02 - 2015-10-23 19:46 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2016-04-06 13:02 - 2015-10-23 19:46 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2016-04-06 13:02 - 2015-10-23 19:45 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2016-04-06 13:01 - 2016-04-06 13:01 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-04-06 13:01 - 2016-04-06 13:01 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-04-06 13:01 - 2016-04-06 13:01 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-04-06 13:01 - 2016-04-06 13:01 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-04-06 12:57 - 2016-04-06 12:57 - 00004296 _____ C:\WINDOWS\System32\Tasks\AMD Updater
2016-04-06 12:54 - 2016-04-06 12:54 - 08886976 _____ (Microsoft Corporation) C:\Users\Beth\Downloads\OneDriveSetup.exe
2016-04-06 12:52 - 2016-04-06 14:23 - 00000000 ____D C:\Users\Beth\AppData\Local\MicrosoftEdge
2016-04-06 12:50 - 2016-04-06 12:52 - 00002397 _____ C:\Users\Beth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-04-06 12:48 - 2016-04-06 12:48 - 00000000 ____D C:\ProgramData\ATI
2016-04-06 12:44 - 2016-04-06 12:44 - 00000000 ____D C:\Users\Beth\AppData\Local\Publishers
2016-04-06 12:42 - 2016-04-06 16:03 - 00000000 ____D C:\Users\Beth\AppData\Local\Comms
2016-04-06 12:41 - 2016-04-06 12:41 - 00000000 ____D C:\Users\Beth\AppData\Local\ActiveSync
2016-04-06 12:39 - 2016-04-06 12:39 - 00000020 ___SH C:\Users\Beth\ntuser.ini
2016-04-06 12:39 - 2016-04-06 12:39 - 00000000 ____D C:\Users\Beth\AppData\Local\TileDataLayer
2016-04-06 12:29 - 2016-04-06 12:29 - 00000000 _SHDL C:\Users\Default\My Documents
2016-04-06 12:29 - 2016-04-06 12:29 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2016-04-06 12:29 - 2016-04-06 12:29 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2016-04-06 12:29 - 2016-04-06 12:29 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2016-04-06 12:29 - 2016-04-06 12:29 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2016-04-06 12:29 - 2016-04-06 12:29 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2016-04-06 12:29 - 2016-04-06 12:29 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2016-04-06 12:03 - 2016-04-06 12:03 - 00001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-04-06 12:03 - 2016-04-06 12:03 - 00000000 ____D C:\Users\Default\Documents\hp.system.package.metadata
2016-04-06 12:03 - 2016-04-06 12:03 - 00000000 ____D C:\Users\Default\Documents\hp.applications.package.appdata
2016-04-06 12:03 - 2016-04-06 12:03 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2016-04-06 12:03 - 2016-04-06 12:03 - 00000000 ____D C:\Users\Default User\Documents\hp.system.package.metadata
2016-04-06 12:03 - 2016-04-06 12:03 - 00000000 ____D C:\Users\Default User\Documents\hp.applications.package.appdata
2016-04-06 12:03 - 2016-04-06 12:03 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2016-04-06 11:47 - 2016-04-06 11:47 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2016-04-06 11:44 - 2016-04-06 12:39 - 00000000 ____D C:\Users\Beth
2016-04-06 11:44 - 2016-04-06 11:44 - 00000000 _SHDL C:\Users\Beth\My Documents
2016-04-06 11:44 - 2016-04-06 11:44 - 00000000 _SHDL C:\Users\Beth\Documents\My Videos
2016-04-06 11:44 - 2016-04-06 11:44 - 00000000 _SHDL C:\Users\Beth\Documents\My Pictures
2016-04-06 11:44 - 2016-04-06 11:44 - 00000000 _SHDL C:\Users\Beth\Documents\My Music
2016-04-06 11:43 - 2016-04-12 09:23 - 00972104 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-06 11:43 - 2016-04-06 11:43 - 00929278 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2016-04-06 11:40 - 2016-04-06 11:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2016-04-06 11:40 - 2016-04-06 11:40 - 00000000 ____D C:\ProgramData\AMD
2016-04-06 11:40 - 2016-04-06 11:40 - 00000000 ____D C:\Program Files\ATI Technologies
2016-04-06 11:39 - 2016-04-07 11:52 - 00000000 ____D C:\ProgramData\Package Cache
2016-04-06 11:39 - 2016-04-06 11:48 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2016-04-06 11:38 - 2016-04-06 12:56 - 00000000 ____D C:\Program Files\AMD
2016-04-06 11:38 - 2016-04-06 11:38 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2016-04-06 11:38 - 2016-04-06 11:38 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-04-06 11:38 - 2016-04-06 11:38 - 00000000 ____D C:\Program Files\Realtek
2016-04-06 11:38 - 2016-04-06 11:38 - 00000000 _____ C:\WINDOWS\ativpsrm.bin
2016-04-06 11:37 - 2016-04-06 11:37 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2016-04-06 11:36 - 2016-04-06 11:36 - 00000000 ____D C:\Program Files\Synaptics
2016-04-05 17:24 - 2016-04-05 17:24 - 00000000 ____D C:\Users\Beth\Documents\Avatar
2016-04-05 15:59 - 2016-04-05 15:59 - 02001540 _____ C:\Users\Beth\Downloads\pc-decrapifier-3.0.0.exe
2016-04-05 15:42 - 2016-04-06 12:24 - 00002092 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-04-05 15:42 - 2016-04-06 12:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-04-05 15:42 - 2016-04-05 15:42 - 06868672 _____ (Piriform Ltd) C:\Users\Beth\Downloads\ccsetup516.exe
2016-04-05 15:42 - 2016-04-05 15:42 - 00000834 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-04-05 15:42 - 2016-04-05 15:42 - 00000000 ____D C:\Program Files\CCleaner
2016-04-05 15:29 - 2016-04-05 15:29 - 00359194 _____ C:\Users\Beth\AppData\Local\census.cache
2016-04-05 15:28 - 2016-04-05 15:28 - 00109915 _____ C:\Users\Beth\AppData\Local\ars.cache
2016-04-05 14:31 - 2016-04-05 14:31 - 02406064 _____ (Trend Micro Inc.) C:\Users\Beth\Downloads\HousecallLauncher64.exe
2016-04-05 14:31 - 2016-04-05 14:31 - 00000036 _____ C:\Users\Beth\AppData\Local\housecall.guid.cache
2016-04-05 13:04 - 2016-04-11 17:25 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-04-05 13:04 - 2016-04-06 12:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-05 13:04 - 2016-04-05 13:04 - 00001114 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-05 13:04 - 2016-04-05 13:04 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-04-05 13:04 - 2016-04-05 13:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-05 13:04 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-04-05 13:04 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-04-05 13:04 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-04-05 12:55 - 2016-04-05 13:02 - 22851472 _____ (Malwarebytes ) C:\Users\Beth\Downloads\mbam-setup-2.2.1.1043.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-12 14:42 - 2013-07-25 17:07 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-12 12:36 - 2015-10-30 01:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-12 12:36 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-12 12:35 - 2013-07-25 16:38 - 00000000 ____D C:\Users\Beth\AppData\Local\Packages
2016-04-12 11:03 - 2014-12-13 18:50 - 00004146 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B7D19124-2ED1-41AD-AE26-6233D0921A67}
2016-04-12 09:23 - 2015-10-30 01:21 - 00000000 ____D C:\WINDOWS\INF
2016-04-12 09:23 - 2014-12-13 18:54 - 00000000 __RDO C:\Users\Beth\OneDrive
2016-04-12 09:22 - 2014-10-02 18:43 - 00000000 ____D C:\ProgramData\MFAData
2016-04-12 09:19 - 2013-07-25 17:07 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-12 09:16 - 2016-02-13 07:14 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-12 09:15 - 2015-10-30 00:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-04-11 18:00 - 2013-07-25 17:09 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-11 18:00 - 2013-07-25 17:09 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-11 16:13 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-04-07 11:53 - 2015-10-30 01:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-07 03:54 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\appcompat
2016-04-06 13:54 - 2013-08-10 15:25 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-04-06 13:47 - 2013-08-10 15:25 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-04-06 13:32 - 2015-10-30 01:24 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-04-06 13:22 - 2016-02-13 07:03 - 00000000 ____D C:\Program Files\Windows Journal
2016-04-06 13:22 - 2015-10-30 01:24 - 00000000 __RSD C:\WINDOWS\Media
2016-04-06 13:22 - 2015-10-30 01:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-04-06 13:22 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-04-06 13:22 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-04-06 13:22 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-04-06 13:22 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-04-06 13:22 - 2015-10-30 01:24 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-04-06 13:22 - 2015-10-30 01:24 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-04-06 13:22 - 2015-10-30 01:24 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-04-06 13:22 - 2015-10-30 01:24 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-04-06 13:22 - 2015-10-30 00:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-04-06 13:22 - 2015-10-30 00:28 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-04-06 13:03 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2016-04-06 13:03 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2016-04-06 13:03 - 2015-10-30 01:19 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2016-04-06 13:03 - 2015-10-30 01:19 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2016-04-06 13:03 - 2015-10-30 01:19 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2016-04-06 13:03 - 2015-10-30 01:19 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2016-04-06 13:03 - 2015-10-30 01:19 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2016-04-06 13:03 - 2015-10-30 01:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2016-04-06 13:03 - 2015-10-30 01:18 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2016-04-06 13:03 - 2015-10-30 01:18 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2016-04-06 13:03 - 2015-10-30 01:18 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2016-04-06 13:03 - 2015-10-30 01:18 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2016-04-06 13:03 - 2015-10-30 01:18 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2016-04-06 13:03 - 2015-10-30 01:18 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2016-04-06 12:53 - 2014-12-13 17:59 - 00000000 ____D C:\AMD
2016-04-06 12:40 - 2016-02-13 07:20 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-04-06 12:31 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\rescache
2016-04-06 12:30 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-04-06 12:28 - 2014-12-13 18:17 - 00030483 _____ C:\WINDOWS\diagwrn.xml
2016-04-06 12:28 - 2014-12-13 18:17 - 00030483 _____ C:\WINDOWS\diagerr.xml
2016-04-06 12:25 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\Registration
2016-04-06 12:24 - 2016-01-26 19:45 - 00002236 _____ C:\WINDOWS\System32\Tasks\AVG_SYS_TASK_0116tb_DELETE
2016-04-06 12:24 - 2014-12-13 18:45 - 00022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2016-04-06 12:24 - 2013-07-25 17:15 - 00002808 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-128070282-2949247487-322690973-1002
2016-04-06 12:24 - 2013-07-25 17:07 - 00003290 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-04-06 12:24 - 2013-07-25 17:07 - 00003062 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-04-06 12:24 - 2013-04-04 04:42 - 00002316 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-128070282-2949247487-322690973-500
2016-04-06 12:24 - 2013-04-04 03:10 - 00002340 _____ C:\WINDOWS\System32\Tasks\MirageAgent
2016-04-06 12:24 - 2013-04-04 02:49 - 00002048 _____ C:\WINDOWS\System32\Tasks\Synaptics TouchPad Enhancements
2016-04-06 12:15 - 2015-06-30 17:53 - 00000000 ____D C:\Program Files\Common Files\AV
2016-04-06 12:14 - 2015-10-30 01:24 - 00000000 __RHD C:\Users\Public\Libraries
2016-04-06 12:14 - 2015-10-30 01:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-04-06 12:14 - 2014-10-02 19:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-04-06 12:07 - 2016-02-13 07:11 - 00349312 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-04-06 12:05 - 2015-10-30 01:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-04-06 12:05 - 2015-10-30 00:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-04-06 12:05 - 2015-02-14 23:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-04-06 12:05 - 2013-12-15 13:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-04-06 12:05 - 2013-09-05 23:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-04-06 12:05 - 2013-04-04 03:10 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2016-04-06 12:05 - 2013-04-04 02:57 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2016-04-06 12:05 - 2012-10-19 20:46 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-04-06 12:05 - 2012-10-19 20:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2016-04-06 12:05 - 2012-10-19 20:33 - 00000000 ____D C:\WINDOWS\en
2016-04-06 12:03 - 2013-08-22 07:36 - 00000000 ____D C:\Users\Default.migrated
2016-04-06 11:53 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2016-04-06 11:53 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2016-04-06 11:53 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2016-04-06 11:53 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2016-04-06 11:53 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\SysWOW64\et-EE
2016-04-06 11:53 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2016-04-06 11:53 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-04-06 11:53 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2016-04-06 11:53 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2016-04-06 11:53 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2016-04-06 11:53 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\IME
2016-04-06 11:53 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\et-EE
2016-04-06 11:53 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\en-GB
2016-04-06 11:53 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2016-04-06 11:53 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2016-04-06 11:50 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-04-06 11:50 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\InputMethod
2016-04-06 11:50 - 2014-11-10 17:19 - 00000000 ____D C:\WINDOWS\system32\AutoUpdateLicense
2016-04-06 11:50 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\MediaViewer
2016-04-06 11:49 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\ADFS
2016-04-06 11:48 - 2015-10-30 01:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-04-06 11:48 - 2014-09-24 03:50 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Embedded Lockdown Manager
2016-04-06 11:48 - 2013-07-25 16:38 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
2016-04-06 11:48 - 2012-10-19 20:41 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2016-04-06 11:48 - 2012-10-19 20:26 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2016-04-06 11:48 - 2012-10-19 20:21 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2016-04-06 11:48 - 2012-08-03 16:29 - 00000000 ____D C:\ProgramData\PRICache
2016-04-06 11:46 - 2014-12-28 17:28 - 00000000 ____D C:\Users\Beth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EndUserUpgradeTool
2016-04-06 11:42 - 2015-10-30 00:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-04-06 10:30 - 2016-02-13 08:21 - 00000000 ___HD C:\$WINDOWS.~BT
2016-04-05 17:25 - 2014-10-02 18:36 - 00000000 ____D C:\Users\Beth\Documents\Youcam
2016-04-05 16:04 - 2013-08-14 22:32 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-04-05 15:56 - 2013-08-06 21:26 - 143659408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-05 14:26 - 2014-10-02 18:43 - 00000000 ____D C:\Users\Beth\AppData\Local\Avg2015
2016-04-05 11:05 - 2013-08-22 09:36 - 00000000 ___RD C:\WINDOWS\ToastData
2016-03-18 10:44 - 2013-12-15 13:10 - 00000000 ____D C:\Program Files\Microsoft Office 15

==================== Files in the root of some directories =======

2016-04-05 15:28 - 2016-04-05 15:28 - 0109915 _____ () C:\Users\Beth\AppData\Local\ars.cache
2016-04-05 15:29 - 2016-04-05 15:29 - 0359194 _____ () C:\Users\Beth\AppData\Local\census.cache
2016-04-05 14:31 - 2016-04-05 14:31 - 0000036 _____ () C:\Users\Beth\AppData\Local\housecall.guid.cache
2013-07-25 16:40 - 2013-07-25 16:40 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

Some files in TEMP:
====================
C:\Users\Beth\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Beth\AppData\Local\Temp\libeay32.dll
C:\Users\Beth\AppData\Local\Temp\msvcr120.dll
C:\Users\Beth\AppData\Local\Temp\sqlite3.dll
C:\Users\Beth\AppData\Local\Temp\tmp64D2.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-04-06 11:34

==================== End of FRST.txt

broni · 2016/04/13

This is not correct log.

mtnet · 2016/04/15

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Beth (2016-04-15 11:02:24)
Running from C:\Users\Beth\Downloads
Windows 10 Home Version 1511 (X64) (2016-04-06 18:38:22)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-128070282-2949247487-322690973-500 - Administrator - Disabled)
Beth (S-1-5-21-128070282-2949247487-322690973-1002 - Administrator - Enabled) => C:\Users\Beth
DefaultAccount (S-1-5-21-128070282-2949247487-322690973-503 - Limited - Disabled)
Guest (S-1-5-21-128070282-2949247487-322690973-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-128070282-2949247487-322690973-1004 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6189 - AVG Technologies)
AVG 2015 (Version: 15.0.4545 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.6189 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.2.8.608 - AVG Technologies)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3.6326 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.3.2608 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.7.4528 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.5.5811 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
G'zOne Commando 4G LTE USB Driver (HKLM-x32\...\{99E1CC2D-EB4F-498B-B6ED-492654677E7E}) (Version: 5.30.17.1 - NEC CASIO Mobile Communications, Ltd.)
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1218 - Hewlett-Packard)
HP Documentation (HKLM-x32\...\{711EA7BB-5FF5-487F-8379-46BB5696FE40}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{C2E428EB-116E-41C0-9E84-B22DE9CCA42F}) (Version: 1.1.6232.4245 - Hewlett-Packard)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.8 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company)
iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4805.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
OEM Application Profile (HKLM-x32\...\{C89A97B6-F991-EBB5-77B7-927BCF420EBE}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29034 - Realtek Semiconductor Corp.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.1 - Synaptics Incorporated)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VZ-TL-PC (HKLM-x32\...\{9A25A804-4303-4787-B2DE-99AD745B1CBB}) (Version: 1.1.6 - NEC CASIO Mobile Communications, Ltd.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-128070282-2949247487-322690973-1002_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Beth\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02EE324A-60EF-40C6-AB37-38C185CF9015} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-03-21] (Advanced Micro Devices, Inc.)
Task: {062B4743-26F9-4AA1-B3A4-AA0513A777D0} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-03-18] (Microsoft Corporation)
Task: {0CAEEDEC-3F72-45B8-A8F1-F0B689821F1F} - System32\Tasks\AVG_SYS_TASK_0116tb_DELETE => C:\ProgramData\Avg_Update_0116tb\AVG-Secure-Search-Update_0116tb.exe
Task: {0E6AB2C6-B461-41E7-9B73-2B47B9671611} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2016-01-07] (Synaptics Incorporated)
Task: {0F372550-861D-43A9-BEC7-121494386F73} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {122909A1-99E1-4984-8054-4C516F597ED8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {2DCF92D9-925A-492D-AC3D-CD88E2CFCA3D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {3E1F5A42-BFD1-4606-8977-C257730EDC1A} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-10-12] (CyberLink)
Task: {52F52C53-501D-4612-957D-DF26CAB30FC2} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {6CBE3370-CB61-4A58-9209-5ECAAD29E94A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {6F069FB1-BE8F-442F-AD7C-0574138A5EAC} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {6F4BCB05-1323-4300-9400-A2EF0BCC22CF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {8E997508-5246-4C2B-B655-5530858CD8B2} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {9FC171D9-AF1F-4B55-A46E-AC9E39C60227} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {A375B280-728F-4C55-BCD7-8F0998CE9F68} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {C10E754A-EAE3-44C7-9BBC-45E7F009DBAD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {C158A210-27D2-4ECA-9E23-FC4F5A7F8626} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {CF4C1BA7-89D7-4B86-9402-88E2C825DBB4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {DF307D46-2137-4F76-AFAF-C9AB8EBD2815} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {E47EE88C-02EA-43A7-9BBD-B3BFDBE4F9C0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {E51E7408-FCB1-4790-8201-DBD549CAF3F9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {E99D8317-5B85-4094-96DB-B6261778E7ED} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {F31C59BA-058C-459F-A041-664235BD8D08} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {F5D15715-5267-4512-8FE4-51DE879EF34C} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {FB70780F-67AE-48FE-8E15-8960C08627DE} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {FCFC7056-38C9-4891-9E73-EFFAD80C8EA7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-03-11] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\AVG_SYS_TASK_0116tb_DELETE.job =>
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 01:18 - 2015-10-30 01:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-25 12:24 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2016-04-13 10:57 - 2016-03-29 04:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 10:57 - 2016-03-29 04:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-10-28 21:29 - 2015-09-01 10:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-04-13 10:56 - 2016-04-01 20:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-04-13 10:57 - 2016-04-01 20:59 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-02-13 06:54 - 2016-02-13 06:54 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-04-13 10:55 - 2016-04-01 21:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-04-13 10:56 - 2016-04-01 21:03 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-04-13 10:56 - 2016-04-01 21:00 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-04-13 10:57 - 2016-04-01 21:02 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-04-13 10:56 - 2016-04-01 20:58 - 00529408 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.NodeWinrtWrap.dll
2015-10-30 01:18 - 2016-02-13 07:03 - 00037888 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\winrt-projections\bin\Winrt_Projections.node
2015-10-30 01:18 - 2016-02-13 07:02 - 00796160 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http\bin\NodeRT_Windows_Web_Http.node
2015-10-30 01:18 - 2016-02-13 07:02 - 00961024 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.headers\bin\NodeRT_Windows_Web_Http_Headers.node
2015-10-30 01:18 - 2016-02-13 07:02 - 00206336 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.filters\bin\NodeRT_Windows_Web_Http_Filters.node
2015-10-30 01:18 - 2016-02-13 07:02 - 00558592 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.storage.streams\bin\NodeRT_Windows_Storage_Streams.node
2015-10-30 01:18 - 2016-02-13 07:03 - 00397824 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.foundation\bin\NodeRT_Windows_Foundation.node
2015-10-30 01:18 - 2016-02-13 07:02 - 00181248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\nodert-buffer-utils\bin\NodeRT_Buffer_Utils.node
2015-10-30 01:18 - 2016-02-13 07:02 - 00093696 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.security.cryptography\bin\NodeRT_Windows_Security_Cryptography.node
2015-10-30 01:18 - 2016-02-13 07:02 - 00200192 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.cortana.pal\bin\NodeRT_Windows_Cortana_PAL.node
2016-04-06 13:47 - 2016-04-06 13:48 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-08-21 22:09 - 2015-08-21 22:09 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2016-04-06 13:48 - 2016-04-06 13:48 - 10244608 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_2016.29.13.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2016-03-18 10:40 - 2016-03-18 10:40 - 00325824 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2016-04-06 13:47 - 2016-04-06 13:48 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-06 13:47 - 2016-04-06 13:48 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-04-11 17:59 - 2016-04-06 04:04 - 01675928 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\libglesv2.dll
2016-04-11 17:59 - 2016-04-06 04:04 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-128070282-2949247487-322690973-1002\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 192.168.5.130 - 206.127.64.131
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "iTunesHelper "
HKLM\...\StartupApproved\Run32: => "APSDaemon "
HKLM\...\StartupApproved\Run32: => "AVG_UI "
HKLM\...\StartupApproved\Run32: => "vProt "

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{B98F739D-11A8-465A-99D1-73BF020495E3}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{C2E021DB-8205-459F-9736-87F5BCD4870D}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{4BC6176B-CEB0-4052-B491-35D628C98FCA}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{331E8D1A-45D2-4F08-85B7-22216C14225F}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{B1139CBB-9C11-4C6F-A77E-BD9FF741299D}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{694189EB-7288-4870-899E-DE7E7156FBF1}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{37D0D5CF-704E-4D1D-9703-924A4B9760D4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7DE9B8C1-4D82-4EB5-85E7-F0F41202E436}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7DB68511-DD4C-4633-9C43-3273109A5632}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4E7A5851-3D0E-4EB3-B55C-FE8383063AED}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{63F1E2F1-B597-4815-866C-1AD074CBA59B}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{FDD7D54A-758A-479D-AAEC-3ACBEC4D9405}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{700F49E4-DFCA-4578-A171-33287B230557}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{CFB81582-BEFD-43B3-AF8A-6106CF8E47B8}] => (Allow) LPort=2869
FirewallRules: [{0EB35F5A-3462-4420-8D1B-939E8E630BCF}] => (Allow) LPort=1900
FirewallRules: [{274CDE73-75C0-4514-8167-FDA5AE96C20A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{6AC1C35D-3346-4ED0-BBB0-3F30F20C6299}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{785AE4E5-DF6B-4E62-948C-D8DE6B0397C3}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{156676FB-2714-4E44-9E02-50BD1716B874}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{ED1153AB-1C7B-4F69-A558-1ACD1B20E9E0}] => (Allow) LPort=53000
FirewallRules: [{702D94DF-EE39-4BE8-B25E-189390195392}] => (Allow) LPort=52000

==================== Restore Points =========================

07-04-2016 11:51:43 Windows Update
11-04-2016 18:01:44 Windows Update
12-04-2016 09:22:28 JRT Pre-Junkware Removal
13-04-2016 12:29:43 Windows Modules Installer

==================== Faulty Device Manager Devices =============

Name: Qualcomm Atheros AR9485 802.11b/g/n WiFi Adapter
Description: Qualcomm Atheros AR9485 802.11b/g/n WiFi Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action ", and then click "Enable Device ". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (04/14/2016 09:40:47 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (04/14/2016 12:53:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SkypeHost.exe, version: 10.1.2123.10, time stamp: 0x569054dc
Faulting module name: SkyWrap.dll, version: 10.1.2123.10, time stamp: 0x569054c9
Exception code: 0xc0010003
Fault offset: 0x001fbcdc
Faulting process id: 0x1574
Faulting application start time: 0xSkypeHost.exe0
Faulting application path: SkypeHost.exe1
Faulting module path: SkypeHost.exe2
Report Id: SkypeHost.exe3
Faulting package full name: SkypeHost.exe4
Faulting package-relative application ID: SkypeHost.exe5

Error: (04/13/2016 12:29:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (04/12/2016 09:23:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SkypeHost.exe, version: 10.1.2123.10, time stamp: 0x569054dc
Faulting module name: SkyWrap.dll, version: 10.1.2123.10, time stamp: 0x569054c9
Exception code: 0xc0000005
Fault offset: 0x001f38a8
Faulting process id: 0x1dac
Faulting application start time: 0xSkypeHost.exe0
Faulting application path: SkypeHost.exe1
Faulting module path: SkypeHost.exe2
Report Id: SkypeHost.exe3
Faulting package full name: SkypeHost.exe4
Faulting package-relative application ID: SkypeHost.exe5

Error: (04/12/2016 09:23:43 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BETHSPC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (04/12/2016 09:22:47 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (04/11/2016 06:02:14 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (04/11/2016 04:57:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BETHSPC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (04/11/2016 04:09:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.10586.122, time stamp: 0x56cc0133
Faulting module name: ntdll.dll, version: 10.0.10586.122, time stamp: 0x56cbf9dd
Exception code: 0xc0000374
Fault offset: 0x00000000000ee6dc
Faulting process id: 0x514
Faulting application start time: 0xShellExperienceHost.exe0
Faulting application path: ShellExperienceHost.exe1
Faulting module path: ShellExperienceHost.exe2
Report Id: ShellExperienceHost.exe3
Faulting package full name: ShellExperienceHost.exe4
Faulting package-relative application ID: ShellExperienceHost.exe5

Error: (04/11/2016 04:08:57 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: BETHSPC)
Description: Package Microsoft.WindowsStore_2016.29.13.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.

System errors:
=============
Error: (04/14/2016 12:41:39 PM) (Source: DCOM) (EventID: 10016) (User: BETHSPC)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}BethsPCBethS-1-5-21-128070282-2949247487-322690973-1002LocalHost (Using LRPC)Microsoft.Windows.FeatureOnDemand.InsiderHub_10.0.10586.0_neutral_neutral_cw5n1h2txyewyS-1-15-2-4016783169-893401051-2237370320-274899566-412088533-2398988950-2155762795

Error: (04/14/2016 10:00:24 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Sync Host_43ae2 service terminated with the following error:
%%5

Error: (04/14/2016 10:00:18 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The User Data Access_43ae2 service terminated with the following error:
%%2147746132

Error: (04/14/2016 10:00:04 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_43ae2 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/14/2016 10:00:04 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_43ae2 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/14/2016 10:00:04 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_43ae2 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/14/2016 10:00:04 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_43ae2 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/14/2016 10:00:03 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/12/2016 12:41:22 PM) (Source: DCOM) (EventID: 10016) (User: BETHSPC)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}BethsPCBethS-1-5-21-128070282-2949247487-322690973-1002LocalHost (Using LRPC)Microsoft.Windows.FeatureOnDemand.InsiderHub_10.0.10586.0_neutral_neutral_cw5n1h2txyewyS-1-15-2-4016783169-893401051-2237370320-274899566-412088533-2398988950-2155762795

Error: (04/12/2016 09:23:43 AM) (Source: DCOM) (EventID: 10010) (User: BETHSPC)
Description: CortanaUI.AppXx19q0gyvntjc9d3jsjsfaertqgy617se.mca

CodeIntegrity:
===================================
Date: 2016-04-14 10:08:18.490
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-04-14 01:17:47.100
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-04-07 11:55:42.161
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-04-06 12:15:42.574
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-04-06 12:12:07.248
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-04-06 11:36:27.570
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD E1-1500 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 47%
Total physical RAM: 3682.26 MB
Available physical RAM: 1944.87 MB
Total Virtual: 4322.26 MB
Available Virtual: 2322.34 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:274.4 GB) (Free:213.15 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:22.11 GB) (Free:2.72 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 1E1F4777)

Partition: GPT.

==================== End of Addition.txt ============================

Log in or Sign up

Solved a really slow laptop

mtnet Member Thread Starter

broni Moderator Malware Analyst

mtnet Member Thread Starter

mtnet Member Thread Starter

mtnet Member Thread Starter

mtnet Member Thread Starter

broni Moderator Malware Analyst

mtnet Member Thread Starter

mtnet Member Thread Starter

mtnet Member Thread Starter

mtnet Member Thread Starter

mtnet Member Thread Starter

mtnet Member Thread Starter

broni Moderator Malware Analyst

mtnet Member Thread Starter

mtnet Member Thread Starter

broni Moderator Malware Analyst

mtnet Member Thread Starter

broni Moderator Malware Analyst

mtnet Member Thread Starter

Share This Page

Log in or Sign up

Solved a really slow laptop

mtnet Member Thread Starter

broni Moderator Malware Analyst

mtnet Member Thread Starter

mtnet Member Thread Starter

mtnet Member Thread Starter

mtnet Member Thread Starter

broni Moderator Malware Analyst

mtnet Member Thread Starter

mtnet Member Thread Starter

mtnet Member Thread Starter

mtnet Member Thread Starter

mtnet Member Thread Starter

mtnet Member Thread Starter

broni Moderator Malware Analyst

mtnet Member Thread Starter

mtnet Member Thread Starter

broni Moderator Malware Analyst

mtnet Member Thread Starter

broni Moderator Malware Analyst

mtnet Member Thread Starter

Share This Page

Useful Searches