Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Possible Trojan/Rootkit?

This is a discussion on Possible Trojan/Rootkit? within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hi, I'm experiencing an issue where I can't open any of the icons on my taskbar, can't access pictures (The


 
 
Thread Tools Search this Thread
Old 10-19-2016, 04:35 AM   #1
Registered Member
 
Join Date: Oct 2016
Posts: 12
OS: Windows 10



Hi, I'm experiencing an issue where I can't open any of the icons on my taskbar, can't access pictures (The remote procedure call failed.) and I can't access video files (Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item.). For reference, it sounds a lot like a previous thread I read (https://www.techsupportforum.com/foru...-425946-2.html), however, I'd rather have live support then follow the steps there.

I have Zonealarm firewall and BitDefender Antivirus active.

[LOGS]

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.14393.0 BrowserJavaVersion: 11.101.2
Run by Andrew Hoyland at 22:29:32 on 2016-10-19
Microsoft Windows 10 Home 10.0.14393.0.1252.1.1033.18.12238.8202 [GMT 11:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus Free Edition *Enabled/Updated* {3FB17364-4FCC-0FA7-6BBF-973897395371}
SP: Bitdefender Antivirus Free Edition *Enabled/Updated* {84D09280-69F6-0029-510F-AC4AECBE19CC}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Free Firewall Firewall *Enabled* {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\dashost.exe
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\sysWow64\CtHdaSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\WINDOWS\system32\svchost.exe -k iissvcs
C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\WINDOWS\system32\taskhostw.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\AlienRespawn\TOASTER.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\AlienRespawn\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
svchost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Users\Andrew Hoyland\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Alienware\Command Center\AlienFusionService.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Alienware\Command Center\AlienFusionController.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Andrew Hoyland\AppData\Local\Discord\app-0.0.296\Discord.exe
C:\Users\Andrew Hoyland\AppData\Local\Discord\app-0.0.296\Discord.exe
C:\Users\Andrew Hoyland\AppData\Local\Discord\app-0.0.296\Discord.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\SysWoW64\NOTEPAD.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\WINDOWS\system32\AUDIODG.EXE
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\AlienRespawn\sftservice.EXE
C:\WINDOWS\System32\svchost.exe -k WerSvcGroup
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\System32\LocationNotificationWindows.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - <orphaned>
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll
uRun: [Dropbox Update] "C:\Users\Andrew Hoyland\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
uRun: [BingSvc] C:\Users\Andrew Hoyland\AppData\Local\Microsoft\BingSvc\BingSvc.exe
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [iCloudDrive] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRun: [f.lux] "C:\Users\Andrew Hoyland\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
uRun: [Discord] C:\Users\Andrew Hoyland\AppData\Local\Discord\app-0.0.296\Discord.exe
uRunOnce: [Uninstall C:\Users\Andrew Hoyland\AppData\Local\Microsoft\OneDrive\17.3.5951.0827_1\amd64] C:\WINDOWS\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Andrew Hoyland\AppData\Local\Microsoft\OneDrive\17.3.5951.0827_1\amd64"
uRunOnce: [Uninstall C:\Users\Andrew Hoyland\AppData\Local\Microsoft\OneDrive\17.3.5951.0827_1] C:\WINDOWS\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Andrew Hoyland\AppData\Local\Microsoft\OneDrive\17.3.5951.0827_1"
mRun: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
mRun: [PDVD9LanguageShortcut] c:\program files (x86)\cyberlink\powerdvd9\language\language.exe
mRun: [IAStorIcon] c:\program files (x86)\intel\intel(r) rapid storage technology\iastoricon.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [UpdReg] C:\WINDOWS\UpdReg.EXE
mRun: [Sound Blaster Recon3Di Control Panel] "C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe" /r
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
mRun: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
mPolicies-System: DSCAutomationHostEnabled = dword:2
IE: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_91-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0091-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_91-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_91-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{e02bb29d-6561-449e-a9d4-66ecb8a3b9d0} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{e02bb29d-6561-449e-a9d4-66ecb8a3b9d0}\1405F5631363633313336383 : DHCPNameServer = 10.10.100.254
TCP: Interfaces\{f5f7a027-09a3-4ec5-8987-e6a47d68c131} : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-mStart Page = about:blank
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Command Center Controllers] c:\program files\alienware\command center\awccstartuporchestrator.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-Run: [ShadowPlay] "C:\WINDOWS\System32\rundll32.exe" C:\WINDOWS\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 EMSC;COMPAL Embedded System Control;C:\WINDOWS\System32\drivers\EMSC.sys [2009-6-27 16752]
R0 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2016-7-16 673120]
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2016-7-16 48152]
R0 iorate;iorate;C:\WINDOWS\System32\drivers\iorate.sys [2016-7-16 45920]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\WINDOWS\System32\drivers\iusb3hcs.sys [2013-5-18 16152]
R0 PxHlpa64;PxHlpa64;C:\WINDOWS\System32\drivers\PxHlpa64.sys [2013-5-17 56336]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\WINDOWS\System32\drivers\stdcfltn.sys [2013-5-18 22128]
R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2016-7-16 16224]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2016-7-16 107032]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2016-7-16 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2016-8-26 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2016-7-16 227328]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2016-7-16 88576]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2016-7-16 8192]
R1 gzflt;gzflt;C:\WINDOWS\System32\drivers\gzflt.sys [2016-6-28 148696]
R2 AdobeUpdateService;AdobeUpdateService;C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [2016-8-24 744640]
R2 AGSService;Adobe Genuine Software Integrity Service;C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2015-9-4 2207960]
R2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2012-2-10 14664]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2016-3-2 83768]
R2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R2 CDPUserSvc_53549;CDPUserSvc_53549;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 clreg;Virtual Registry for Containers;C:\WINDOWS\System32\drivers\registry.sys [2016-7-16 70144]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2016-7-16 44496]
R2 CtHdaSvc;Sound Core3D Service;C:\Windows\SysWOW64\CtHdaSvc.exe [2015-6-12 133640]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2015-3-18 822496]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2016-7-16 44496]
R2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 gzserv;Bitdefender Antivirus Free Edition;C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [2016-6-28 79552]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-5-17 13592]
R2 NvContainerLocalSystem;NVIDIA LocalSystem Container;C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2016-9-22 455616]
R2 NVIDIA Wireless Controller Service;NVIDIA Wireless Controller Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [2016-9-22 1163712]
R2 OneSyncSvc_53549;Sync Host_53549;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2014-10-8 534184]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\AlienRespawn\SftService.exe [2013-5-17 1695040]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe [2016-9-22 426040]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2016-7-16 78336]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2016-9-30 119648]
R2 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2016-7-16 66560]
R2 WpnService;Windows Push Notifications System Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 ZAPrivacyService;ZoneAlarm Privacy Service;C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [2016-6-30 114424]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\WINDOWS\System32\drivers\AmpPal.sys [2012-1-10 195584]
R3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\WINDOWS\System32\drivers\CtClsFlt.sys [2013-5-17 172704]
R3 cthda;Sound Core3D(CtHda.sys);C:\WINDOWS\System32\drivers\cthda.sys [2015-6-12 1075496]
R3 DellRbtn;Airplane Mode Switch;C:\WINDOWS\System32\drivers\DellRbtn.sys [2015-8-15 19440]
R3 ibtfltcoex;Intel Corporation;C:\WINDOWS\System32\drivers\ibtfltcoex.sys [2015-7-1 79632]
R3 kiox_ff_driver;Kionix freefall detection service;C:\WINDOWS\System32\drivers\kiox_ff_driver.sys [2015-6-15 41456]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\WINDOWS\System32\drivers\L1C62x64.sys [2014-4-21 128200]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2016-7-16 20480]
R3 NETwNe64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;C:\WINDOWS\System32\drivers\NETwew01.sys [2016-7-16 3343872]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\WINDOWS\System32\drivers\nvvad64v.sys [2016-6-16 46016]
R3 PimIndexMaintenanceSvc_53549;Contact Data_53549;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\WINDOWS\System32\drivers\RtsPStor.sys [2015-6-3 374016]
R3 Sftfs;Sftfs;C:\WINDOWS\System32\drivers\Sftfslh.sys [2014-10-8 766632]
R3 Sftplay;Sftplay;C:\WINDOWS\System32\drivers\Sftplaylh.sys [2014-10-8 273576]
R3 Sftredir;Sftredir;C:\WINDOWS\System32\drivers\Sftredirlh.sys [2014-10-8 29352]
R3 Sftvol;Sftvol;C:\WINDOWS\System32\drivers\Sftvollh.sys [2014-10-8 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2014-10-8 211104]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
R3 UnistoreSvc_53549;User Data Storage_53549;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 USBAAPL64;Apple Mobile USB Driver;C:\WINDOWS\System32\drivers\usbaapl64.sys [2015-6-11 54784]
R3 UserDataSvc_53549;User Data Access_53549;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 wisvc;Windows Insider Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 XtuAcpiDriver;Intel(R) Extreme Tuning Utility Service;C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [2015-6-6 63840]
S1 bdfwfpf;bdfwfpf;C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [2016-6-28 121928]
S2 CLKMSVC10_9EC60124;CyberLink Product - 2013/05/17 07:35:01;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2011-8-12 248304]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2016-7-16 44496]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2016-5-23 324224]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-7-16 18432]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2016-7-16 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\WINDOWS\System32\drivers\AmpPal.sys [2012-1-10 195584]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2016-7-16 15360]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2016-7-16 44496]
S3 avckf;avckf;C:\WINDOWS\System32\drivers\avckf.sys [2016-6-28 593144]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2016-7-16 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2016-7-16 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2016-7-16 44496]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2016-7-16 38912]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2016-7-16 117248]
S3 CEDRIVER60;CEDRIVER60;C:\Program Files (x86)\Cheat Engine 6.4\dbk64.sys [2015-5-9 64064]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-7-16 346976]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-7-16 2104160]
S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2016-3-17 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2016-3-17 79360]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2016-7-16 93184]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 EasyAntiCheat;EasyAntiCheat;C:\WINDOWS\System32\EasyAntiCheat.exe --> C:\WINDOWS\System32\EasyAntiCheat.exe [?]
S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2016-7-16 44496]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2016-7-16 20480]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2016-7-16 50016]
S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2016-7-16 33280]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2016-7-16 81408]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-7-16 64512]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2016-7-16 176384]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2016-7-16 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2016-7-16 113152]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2016-7-16 526176]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-7-16 35840]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2016-7-16 105824]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2016-7-16 101216]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2016-10-12 64352]
S3 MessagingService_53549;MessagingService_53549;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2016-7-16 842584]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2016-7-16 108896]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2016-7-16 90624]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\WINDOWS\System32\drivers\nusb3hub.sys [2012-3-2 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\WINDOWS\System32\drivers\nusb3xhc.sys [2012-3-2 180736]
S3 NvContainerNetworkService;NVIDIA NetworkService Container;C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2016-9-22 455616]
S3 NvStreamKms;NVIDIA KMS;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2016-10-11 27584]
S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\WINDOWS\System32\drivers\nvstusb.sys [2013-5-18 449384]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2016-7-16 58720]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2016-7-16 61792]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2016-7-16 928608]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2016-7-16 88416]
S3 scmdisk0101;Microsoft NVDIMM-N disk driver;C:\WINDOWS\System32\drivers\scmdisk0101.sys [2016-7-16 123904]
S3 ScreamBAudioSvc;ScreamBee Audio;C:\WINDOWS\System32\drivers\ScreamingBAudio64.sys [2014-2-7 38992]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2016-9-15 1312768]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2016-7-16 151904]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2016-7-16 44496]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2016-9-30 81760]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2016-7-16 32096]
S3 tap0901cn;Speedify Virtual Adapter;C:\WINDOWS\System32\drivers\tap0901cn.sys [2014-12-6 39616]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2016-7-16 287744]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2016-7-16 95744]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2016-7-16 108544]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2016-7-16 50688]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2016-7-16 45568]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2016-7-16 28512]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2016-7-16 263008]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2016-7-16 96608]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2016-7-16 137056]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2016-7-16 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2016-7-16 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2016-7-16 27488]
S3 UsoSvc;Update Orchestrator Service for Windows Update;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 VBAudioVACMME;@oem43.inf,%DeviceName% (WDM);VB-Audio Virtual Cable (WDM);C:\WINDOWS\System32\drivers\vbaudio_cable64_win7.sys [2014-10-11 41192]
S3 VBAudioVMAUXVAIOMME;@oem185.inf,%DeviceName% (WDM);VB-Audio VoiceMeeter AUX VAIO (WDM);C:\WINDOWS\System32\drivers\vbaudio_vmauxvaio64_win7.sys [2015-9-5 41192]
S3 VBAudioVMVAIOMME;@oem184.inf,%DeviceName% (WDM);VB-Audio VoiceMeeter VAIO (WDM);C:\WINDOWS\System32\drivers\vbaudio_vmvaio64_win7.sys [2015-9-5 41192]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2016-7-16 32256]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2016-7-16 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 w3logsvc;W3C Logging Service;C:\WINDOWS\System32\svchost.exe -k apphost [2016-7-16 44496]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2016-9-30 719360]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2016-7-16 123232]
S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2016-7-16 347328]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2016-7-16 44496]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2016-7-16 32096]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2016-7-16 64864]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 WpnUserService_53549;Windows Push Notifications User Service_53549;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2016-7-16 216064]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2016-7-16 258560]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2016-9-1 43520]
S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
.
=============== File Associations ===============
.
ShellExec: SC2Editor.exe: open="C:/Program Files (x86)/StarCraft II/Support/SC2Editor.exe" "%1"
ShellExec: SC2Switcher.exe: open="C:/Program Files (x86)/StarCraft II/Support/SC2Switcher.exe" "%1"
.
=============== Created Last 30 ================
.
2016-10-18 08:21:39 -------- d-----w- C:\extensions
2016-10-12 01:56:40 6183104 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerInstaller.exe
2016-10-11 22:45:07 73216 ----a-w- C:\WINDOWS\System32\Windows.StateRepositoryBroker.dll
2016-10-11 22:45:07 4136960 ----a-w- C:\WINDOWS\System32\Windows.StateRepository.dll
2016-10-11 22:45:07 122880 ----a-w- C:\WINDOWS\System32\Windows.StateRepositoryClient.dll
2016-10-11 22:45:03 1656832 ----a-w- C:\WINDOWS\System32\GdiPlus.dll
2016-10-11 22:45:00 775168 ----a-w- C:\WINDOWS\System32\GamePanel.exe
2016-10-11 22:45:00 503808 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\Microsoft.Ink.dll
2016-10-10 06:22:59 -------- d-----w- C:\Users\Andrew Hoyland\AppData\Local\Deployment
2016-09-30 23:36:16 229048 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2016-09-30 08:12:45 -------- d-----w- C:\Users\Andrew Hoyland\AppData\Local\SLAM
2016-09-30 02:34:59 813568 ----a-w- C:\Program Files (x86)\Common Files\System\Ole DB\oledb32.dll
2016-09-30 02:33:59 988512 ----a-w- C:\WINDOWS\System32\hvax64.exe
2016-09-22 09:46:43 134712 ----a-w- C:\WINDOWS\SysWow64\nvStreaming.exe
2016-09-22 09:46:27 261920 ----a-w- C:\WINDOWS\System32\vulkan-1.dll
2016-09-22 09:46:27 125216 ----a-w- C:\WINDOWS\System32\vulkaninfo.exe
2016-09-22 09:46:26 269600 ----a-w- C:\WINDOWS\SysWow64\vulkan-1.dll
2016-09-22 09:46:26 110880 ----a-w- C:\WINDOWS\SysWow64\vulkaninfo.exe
2016-09-22 08:33:59 120256 ----a-w- C:\WINDOWS\System32\NvRtmpStreamer64.dll
2016-09-22 08:33:58 1842624 ----a-w- C:\WINDOWS\System32\nvspcap64.dll
2016-09-22 08:33:58 1755072 ----a-w- C:\WINDOWS\System32\nvspbridge64.dll
2016-09-22 08:33:58 1317312 ----a-w- C:\WINDOWS\SysWow64\nvspbridge.dll
2016-09-22 08:33:57 1444288 ----a-w- C:\WINDOWS\SysWow64\nvspcap.dll
2016-09-22 08:33:20 1951 ----a-w- C:\WINDOWS\NvContainerRecovery.bat
.
==================== Find3M ====================
.
2016-10-19 10:36:32 192216 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2016-10-19 10:32:24 109272 ----a-w- C:\WINDOWS\System32\drivers\mbamchameleon.sys
2016-10-19 10:11:22 153072 ------w- C:\WINDOWS\System32\drivers\rikvm_9EC60124.sys
2016-10-11 21:47:40 177664 ----a-w- C:\WINDOWS\SysWow64\Windows.Web.Diagnostics.dll
2016-10-11 21:47:28 783360 ----a-w- C:\WINDOWS\SysWow64\TSWorkspace.dll
2016-10-05 10:35:31 279904 ----a-w- C:\WINDOWS\System32\drivers\sdbus.sys
2016-10-05 10:34:30 894088 ----a-w- C:\WINDOWS\System32\winresume.exe
2016-10-05 10:34:29 1051104 ----a-w- C:\WINDOWS\System32\winresume.efi
2016-10-05 10:33:05 128864 ----a-w- C:\WINDOWS\System32\drivers\tm.sys
2016-10-05 10:31:27 2213248 ----a-w- C:\WINDOWS\System32\KernelBase.dll
2016-10-05 10:31:04 1353768 ----a-w- C:\WINDOWS\System32\winload.efi
2016-10-05 10:31:04 1172472 ----a-w- C:\WINDOWS\System32\winload.exe
2016-10-05 10:30:04 7812448 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2016-10-05 10:22:30 1181536 ----a-w- C:\WINDOWS\System32\drivers\ndis.sys
2016-10-05 10:17:31 1322848 ----a-w- C:\WINDOWS\System32\wpx.dll
2016-10-05 10:16:12 187232 ----a-w- C:\WINDOWS\System32\drivers\dumpsd.sys
2016-10-05 10:13:51 1859264 ----a-w- C:\WINDOWS\System32\Windows.ApplicationModel.Store.dll
2016-10-05 10:13:34 146784 ----a-w- C:\WINDOWS\System32\CloudExperienceHostCommon.dll
2016-10-05 10:12:49 619368 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
2016-10-05 10:12:25 2446696 ----a-w- C:\WINDOWS\System32\msxml6.dll
2016-10-05 10:12:12 1112928 ----a-w- C:\WINDOWS\System32\AppxPackaging.dll
2016-10-05 10:09:21 4129928 ----a-w- C:\WINDOWS\System32\mfcore.dll
2016-10-05 10:09:12 244816 ----a-w- C:\WINDOWS\System32\mfps.dll
2016-10-05 10:09:12 1071728 ----a-w- C:\WINDOWS\System32\mfnetcore.dll
2016-10-05 10:09:07 64352 ----a-w- C:\WINDOWS\System32\drivers\MegaSas2i.sys
2016-10-05 10:08:36 241504 ----a-w- C:\WINDOWS\System32\CloudExperienceHost.dll
2016-10-05 10:04:52 628032 ----a-w- C:\WINDOWS\System32\fontdrvhost.exe
2016-10-05 10:04:02 2537824 ----a-w- C:\WINDOWS\System32\drivers\tcpip.sys
2016-10-05 10:03:25 1705976 ----a-w- C:\WINDOWS\SysWow64\KernelBase.dll
2016-10-05 09:51:04 1430720 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.dll
2016-10-05 09:50:41 116576 ----a-w- C:\WINDOWS\SysWow64\CloudExperienceHostCommon.dll
2016-10-05 09:49:21 1980768 ----a-w- C:\WINDOWS\SysWow64\msxml6.dll
2016-10-05 09:48:51 1022304 ----a-w- C:\WINDOWS\SysWow64\AppxPackaging.dll
2016-10-05 09:46:27 3892352 ----a-w- C:\WINDOWS\SysWow64\mfcore.dll
2016-10-05 09:46:20 1360456 ----a-w- C:\WINDOWS\SysWow64\mfnetsrc.dll
2016-10-05 09:46:15 980824 ----a-w- C:\WINDOWS\SysWow64\mfnetcore.dll
2016-10-05 09:44:01 22568960 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2016-10-05 09:41:58 545944 ----a-w- C:\WINDOWS\SysWow64\fontdrvhost.exe
2016-10-05 09:38:50 584192 ----a-w- C:\WINDOWS\System32\UIRibbonRes.dll
2016-10-05 09:38:10 237568 ----a-w- C:\WINDOWS\System32\Windows.Web.Diagnostics.dll
2016-10-05 09:36:20 113664 ----a-w- C:\WINDOWS\System32\Windows.Networking.ServiceDiscovery.Dnssd.dll
2016-10-05 09:35:56 101888 ----a-w- C:\WINDOWS\System32\UserDeviceRegistration.Ngc.dll
2016-10-05 09:35:55 196096 ----a-w- C:\WINDOWS\System32\UserDeviceRegistration.dll
2016-10-05 09:35:28 327680 ----a-w- C:\WINDOWS\System32\wc_storage.dll
2016-10-05 09:35:26 352768 ----a-w- C:\WINDOWS\System32\cloudAP.dll
2016-10-05 09:34:11 144896 ----a-w- C:\WINDOWS\System32\drivers\dfsc.sys
2016-10-05 09:34:07 463360 ----a-w- C:\WINDOWS\System32\daxexec.dll
2016-10-05 09:33:53 296960 ----a-w- C:\WINDOWS\System32\mfsensorgroup.dll
2016-10-05 09:33:50 157696 ----a-w- C:\WINDOWS\System32\credprovs.dll
2016-10-05 09:33:18 651264 ----a-w- C:\WINDOWS\System32\Windows.Devices.AllJoyn.dll
2016-10-05 09:33:11 268800 ----a-w- C:\WINDOWS\System32\UserMgrProxy.dll
2016-10-05 09:32:52 223744 ----a-w- C:\WINDOWS\System32\Windows.Networking.HostName.dll
2016-10-05 09:32:27 379904 ----a-w- C:\WINDOWS\System32\apprepsync.dll
2016-10-05 09:32:19 590336 ----a-w- C:\WINDOWS\System32\efswrt.dll
2016-10-05 09:32:09 146432 ----a-w- C:\WINDOWS\System32\AuthBroker.dll
2016-10-05 09:31:59 837632 ----a-w- C:\WINDOWS\System32\wbiosrvc.dll
2016-10-05 09:31:53 425472 ----a-w- C:\WINDOWS\System32\bcdedit.exe
2016-10-05 09:31:50 561664 ----a-w- C:\WINDOWS\System32\Windows.ApplicationModel.Wallet.dll
2016-10-05 09:31:41 176128 ----a-w- C:\WINDOWS\System32\apprepapi.dll
2016-10-05 09:31:29 58880 ----a-w- C:\WINDOWS\SysWow64\ConfigureExpandedStorage.dll
2016-10-05 09:31:26 480768 ----a-w- C:\WINDOWS\System32\dsreg.dll
2016-10-05 09:31:11 748544 ----a-w- C:\WINDOWS\System32\ChatApis.dll
2016-10-05 09:30:16 396800 ----a-w- C:\WINDOWS\System32\ncsi.dll
2016-10-05 09:29:58 956416 ----a-w- C:\WINDOWS\System32\AppXDeploymentExtensions.desktop.dll
2016-10-05 09:29:27 1145856 ----a-w- C:\WINDOWS\System32\EmailApis.dll
2016-10-05 09:29:19 368640 ----a-w- C:\WINDOWS\System32\nlasvc.dll
2016-10-05 09:29:14 6285312 ----a-w- C:\WINDOWS\System32\Windows.Media.dll
2016-10-05 09:29:12 9129984 ----a-w- C:\WINDOWS\System32\twinui.dll
2016-10-05 09:28:35 584192 ----a-w- C:\WINDOWS\SysWow64\UIRibbonRes.dll
2016-10-05 09:28:30 406016 ----a-w- C:\WINDOWS\System32\AppXDeploymentClient.dll
2016-10-05 09:28:24 156672 ----a-w- C:\WINDOWS\SysWow64\UserDeviceRegistration.dll
2016-10-05 09:28:20 3059200 ----a-w- C:\WINDOWS\System32\msi.dll
2016-10-05 09:28:06 123904 ----a-w- C:\WINDOWS\SysWow64\Windows.Networking.HostName.dll
2016-10-05 09:27:14 94208 ----a-w- C:\WINDOWS\SysWow64\Windows.StateRepositoryClient.dll
2016-10-05 09:27:13 87040 ----a-w- C:\WINDOWS\SysWow64\Windows.Networking.ServiceDiscovery.Dnssd.dll
2016-10-05 09:27:05 945664 ----a-w- C:\WINDOWS\System32\WpcWebFilter.dll
2016-10-05 09:26:58 327680 ----a-w- C:\WINDOWS\SysWow64\daxexec.dll
2016-10-05 09:26:48 137216 ----a-w- C:\WINDOWS\SysWow64\credprovs.dll
2016-10-05 09:26:46 620544 ----a-w- C:\WINDOWS\System32\wbem\MDMSettingsProv.dll
2016-10-05 09:26:34 88576 ----a-w- C:\WINDOWS\SysWow64\UserDeviceRegistration.Ngc.dll
2016-10-05 09:26:33 590848 ----a-w- C:\WINDOWS\System32\vbscript.dll
2016-10-05 09:26:09 184320 ----a-w- C:\WINDOWS\SysWow64\UserMgrProxy.dll
2016-10-05 09:26:06 182784 ----a-w- C:\WINDOWS\SysWow64\mfsensorgroup.dll
2016-10-05 09:25:56 1589248 ----a-w- C:\WINDOWS\System32\msdtctm.dll
2016-10-05 09:25:36 299520 ----a-w- C:\WINDOWS\SysWow64\UserDataAccountApis.dll
2016-10-05 09:25:14 117760 ----a-w- C:\WINDOWS\SysWow64\AuthBroker.dll
2016-10-05 09:25:08 822784 ----a-w- C:\WINDOWS\SysWow64\Chakradiag.dll
2016-10-05 09:25:04 404992 ----a-w- C:\WINDOWS\SysWow64\dsreg.dll
2016-10-05 09:24:41 99328 ----a-w- C:\WINDOWS\System32\adsmsext.dll
2016-10-05 09:24:09 483840 ----a-w- C:\WINDOWS\SysWow64\Windows.Devices.AllJoyn.dll
2016-10-05 09:23:45 426496 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Wallet.dll
2016-10-05 09:23:38 187904 ----a-w- C:\WINDOWS\System32\dialclient.dll
2016-10-05 09:23:27 284672 ----a-w- C:\WINDOWS\SysWow64\apprepsync.dll
2016-10-05 09:23:27 1908224 ----a-w- C:\WINDOWS\System32\AzureSettingSyncProvider.dll
2016-10-05 09:23:14 125952 ----a-w- C:\WINDOWS\SysWow64\apprepapi.dll
2016-10-05 09:23:05 431616 ----a-w- C:\WINDOWS\SysWow64\efswrt.dll
2016-10-05 09:22:55 7654912 ----a-w- C:\WINDOWS\System32\mos.dll
2016-10-05 09:22:16 73216 ----a-w- C:\WINDOWS\System32\offreg.dll
2016-10-05 09:22:08 4749312 ----a-w- C:\WINDOWS\System32\SettingsHandlers_nt.dll
2016-10-05 09:21:45 8075264 ----a-w- C:\WINDOWS\System32\mstscax.dll
2011-12-20 23:32:52 81608 -csha-w- C:\WINDOWS\Panther\Rollback\Boot\Info.exe
.
============= FINISH: 22:30:42.32 ===============
Attached Files
File Type: txt attach.txt (20.0 KB, 51 views)
almond_stash is offline  
Sponsored Links
Advertisement
 
Old 10-19-2016, 07:55 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Clean
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-19-2016, 08:25 PM   #3
Registered Member
 
Join Date: Oct 2016
Posts: 12
OS: Windows 10



Thank you for your reply,

[Here are my AdwCleaner Logs:]

# AdwCleaner v6.030 - Logfile created 20/10/2016 at 14:08:25
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-10-18.1 [Server]
# Operating System : Windows 10 Home (X64)
# Username : Andrew Hoyland - MININT-S3JC059
# Running from : C:\Users\Andrew Hoyland\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : hxxps://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\ProgramData\{fe91ae80-e582-f0e9-fe91-1ae80e58ba03}
[-] Folder deleted: C:\Users\Andrew Hoyland\AppData\Local\DriverToolkit
[-] Folder deleted: C:\ProgramData\TweakBit
[-] Folder deleted: C:\ProgramData\lavasoft\web companion
[#] Folder deleted on reboot: C:\ProgramData\Application Data\TweakBit
[#] Folder deleted on reboot: C:\ProgramData\Application Data\lavasoft\web companion
[-] Folder deleted: C:\Program Files (x86)\pc speed up
[-] Folder deleted: C:\Program Files (x86)\SoftUpgrade
[#] Folder deleted on reboot: C:\Program Files (x86)\PC Speed Up
[-] Folder deleted: C:\extensions
[-] Folder deleted: C:\uninst


***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\WeatherChiknSrvr
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{08ACFB57-8187-47F0-AF93-56360D03634A}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Key deleted: HKU\S-1-5-21-3497426211-1140279176-3504571802-1003\Software\DriverToolkit
[-] Key deleted: HKU\S-1-5-21-3497426211-1140279176-3504571802-1003\Software\simplytech
[-] Key deleted: HKU\S-1-5-21-3497426211-1140279176-3504571802-1003\Software\WEBAPP
[-] Key deleted: HKU\S-1-5-21-3497426211-1140279176-3504571802-1003\Software\INSTALLPATH\STATUS
[#] Key deleted on reboot: HKU\S-1-5-21-3497426211-1140279176-3504571802-1003\Software\SIMPLYTECH
[-] Key deleted: HKU\S-1-5-21-3497426211-1140279176-3504571802-1003\Software\AppDataLow\Software\adawarebp
[-] Key deleted: HKU\S-1-5-21-3497426211-1140279176-3504571802-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21}
[-] Key deleted: HKU\S-1-5-21-3497426211-1140279176-3504571802-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall\NetStream 1.0
[-] Key deleted: HKU\S-1-5-21-3497426211-1140279176-3504571802-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1EC095EE-8CA3-43D6-B9F5-0C55B82ED3D7}}_is1
[#] Key deleted on reboot: HKCU\Software\DriverToolkit
[#] Key deleted on reboot: HKCU\Software\simplytech
[#] Key deleted on reboot: HKCU\Software\WEBAPP
[#] Key deleted on reboot: HKCU\Software\INSTALLPATH\STATUS
[#] Key deleted on reboot: HKCU\Software\SIMPLYTECH
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\adawarebp
[-] Key deleted: HKLM\SOFTWARE\Lavasoft\Web Companion
[-] Key deleted: HKLM\SOFTWARE\{E6276374-DE18-4AA5-A365-9016A2F98A2D}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\NetStream 1.0
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1EC095EE-8CA3-43D6-B9F5-0C55B82ED3D7}}_is1
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
[#] Key deleted on reboot: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SEARCHPROTECT
[#] Key deleted on reboot: [x64] HKCU\Software\DriverToolkit
[#] Key deleted on reboot: [x64] HKCU\Software\simplytech
[#] Key deleted on reboot: [x64] HKCU\Software\WEBAPP
[#] Key deleted on reboot: [x64] HKCU\Software\INSTALLPATH\STATUS
[#] Key deleted on reboot: [x64] HKCU\Software\SIMPLYTECH
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\adawarebp
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\NetStream 1.0
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1EC095EE-8CA3-43D6-B9F5-0C55B82ED3D7}}_is1
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\bestpriceninja.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\cmptch.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\pstatic.bestpriceninja.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\static.cmptch.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\bestpriceninja.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\cmptch.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pstatic.bestpriceninja.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\static.cmptch.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\bestpriceninja.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\cmptch.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\pstatic.bestpriceninja.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\static.cmptch.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\bestpriceninja.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\cmptch.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pstatic.bestpriceninja.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\static.cmptch.com
[-] Value deleted: HKU\S-1-5-21-3497426211-1140279176-3504571802-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [ProxyGate]


***** [ Web browsers ] *****

[-] [C:\Users\Andrew Hoyland\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxp://mysearch.avg.com?cid={D469A95B-849E-46DC-8F12-C12F0F4E2CC3}&mid=8d5169c3f7d347d2b2a0b17f9b57aec2-7ac0edc46c9c23446e8bbd472873265d52d5bd07&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-04-13 21:46:49&v=18.0.5.292&pid=safeguard&sg=&sap=hp
[-] [C:\Users\Andrew Hoyland\AppData\Local\Google\Chrome\User Data\Default] [homepage] Deleted: hxxp://mysearch.avg.com?cid={D469A95B-849E-46DC-8F12-C12F0F4E2CC3}&mid=8d5169c3f7d347d2b2a0b17f9b57aec2-7ac0edc46c9c23446e8bbd472873265d52d5bd07&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-04-13 21:46:49&v=18.0.5.292&pid=safeguard&sg=&sap=hp


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [9204 Bytes] - [20/10/2016 14:08:25]
C:\AdwCleaner\AdwCleaner[S0].txt - [8630 Bytes] - [20/10/2016 1416]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [9350 Bytes] ##########

Will post FRST.txt in next reply as the character limit was reached
Attached Files
File Type: txt Addition.txt (68.5 KB, 31 views)
almond_stash is offline  
Sponsored Links
Advertisement
 
Old 10-19-2016, 08:27 PM   #4
Registered Member
 
Join Date: Oct 2016
Posts: 12
OS: Windows 10



[And here is the Frst.txt Log:]


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-10-2016
Ran by Andrew Hoyland (administrator) on MININT-S3JC059 (20-10-2016 14:13:11)
Running from C:\Users\Andrew Hoyland\Downloads
Loaded Profiles: Andrew Hoyland (Available Profiles: Andrew Hoyland)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(SoftThinks SAS) C:\Program Files (x86)\AlienRespawn\SftService.exe
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(SoftThinks - Dell) C:\Program Files (x86)\AlienRespawn\Toaster.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(SoftThinks - Dell) C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe
() C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe
(NVIDIA Corporation) C:\Users\Andrew Hoyland\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
Failed to access process -> ShellExperienceHost.exe
Failed to access process -> SearchUI.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
Failed to access process -> ShellExperienceHost.exe
Failed to access process -> SearchUI.exe
Failed to access process -> SearchUI.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Flux Software LLC) C:\Users\Andrew Hoyland\AppData\Local\FluxSoftware\Flux\flux.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
Failed to access process -> SearchUI.exe
() C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
Failed to access process -> SearchUI.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
Failed to access process -> SearchUI.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Failed to access process -> ShellExperienceHost.exe
Failed to access process -> ShellExperienceHost.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
Failed to access process -> SearchUI.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
Failed to access process -> backgroundTaskHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.7420.23751.0_x64__8wekyb3d8bbwe\HubTaskHost.exe
Failed to access process -> backgroundTaskHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7369.40791.0_x64__8wekyb3d8bbwe\HxTsr.exe
Failed to access process -> backgroundTaskHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.25021.0_x64__8wekyb3d8bbwe\Music.UI.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2890000 2012-03-16] (Synaptics Incorporated)
HKLM\...\Run: [Command Center Controllers] => c:\program files\alienware\command center\awccstartuporchestrator.exe [12616 2012-02-10] (Alienware)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\nvspcap64.dll [1842624 2016-09-30] (NVIDIA Corporation)
HKLM-x32\...\Run: [AlienwareOn-ScreenDisplay] => C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe [1636208 2011-12-02] ()
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => c:\program files (x86)\cyberlink\powerdvd9\language\language.exe [50472 2010-09-18] (CyberLink Corp.)
HKLM-x32\...\Run: [IAStorIcon] => c:\program files (x86)\intel\intel(r) rapid storage technology\iastoricon.exe [284440 2011-11-30] (Intel Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKLM-x32\...\Run: [UpdReg] => C:\WINDOWS\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Sound Blaster Recon3Di Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe [880640 2011-12-21] (Creative Technology Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [134480 2016-07-28] (Check Point Software Technologies Ltd.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-08-24] (Adobe Systems Incorporated)
HKU\S-1-5-21-3497426211-1140279176-3504571802-1003\...\Run: [Dropbox Update] => C:\Users\Andrew Hoyland\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-22] (Dropbox, Inc.)
HKU\S-1-5-21-3497426211-1140279176-3504571802-1003\...\Run: [BingSvc] => C:\Users\Andrew Hoyland\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-3497426211-1140279176-3504571802-1003\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-3497426211-1140279176-3504571802-1003\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [103696 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-3497426211-1140279176-3504571802-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8619224 2016-01-16] (Piriform Ltd)
HKU\S-1-5-21-3497426211-1140279176-3504571802-1003\...\Run: [f.lux] => C:\Users\Andrew Hoyland\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-3497426211-1140279176-3504571802-1003\...\Run: [Discord] => C:\Users\Andrew Hoyland\AppData\Local\Discord\app-0.0.296\Discord.exe [62471352 2016-08-24] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-3497426211-1140279176-3504571802-1003\...\RunOnce: [Uninstall C:\Users\Andrew Hoyland\AppData\Local\Microsoft\OneDrive\17.3.5951.0827_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Andrew Hoyland\AppData\Local\Microsoft\OneDrive\17.3.5951.0827_1\amd64"
HKU\S-1-5-21-3497426211-1140279176-3504571802-1003\...\RunOnce: [Uninstall C:\Users\Andrew Hoyland\AppData\Local\Microsoft\OneDrive\17.3.5951.0827_1] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Andrew Hoyland\AppData\Local\Microsoft\OneDrive\17.3.5951.0827_1"
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Andrew Hoyland\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Andrew Hoyland\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Andrew Hoyland\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Andrew Hoyland\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Andrew Hoyland\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Andrew Hoyland\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Andrew Hoyland\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{e02bb29d-6561-449e-a9d4-66ecb8a3b9d0}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{f5f7a027-09a3-4ec5-8987-e6a47d68c131}: [DhcpNameServer] 192.168.0.1
ManualProxies:

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3497426211-1140279176-3504571802-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES000
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-3497426211-1140279176-3504571802-1003 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-07-26] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-26] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-07-26] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-26] (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_185.dll [2016-10-12] ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [No File]
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-26] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-08-24] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_23_0_0_185.dll [2016-10-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-25] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-26] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-09-17] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-09-17] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-08-24] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3497426211-1140279176-3504571802-1003: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Andrew Hoyland\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-3497426211-1140279176-3504571802-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Andrew Hoyland\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-12-07] (Unity Technologies ApS)

Chrome:
=======
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-gb
CHR StartupUrls: Default -> "hxxp://mysearch.avg.com?cid={D469A95B-849E-46DC-8F12-C12F0F4E2CC3}&mid=8d5169c3f7d347d2b2a0b17f9b57aec2-7ac0edc46c9c23446e8bbd472873265d52d5bd07&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-04-13 21:46:49&v=18.0.5.292&pid=safeguard&sg=&sap=hp"
CHR Profile: C:\Users\Andrew Hoyland\AppData\Local\Google\Chrome\User Data\Backup default [2016-09-28]
CHR Extension: (Google Slides) - C:\Users\Andrew Hoyland\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-28]
CHR Extension: (Google Docs) - C:\Users\Andrew Hoyland\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-28]
CHR Extension: (Google Drive) - C:\Users\Andrew Hoyland\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-28]
CHR Extension: (YouTube) - C:\Users\Andrew Hoyland\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-28]
CHR Extension: (Google Sheets) - C:\Users\Andrew Hoyland\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-28]
CHR Extension: (Google Docs Offline) - C:\Users\Andrew Hoyland\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Andrew Hoyland\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-28]
CHR Extension: (Gmail) - C:\Users\Andrew Hoyland\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-28]
CHR Extension: (Chrome Media Router) - C:\Users\Andrew Hoyland\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-28]
CHR Profile: C:\Users\Andrew Hoyland\AppData\Local\Google\Chrome\User Data\Default [2016-10-20]
CHR Extension: (Google Docs) - C:\Users\Andrew Hoyland\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-28]
CHR Extension: (Google Drive) - C:\Users\Andrew Hoyland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-28]
CHR Extension: (YouTube) - C:\Users\Andrew Hoyland\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-28]
CHR Extension: (Adblock Plus) - C:\Users\Andrew Hoyland\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-09-28]
CHR Extension: (Google Docs Offline) - C:\Users\Andrew Hoyland\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-28]
CHR Extension: (ThemeBeta.com) - C:\Users\Andrew Hoyland\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghilfaildbliabminafflhclhpfenggp [2016-09-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Andrew Hoyland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-28]
CHR Extension: (Hover Zoom+) - C:\Users\Andrew Hoyland\AppData\Local\Google\Chrome\User Data\Default\Extensions\pccckmaobkjjboncdfnnofkonhgpceea [2016-10-06]
CHR Extension: (Gmail) - C:\Users\Andrew Hoyland\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-28]
CHR Extension: (Chrome Media Router) - C:\Users\Andrew Hoyland\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-28]
CHR HKU\S-1-5-21-3497426211-1140279176-3504571802-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fkkcgfbgohboipdhliafmacjnhjbhmim] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-08-24] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2207960 2016-09-26] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [248304 2011-08-12] (CyberLink)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2016-03-17] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2016-03-17] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2011-10-19] (Creative Technology Ltd) [File not signed]
R2 CtHdaSvc; C:\WINDOWS\sysWow64\CtHdaSvc.exe [133640 2015-06-12] (Creative Technology Ltd)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [240416 2016-06-14] (EasyAntiCheat Ltd)
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [79552 2016-03-02] (Bitdefender)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [455616 2016-09-30] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [455616 2016-09-30] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-09-30] (NVIDIA Corporation)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3746584 2016-07-28] (Check Point Software Technologies Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [114424 2016-06-30] (Check Point Software Technologies, Ltd.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 avckf; C:\WINDOWS\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
S1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)
S3 CEDRIVER60; C:\Program Files (x86)\Cheat Engine 6.4\dbk64.sys [64064 2014-06-20] ()
R3 cthda; C:\WINDOWS\system32\drivers\cthda.sys [1075496 2015-06-12] (Creative Technology Ltd)
R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [19440 2015-08-15] (OSR Open Systems Resources, Inc.)
R1 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
R3 kiox_ff_driver; C:\WINDOWS\System32\drivers\kiox_ff_driver.sys [41456 2015-06-15] (Kionix, Inc.)
R3 L1C; C:\WINDOWS\System32\drivers\L1C62x64.sys [128200 2014-04-21] (Qualcomm Atheros Co., Ltd.)
S0 megasas2i; C:\WINDOWS\System32\drivers\MegaSas2i.sys [64352 2016-10-05] (Avago Technologies)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NETwNe64; C:\WINDOWS\System32\drivers\NETwew01.sys [3343872 2016-07-16] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvdmi.inf_amd64_86f2ae812568c59a\nvlddmkm.sys [14242872 2016-09-20] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-09-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [46016 2016-09-02] (NVIDIA Corporation)
R0 PxHlpa64; C:\WINDOWS\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
S3 tap0901cn; C:\WINDOWS\System32\DRIVERS\tap0901cn.sys [39616 2014-09-29] (Connectify)
R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
S3 VBAudioVACMME; C:\WINDOWS\system32\DRIVERS\vbaudio_cable64_win7.sys [41192 2013-07-11] (Windows (R) Win 7 DDK provider)
S3 VBAudioVMAUXVAIOMME; C:\WINDOWS\system32\DRIVERS\vbaudio_vmauxvaio64_win7.sys [41192 2015-09-05] (Windows (R) Win 7 DDK provider)
S3 VBAudioVMVAIOMME; C:\WINDOWS\system32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2015-09-05] (Windows (R) Win 7 DDK provider)
R1 Vsdatant; C:\WINDOWS\system32\DRIVERS\vsdatant.sys [462296 2016-07-28] (Check Point Software Technologies Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)
almond_stash is offline  
Old 10-19-2016, 08:28 PM   #5
Registered Member
 
Join Date: Oct 2016
Posts: 12
OS: Windows 10



2016-10-20 14:13 - 2016-10-20 14:17 - 00028617 _____ C:\Users\Andrew Hoyland\Downloads\FRST.txt
2016-10-20 14:12 - 2016-10-20 14:13 - 00000000 ____D C:\FRST
2016-10-20 14:04 - 2016-10-20 14:04 - 02407424 _____ (Farbar) C:\Users\Andrew Hoyland\Downloads\FRST64.exe
2016-10-20 14:03 - 2016-10-20 14:03 - 03910208 _____ C:\Users\Andrew Hoyland\Desktop\AdwCleaner.exe
2016-10-19 21:25 - 2016-10-19 21:26 - 00688992 ____R (Swearware) C:\Users\Andrew Hoyland\Downloads\dds.scr
2016-10-19 21:17 - 2016-10-19 21:17 - 00380928 _____ C:\Users\Andrew Hoyland\Downloads\t6cudc8e.exe
2016-10-19 21:16 - 2016-10-19 21:22 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Andrew Hoyland\Downloads\mbar-1.09.3.1001.exe
2016-10-19 21:14 - 2016-10-19 21:17 - 05200384 _____ (AVAST Software) C:\Users\Andrew Hoyland\Downloads\aswmbr.exe
2016-10-19 21:12 - 2016-10-19 21:16 - 00288660 _____ C:\TDSSKiller.3.1.0.11_19.10.2016_21.12.07_log.txt
2016-10-19 21:01 - 2016-10-19 21:10 - 00004510 _____ C:\TDSSKiller.3.1.0.11_19.10.2016_21.01.07_log.txt
2016-10-19 20:53 - 2016-10-19 21:01 - 00567002 _____ C:\TDSSKiller.3.1.0.11_19.10.2016_20.53.24_log.txt
2016-10-19 19:50 - 2016-10-19 21:10 - 00000241 _____ C:\Users\Andrew Hoyland\Desktop\New Text Document (2).txt
2016-10-18 19:28 - 2016-10-18 19:29 - 00288340 _____ C:\TDSSKiller.3.1.0.11_18.10.2016_19.28.02_log.txt
2016-10-18 19:27 - 2016-08-05 13:14 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Andrew Hoyland\Desktop\TDSSKiller.exe
2016-10-18 19:24 - 2016-10-18 19:24 - 00000364 _____ C:\TDSSKiller.3.1.0.9_18.10.2016_19.24.50_log.txt
2016-10-18 19:21 - 2016-09-16 18:37 - 00000269 _____ C:\browcorp_settings.json
2016-10-18 19:21 - 2016-09-12 10:31 - 00000158 _____ C:\viewer.svg
2016-10-18 18:54 - 2016-10-18 18:54 - 00001140 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Audition CC 2015.2.lnk
2016-10-18 18:53 - 2016-10-18 18:53 - 00000000 ____D C:\Users\Public\Documents\AdobeInstalledCodecs
2016-10-18 18:38 - 2016-10-18 18:54 - 00000000 ____D C:\Program Files\Adobe
2016-10-18 18:31 - 2016-10-18 18:31 - 00001308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2016-10-18 18:31 - 2016-10-18 18:31 - 00001296 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2016-10-17 19:25 - 2016-10-19 23:24 - 00009650 _____ C:\Users\Andrew Hoyland\Desktop\Piano Goals 17-10-2016.xlsx
2016-10-17 19:11 - 2016-10-18 21:57 - 00008335 _____ C:\Users\Andrew Hoyland\Desktop\Valient Hearts.xlsx
2016-10-12 12:56 - 2016-10-12 12:56 - 06183104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2016-10-12 09:48 - 2016-10-05 21:03 - 01705976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-10-12 09:48 - 2016-10-05 20:51 - 01430720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-10-12 09:48 - 2016-10-05 20:50 - 02256592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-10-12 09:48 - 2016-10-05 20:50 - 00116576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2016-10-12 09:48 - 2016-10-05 20:49 - 01980768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2016-10-12 09:48 - 2016-10-05 20:48 - 01022304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2016-10-12 09:48 - 2016-10-05 20:46 - 03892352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-10-12 09:48 - 2016-10-05 20:46 - 01360456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-10-12 09:48 - 2016-10-05 20:46 - 00980824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-10-12 09:48 - 2016-10-05 20:45 - 20965240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-10-12 09:48 - 2016-10-05 20:41 - 00545944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-10-12 09:48 - 2016-10-05 20:31 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll
2016-10-12 09:48 - 2016-10-05 20:28 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2016-10-12 09:48 - 2016-10-05 20:28 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll
2016-10-12 09:48 - 2016-10-05 20:28 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.HostName.dll
2016-10-12 09:48 - 2016-10-05 20:27 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-10-12 09:48 - 2016-10-05 20:27 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.ServiceDiscovery.Dnssd.dll
2016-10-12 09:48 - 2016-10-05 20:26 - 00327680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2016-10-12 09:48 - 2016-10-05 20:26 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2016-10-12 09:48 - 2016-10-05 20:26 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2016-10-12 09:48 - 2016-10-05 20:26 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovs.dll
2016-10-12 09:48 - 2016-10-05 20:26 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.Ngc.dll
2016-10-12 09:48 - 2016-10-05 20:25 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-10-12 09:48 - 2016-10-05 20:25 - 00404992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2016-10-12 09:48 - 2016-10-05 20:25 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2016-10-12 09:48 - 2016-10-05 20:25 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBroker.dll
2016-10-12 09:48 - 2016-10-05 20:24 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.AllJoyn.dll
2016-10-12 09:48 - 2016-10-05 20:23 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2016-10-12 09:48 - 2016-10-05 20:23 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Wallet.dll
2016-10-12 09:48 - 2016-10-05 20:23 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2016-10-12 09:48 - 2016-10-05 20:23 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2016-10-12 09:48 - 2016-10-05 20:21 - 03689984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-10-12 09:48 - 2016-10-05 20:21 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2016-10-12 09:48 - 2016-10-05 20:21 - 00310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-10-12 09:48 - 2016-10-05 20:20 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2016-10-12 09:48 - 2016-10-05 20:18 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-10-12 09:48 - 2016-10-05 20:18 - 00858112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2016-10-12 09:48 - 2016-10-05 20:17 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adsmsext.dll
2016-10-12 09:48 - 2016-10-05 20:16 - 19418624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-10-12 09:48 - 2016-10-05 20:16 - 00508416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-10-12 09:48 - 2016-10-05 20:15 - 07625728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-10-12 09:48 - 2016-10-05 20:15 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dialclient.dll
2016-10-12 09:48 - 2016-10-05 20:14 - 19416576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-10-12 09:48 - 2016-10-05 20:14 - 01456640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-10-12 09:48 - 2016-10-05 20:14 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2016-10-12 09:48 - 2016-10-05 20:13 - 12345856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-10-12 09:48 - 2016-10-05 20:13 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2016-10-12 09:48 - 2016-10-05 20:11 - 12174848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-10-12 09:48 - 2016-10-05 20:11 - 06108672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-10-12 09:48 - 2016-10-05 20:11 - 06043136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-10-12 09:48 - 2016-10-05 20:11 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2016-10-12 09:48 - 2016-10-05 20:10 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2016-10-12 09:48 - 2016-10-05 20:09 - 07467520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-10-12 09:48 - 2016-10-05 20:09 - 03369984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-10-12 09:48 - 2016-10-05 20:09 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-10-12 09:48 - 2016-10-05 20:09 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2016-10-12 09:48 - 2016-10-05 20:09 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-10-12 09:48 - 2016-10-05 20:09 - 00674304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2016-10-12 09:48 - 2016-10-05 20:08 - 02356736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2016-10-12 09:48 - 2016-10-05 20:08 - 00873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2016-10-12 09:48 - 2016-10-05 20:08 - 00598528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2016-10-12 09:48 - 2016-10-05 20:07 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-10-12 09:48 - 2016-10-05 20:07 - 02682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2016-10-12 09:48 - 2016-10-05 20:07 - 02646016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2016-10-12 09:48 - 2016-10-05 20:07 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2016-10-12 09:48 - 2016-10-05 20:07 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2016-10-12 09:48 - 2016-10-05 20:07 - 00542208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2016-10-12 09:48 - 2016-10-05 20:06 - 02999296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-10-12 09:48 - 2016-10-05 20:06 - 02254336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-10-12 09:48 - 2016-10-05 20:06 - 02005504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2016-10-12 09:48 - 2016-10-05 20:06 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-10-12 09:48 - 2016-10-05 20:06 - 01594368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-10-12 09:48 - 2016-10-05 20:06 - 01013248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2016-10-12 09:48 - 2016-10-05 20:06 - 00850944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2016-10-12 09:48 - 2016-10-05 20:06 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-10-12 09:48 - 2016-10-05 20:05 - 03105792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2016-10-12 09:48 - 2016-10-05 20:05 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2016-10-12 09:45 - 2016-10-05 20:36 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-10-12 09:45 - 2016-10-05 20:35 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-10-12 09:45 - 2016-10-05 20:28 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2016-10-12 09:45 - 2016-10-05 20:18 - 01656832 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-10-12 09:45 - 2016-10-05 20:17 - 04136960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-10-12 09:44 - 2016-10-05 21:35 - 00279904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-10-12 09:44 - 2016-10-05 21:34 - 01051104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-10-12 09:44 - 2016-10-05 21:34 - 00894088 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-10-12 09:44 - 2016-10-05 21:33 - 00128864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2016-10-12 09:44 - 2016-10-05 21:31 - 02213248 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-10-12 09:44 - 2016-10-05 21:31 - 01353768 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-10-12 09:44 - 2016-10-05 21:31 - 01172472 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-10-12 09:44 - 2016-10-05 21:30 - 07812448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-10-12 09:44 - 2016-10-05 21:22 - 01181536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2016-10-12 09:44 - 2016-10-05 21:17 - 01322848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2016-10-12 09:44 - 2016-10-05 21:16 - 00187232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-10-12 09:44 - 2016-10-05 21:13 - 02750384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-10-12 09:44 - 2016-10-05 21:13 - 01859264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-10-12 09:44 - 2016-10-05 21:13 - 00146784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2016-10-12 09:44 - 2016-10-05 21:12 - 02446696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2016-10-12 09:44 - 2016-10-05 21:12 - 01112928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-10-12 09:44 - 2016-10-05 21:12 - 00619368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-10-12 09:44 - 2016-10-05 21:09 - 22219328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-10-12 09:44 - 2016-10-05 21:09 - 04129928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-10-12 09:44 - 2016-10-05 21:09 - 01071728 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-10-12 09:44 - 2016-10-05 21:09 - 00244816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-10-12 09:44 - 2016-10-05 21:09 - 00064352 _____ (Avago Technologies) C:\WINDOWS\system32\Drivers\MegaSas2i.sys
2016-10-12 09:44 - 2016-10-05 21:08 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-10-12 09:44 - 2016-10-05 21:04 - 02537824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-10-12 09:44 - 2016-10-05 21:04 - 00628032 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-10-12 09:44 - 2016-10-05 20:44 - 22568960 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-10-12 09:44 - 2016-10-05 20:38 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2016-10-12 09:44 - 2016-10-05 20:38 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2016-10-12 09:44 - 2016-10-05 20:36 - 00113664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.ServiceDiscovery.Dnssd.dll
2016-10-12 09:44 - 2016-10-05 20:35 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2016-10-12 09:44 - 2016-10-05 20:35 - 00327680 _____ C:\WINDOWS\system32\wc_storage.dll
2016-10-12 09:44 - 2016-10-05 20:35 - 00196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.dll
2016-10-12 09:44 - 2016-10-05 20:35 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll
2016-10-12 09:44 - 2016-10-05 20:34 - 00463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2016-10-12 09:44 - 2016-10-05 20:34 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-10-12 09:44 - 2016-10-05 20:33 - 00651264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.AllJoyn.dll
2016-10-12 09:44 - 2016-10-05 20:33 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2016-10-12 09:44 - 2016-10-05 20:33 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2016-10-12 09:44 - 2016-10-05 20:33 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovs.dll
2016-10-12 09:44 - 2016-10-05 20:32 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2016-10-12 09:44 - 2016-10-05 20:32 - 00379904 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2016-10-12 09:44 - 2016-10-05 20:32 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.HostName.dll
2016-10-12 09:44 - 2016-10-05 20:32 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
2016-10-12 09:44 - 2016-10-05 20:31 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2016-10-12 09:44 - 2016-10-05 20:31 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2016-10-12 09:44 - 2016-10-05 20:31 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Wallet.dll
2016-10-12 09:44 - 2016-10-05 20:31 - 00480768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2016-10-12 09:44 - 2016-10-05 20:31 - 00425472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2016-10-12 09:44 - 2016-10-05 20:31 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2016-10-12 09:44 - 2016-10-05 20:30 - 00396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2016-10-12 09:44 - 2016-10-05 20:29 - 09129984 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-10-12 09:44 - 2016-10-05 20:29 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-10-12 09:44 - 2016-10-05 20:29 - 01145856 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2016-10-12 09:44 - 2016-10-05 20:29 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-10-12 09:44 - 2016-10-05 20:29 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2016-10-12 09:44 - 2016-10-05 20:28 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-10-12 09:44 - 2016-10-05 20:28 - 00406016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-10-12 09:44 - 2016-10-05 20:27 - 00945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2016-10-12 09:44 - 2016-10-05 20:26 - 23680512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-10-12 09:44 - 2016-10-05 20:26 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-10-12 09:44 - 2016-10-05 20:25 - 01589248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2016-10-12 09:44 - 2016-10-05 20:24 - 13434368 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-10-12 09:44 - 2016-10-05 20:24 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\adsmsext.dll
2016-10-12 09:44 - 2016-10-05 20:23 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-10-12 09:44 - 2016-10-05 20:23 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialclient.dll
2016-10-12 09:44 - 2016-10-05 20:22 - 13081088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-10-12 09:44 - 2016-10-05 20:22 - 07654912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-10-12 09:44 - 2016-10-05 20:22 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-10-12 09:44 - 2016-10-05 20:22 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2016-10-12 09:44 - 2016-10-05 20:21 - 08075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-10-12 09:44 - 2016-10-05 20:21 - 01364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2016-10-12 09:44 - 2016-10-05 20:21 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
2016-10-12 09:44 - 2016-10-05 20:20 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2016-10-12 09:44 - 2016-10-05 20:20 - 00804864 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2016-10-12 09:44 - 2016-10-05 20:20 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-10-12 09:44 - 2016-10-05 20:19 - 02390016 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2016-10-12 09:44 - 2016-10-05 20:19 - 02265088 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-10-12 09:44 - 2016-10-05 20:19 - 01690112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-10-12 09:44 - 2016-10-05 20:19 - 00982528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-10-12 09:44 - 2016-10-05 20:18 - 00983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-10-12 09:44 - 2016-10-05 20:18 - 00911872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-10-12 09:44 - 2016-10-05 20:18 - 00759296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-10-12 09:44 - 2016-10-05 20:17 - 08126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-10-12 09:44 - 2016-10-05 20:17 - 02914304 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2016-10-12 09:44 - 2016-10-05 20:17 - 01493504 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-10-12 09:44 - 2016-10-05 20:16 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2016-10-12 09:44 - 2016-10-05 20:16 - 04747776 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-10-12 09:44 - 2016-10-05 20:16 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2016-10-12 09:44 - 2016-10-05 20:16 - 00765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2016-10-12 09:44 - 2016-10-05 20:15 - 03617792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-10-12 09:44 - 2016-10-05 20:15 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2016-10-12 09:44 - 2016-10-05 20:15 - 01980416 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-10-12 09:44 - 2016-10-05 20:15 - 01840640 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2016-10-12 09:44 - 2016-10-05 20:15 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-10-12 09:44 - 2016-10-05 20:15 - 00833024 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-10-12 09:44 - 2016-10-05 20:15 - 00774656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2016-10-12 09:44 - 2016-10-05 20:15 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2016-10-12 09:44 - 2016-10-05 20:14 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-10-12 09:44 - 2016-10-05 20:14 - 02667520 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-10-12 09:44 - 2016-10-05 20:14 - 02476544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2016-10-12 09:44 - 2016-10-05 20:14 - 01778176 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-10-12 09:44 - 2016-10-05 20:14 - 01013760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2016-10-12 09:44 - 2016-10-05 20:14 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-10-12 09:44 - 2016-10-05 20:14 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-10-12 09:44 - 2016-10-05 20:13 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2016-10-12 09:44 - 2016-10-05 20:12 - 01107456 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2016-10-12 09:44 - 2016-10-05 20:12 - 00998912 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2016-10-12 09:44 - 2016-10-05 20:12 - 00924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2016-10-12 09:44 - 2016-10-05 20:11 - 03496960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2016-10-12 09:44 - 2016-10-05 11:01 - 00446124 _____ C:\WINDOWS\system32\ApnDatabase.xml
2016-10-12 09:44 - 2016-09-07 16:34 - 00360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-10-10 17:22 - 2016-10-10 17:24 - 00000000 ____D C:\Users\Andrew Hoyland\AppData\Local\Deployment
2016-10-10 17:13 - 2016-10-10 17:36 - 00000185 _____ C:\Users\Andrew Hoyland\Desktop\New Text Document.txt
2016-10-06 12:23 - 2016-10-20 08:14 - 00000000 ____D C:\Users\Public\Documents\AdobeGC
2016-10-05 19:25 - 2016-10-09 19:49 - 00000136 _____ C:\Users\Andrew Hoyland\Desktop\Music list.txt
2016-10-04 15:35 - 2016-10-04 15:35 - 00001867 _____ C:\Users\Andrew Hoyland\Desktop\SLAM.exe - Shortcut.lnk
2016-10-03 14:40 - 2016-10-03 15:45 - 00000000 ____D C:\Users\Andrew Hoyland\AppData\LocalLow\BitTorrent
2016-09-30 19:12 - 2016-09-30 19:12 - 00000000 ____D C:\Users\Andrew Hoyland\AppData\Local\SLAM
2016-09-30 13:35 - 2016-09-16 05:14 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-09-30 13:35 - 2016-09-16 04:40 - 00965472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2016-09-30 13:35 - 2016-09-16 04:35 - 00455040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2016-09-30 13:35 - 2016-09-16 04:33 - 00083120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devenum.dll
2016-09-30 13:35 - 2016-09-16 04:30 - 00354264 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-09-30 13:35 - 2016-09-16 04:29 - 01377016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2016-09-30 13:35 - 2016-09-16 04:29 - 01117024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2016-09-30 13:35 - 2016-09-16 04:29 - 00603488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2016-09-30 13:35 - 2016-09-16 04:29 - 00512416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2016-09-30 13:35 - 2016-09-16 04:27 - 05622088 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2016-09-30 13:35 - 2016-09-16 04:27 - 00553312 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-09-30 13:35 - 2016-09-16 04:27 - 00434528 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2016-09-30 13:35 - 2016-09-16 04:25 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-30 13:35 - 2016-09-16 04:23 - 00170960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-09-30 13:35 - 2016-09-16 04:22 - 00860512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-09-30 13:35 - 2016-09-16 04:21 - 01218912 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-09-30 13:35 - 2016-09-16 04:21 - 01000288 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-09-30 13:35 - 2016-09-16 04:20 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-09-30 13:35 - 2016-09-16 04:20 - 00634944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2016-09-30 13:35 - 2016-09-16 04:18 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-09-30 13:35 - 2016-09-16 04:16 - 01292640 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-09-30 13:35 - 2016-09-16 04:16 - 00527808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2016-09-30 13:35 - 2016-09-16 04:15 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2016-09-30 13:35 - 2016-09-16 04:14 - 01267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-09-30 13:35 - 2016-09-16 04:14 - 00119648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2016-09-30 13:35 - 2016-09-16 04:13 - 01264912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-09-30 13:35 - 2016-09-16 04:13 - 00113504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2016-09-30 13:35 - 2016-09-16 04:12 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-09-30 13:35 - 2016-09-16 04:11 - 00773168 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-09-30 13:35 - 2016-09-16 04:10 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-09-30 13:35 - 2016-09-16 04:10 - 00918848 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2016-09-30 13:35 - 2016-09-16 04:06 - 01469120 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-09-30 13:35 - 2016-09-16 04:06 - 00587968 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-09-30 13:35 - 2016-09-16 04:06 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2016-09-30 13:35 - 2016-09-16 04:06 - 00387872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2016-09-30 13:35 - 2016-09-16 04:06 - 00050880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-09-30 13:35 - 2016-09-16 04:03 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2016-09-30 13:35 - 2016-09-16 04:03 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TempSignedLicenseExchangeTask.dll
2016-09-30 13:35 - 2016-09-16 04:02 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfksproxy.dll
2016-09-30 13:35 - 2016-09-16 04:01 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\findnetprinters.dll
2016-09-30 13:35 - 2016-09-16 04:00 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2016-09-30 13:35 - 2016-09-16 03:59 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovslegacy.dll
2016-09-30 13:35 - 2016-09-16 03:58 - 00491008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-09-30 13:35 - 2016-09-16 03:58 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlancfg.dll
2016-09-30 13:35 - 2016-09-16 03:57 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.LowLevel.dll
2016-09-30 13:35 - 2016-09-16 03:57 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-09-30 13:35 - 2016-09-16 03:56 - 00554496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-09-30 13:35 - 2016-09-16 03:56 - 00413184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2016-09-30 13:35 - 2016-09-16 03:56 - 00265728 _____ C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll
2016-09-30 13:35 - 2016-09-16 03:56 - 00262656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pdh.dll
2016-09-30 13:35 - 2016-09-16 03:56 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManagerApi.dll
2016-09-30 13:35 - 2016-09-16 03:55 - 01243136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.FaceAnalysis.dll
2016-09-30 13:35 - 2016-09-16 03:55 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2016-09-30 13:35 - 2016-09-16 03:55 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
2016-09-30 13:35 - 2016-09-16 03:55 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2016-09-30 13:35 - 2016-09-16 03:55 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2016-09-30 13:35 - 2016-09-16 03:54 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mbsmsapi.dll
2016-09-30 13:35 - 2016-09-16 03:54 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
2016-09-30 13:35 - 2016-09-16 03:54 - 00431104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprdim.dll
2016-09-30 13:35 - 2016-09-16 03:53 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2016-09-30 13:35 - 2016-09-16 03:53 - 00314368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2016-09-30 13:35 - 2016-09-16 03:52 - 00238080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2016-09-30 13:35 - 2016-09-16 03:51 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2016-09-30 13:35 - 2016-09-16 03:51 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CryptoWinRT.dll
2016-09-30 13:35 - 2016-09-16 03:50 - 07219200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-09-30 13:35 - 2016-09-16 03:50 - 01534464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.3D.dll
2016-09-30 13:35 - 2016-09-16 03:50 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe
2016-09-30 13:35 - 2016-09-16 03:49 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-09-30 13:35 - 2016-09-16 03:47 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-09-30 13:35 - 2016-09-16 03:47 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTMediaFrame.dll
2016-09-30 13:35 - 2016-09-16 03:46 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2016-09-30 13:35 - 2016-09-16 03:46 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2016-09-30 13:35 - 2016-09-16 03:43 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imapi2.dll
2016-09-30 13:35 - 2016-09-16 03:43 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2016-09-30 13:35 - 2016-09-16 03:43 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2016-09-30 13:35 - 2016-09-16 03:43 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys
2016-09-30 13:35 - 2016-09-16 03:43 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll
2016-09-30 13:35 - 2016-09-16 03:42 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2016-09-30 13:35 - 2016-09-16 03:42 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2016-09-30 13:35 - 2016-09-16 03:41 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Printers.dll
2016-09-30 13:35 - 2016-09-16 03:41 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NfcRadioMedia.dll
2016-09-30 13:35 - 2016-09-16 03:40 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-09-30 13:35 - 2016-09-16 03:40 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-09-30 13:35 - 2016-09-16 03:40 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll
2016-09-30 13:35 - 2016-09-16 03:40 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFi.dll
2016-09-30 13:35 - 2016-09-16 03:40 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2016-09-30 13:35 - 2016-09-16 03:40 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2016-09-30 13:35 - 2016-09-16 03:39 - 02740224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2016-09-30 13:35 - 2016-09-16 03:39 - 00547840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Input.dll
2016-09-30 13:35 - 2016-09-16 03:39 - 00418304 _____ C:\WINDOWS\system32\Windows.Perception.Stub.dll
2016-09-30 13:35 - 2016-09-16 03:39 - 00295936 _____ (Microsoft Corporation) C:\WINDOWS\system32\pdh.dll
2016-09-30 13:35 - 2016-09-16 03:39 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-09-30 13:35 - 2016-09-16 03:39 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Radios.dll
2016-09-30 13:35 - 2016-09-16 03:38 - 00730112 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2016-09-30 13:35 - 2016-09-16 03:38 - 00654336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2016-09-30 13:35 - 2016-09-16 03:38 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2016-09-30 13:35 - 2016-09-16 03:38 - 00205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2016-09-30 13:35 - 2016-09-16 03:38 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintWSDAHost.dll
2016-09-30 13:35 - 2016-09-16 03:37 - 00743424 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-09-30 13:35 - 2016-09-16 03:37 - 00680448 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2016-09-30 13:35 - 2016-09-16 03:37 - 00390144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2016-09-30 13:35 - 2016-09-16 03:37 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.dll
2016-09-30 13:35 - 2016-09-16 03:37 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2016-09-30 13:35 - 2016-09-16 03:37 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2016-09-30 13:35 - 2016-09-16 03:36 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Import.dll
2016-09-30 13:35 - 2016-09-16 03:36 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2016-09-30 13:35 - 2016-09-16 03:36 - 00456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2016-09-30 13:35 - 2016-09-16 03:36 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2016-09-30 13:35 - 2016-09-16 03:36 - 00410624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2016-09-30 13:35 - 2016-09-16 03:36 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2016-09-30 13:35 - 2016-09-16 03:36 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2016-09-30 13:35 - 2016-09-16 03:36 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2016-09-30 13:35 - 2016-09-16 03:36 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovslegacy.dll
2016-09-30 13:35 - 2016-09-16 03:35 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2016-09-30 13:35 - 2016-09-16 03:35 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2016-09-30 13:35 - 2016-09-16 03:35 - 01013248 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-09-30 13:35 - 2016-09-16 03:35 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.PointOfService.dll
2016-09-30 13:35 - 2016-09-16 03:35 - 00538112 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2016-09-30 13:35 - 2016-09-16 03:35 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprdim.dll
2016-09-30 13:35 - 2016-09-16 03:35 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Desktop.dll
2016-09-30 13:35 - 2016-09-16 03:35 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-09-30 13:35 - 2016-09-16 03:35 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2016-09-30 13:35 - 2016-09-16 03:35 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Picker.dll
2016-09-30 13:35 - 2016-09-16 03:35 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2016-09-30 13:35 - 2016-09-16 03:35 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsvc.dll
2016-09-30 13:35 - 2016-09-16 03:35 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2016-09-30 13:35 - 2016-09-16 03:34 - 00671744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mbsmsapi.dll
2016-09-30 13:35 - 2016-09-16 03:34 - 00560640 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2016-09-30 13:35 - 2016-09-16 03:34 - 00424960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2016-09-30 13:35 - 2016-09-16 03:33 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2016-09-30 13:35 - 2016-09-16 03:32 - 01037312 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2016-09-30 13:35 - 2016-09-16 03:32 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2016-09-30 13:35 - 2016-09-16 03:31 - 01912320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2016-09-30 13:35 - 2016-09-16 03:31 - 01553408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2016-09-30 13:35 - 2016-09-16 03:30 - 01227264 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2016-09-30 13:35 - 2016-09-16 03:30 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTMediaFrame.dll
2016-09-30 13:35 - 2016-09-16 03:30 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2016-09-30 13:35 - 2016-09-16 03:30 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CastLaunch.dll
2016-09-30 13:35 - 2016-09-16 03:29 - 01105408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MiracastReceiver.dll
2016-09-30 13:35 - 2016-09-16 03:29 - 01082368 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-09-30 13:35 - 2016-09-16 03:29 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2016-09-30 13:35 - 2016-09-16 03:28 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2016-09-30 13:35 - 2016-09-16 03:27 - 05111296 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-09-30 13:35 - 2016-09-16 03:27 - 01078784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2016-09-30 13:35 - 2016-09-16 03:27 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-09-30 13:35 - 2016-09-16 03:27 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpaceControl.dll
2016-09-30 13:35 - 2016-09-16 03:27 - 00582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2016-09-30 13:35 - 2016-09-16 03:27 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2016-09-30 13:35 - 2016-09-16 03:27 - 00250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\discan.dll
2016-09-30 13:35 - 2016-09-16 03:27 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\manage-bde.exe
2016-09-30 13:35 - 2016-09-16 03:27 - 00171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvenotify.exe
2016-09-30 13:35 - 2016-09-16 03:27 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Sens.dll
2016-09-30 13:35 - 2016-09-16 03:26 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2016-09-30 13:35 - 2016-09-16 03:26 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll
2016-09-30 13:35 - 2016-09-16 03:26 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2016-09-30 13:35 - 2016-09-16 03:26 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdeui.dll
2016-09-30 13:35 - 2016-09-16 03:25 - 00947200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_sr.dll
2016-09-30 13:35 - 2016-09-16 03:25 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2016-09-30 13:35 - 2016-09-16 03:25 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpaceAgent.exe
2016-09-30 13:35 - 2016-09-16 03:24 - 01080320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Ocr.dll
2016-09-30 13:35 - 2016-09-16 03:23 - 03405824 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2016-09-30 13:35 - 2016-09-16 03:23 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-09-30 13:35 - 2016-09-16 03:23 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2016-09-30 13:35 - 2016-09-16 03:22 - 01586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2016-09-30 13:35 - 2016-09-16 03:22 - 00960000 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-09-30 13:35 - 2016-09-16 03:21 - 02538496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2016-09-30 13:35 - 2016-09-16 03:21 - 02208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.3D.dll
2016-09-30 13:35 - 2016-09-16 03:21 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-09-30 13:35 - 2016-09-16 03:20 - 01535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2016-09-30 13:35 - 2016-09-16 03:20 - 01266176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2016-09-30 13:35 - 2016-09-16 03:20 - 00845824 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2016-09-30 13:35 - 2016-09-16 03:20 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2016-09-30 13:35 - 2016-09-16 03:20 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2016-09-30 13:35 - 2016-09-16 03:19 - 01130496 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2016-09-30 13:35 - 2016-09-16 03:19 - 00903680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2016-09-30 13:35 - 2016-09-16 03:19 - 00788992 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2016-09-30 13:35 - 2016-09-16 03:19 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-09-30 13:35 - 2016-09-16 03:16 - 01817088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2016-09-30 13:35 - 2016-09-16 03:16 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SessEnv.dll
2016-09-30 13:35 - 2016-08-05 19:29 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.UXRes.dll
2016-09-30 13:34 - 2016-09-16 04:37 - 00402352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ws2_32.dll
2016-09-30 13:34 - 2016-09-16 04:35 - 01570680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-09-30 13:34 - 2016-09-16 04:32 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-09-30 13:34 - 2016-09-16 04:30 - 00646136 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-09-30 13:34 - 2016-09-16 04:29 - 00218008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2016-09-30 13:34 - 2016-09-16 04:29 - 00081760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2016-09-30 13:34 - 2016-09-16 04:29 - 00023392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cmimcext.sys
2016-09-30 13:34 - 2016-09-16 04:28 - 00498960 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2016-09-30 13:34 - 2016-09-16 04:26 - 00090400 _____ (Microsoft Corporation) C:\WINDOWS\system32\devenum.dll
2016-09-30 13:34 - 2016-09-16 04:25 - 00262960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2016-09-30 13:34 - 2016-09-16 04:24 - 00764936 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-09-30 13:34 - 2016-09-16 04:23 - 01503032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-09-30 13:34 - 2016-09-16 04:22 - 05722320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-09-30 13:34 - 2016-09-16 04:22 - 00975744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2016-09-30 13:34 - 2016-09-16 04:19 - 00361104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsmf.dll
2016-09-30 13:34 - 2016-09-16 04:18 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2016-09-30 13:34 - 2016-09-16 04:18 - 01123368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-09-30 13:34 - 2016-09-16 04:18 - 00955528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-09-30 13:34 - 2016-09-16 04:18 - 00856872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2016-09-30 13:34 - 2016-09-16 04:18 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2016-09-30 13:34 - 2016-09-16 04:17 - 04311736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-09-30 13:34 - 2016-09-16 04:16 - 07219672 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-09-30 13:34 - 2016-09-16 04:16 - 02190176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-09-30 13:34 - 2016-09-16 04:16 - 01738040 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-09-30 13:34 - 2016-09-16 04:16 - 01157000 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2016-09-30 13:34 - 2016-09-16 04:16 - 00657760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-09-30 13:34 - 2016-09-16 04:16 - 00401760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-09-30 13:34 - 2016-09-16 04:16 - 00206096 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-09-30 13:34 - 2016-09-16 04:15 - 00649568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2016-09-30 13:34 - 2016-09-16 04:15 - 00341936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2016-09-30 13:34 - 2016-09-16 04:15 - 00223584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-09-30 13:34 - 2016-09-16 04:15 - 00130912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2016-09-30 13:34 - 2016-09-16 04:14 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2016-09-30 13:34 - 2016-09-16 04:12 - 08158672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-09-30 13:34 - 2016-09-16 04:11 - 04673296 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-09-30 13:34 - 2016-09-16 04:06 - 01046880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-09-30 13:34 - 2016-09-16 04:03 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2016-09-30 13:34 - 2016-09-16 04:03 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cngkeyhelper.dll
2016-09-30 13:34 - 2016-09-16 04:00 - 00554496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2016-09-30 13:34 - 2016-09-16 04:00 - 00518656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2016-09-30 13:34 - 2016-09-16 04:00 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-09-30 13:34 - 2016-09-16 03:58 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll
2016-09-30 13:34 - 2016-09-16 03:58 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.UserDeviceAssociation.dll
2016-09-30 13:34 - 2016-09-16 03:57 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2016-09-30 13:34 - 2016-09-16 03:57 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2016-09-30 13:34 - 2016-09-16 03:56 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll
2016-09-30 13:34 - 2016-09-16 03:56 - 00257536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DataExchange.dll
2016-09-30 13:34 - 2016-09-16 03:55 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2016-09-30 13:34 - 2016-09-16 03:55 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.SmartCards.dll
2016-09-30 13:34 - 2016-09-16 03:55 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetworkCollectionAgent.dll
2016-09-30 13:34 - 2016-09-16 03:55 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2016-09-30 13:34 - 2016-09-16 03:55 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-09-30 13:34 - 2016-09-16 03:55 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\biwinrt.dll
2016-09-30 13:34 - 2016-09-16 03:54 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Ocr.dll
2016-09-30 13:34 - 2016-09-16 03:53 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-09-30 13:34 - 2016-09-16 03:53 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2016-09-30 13:34 - 2016-09-16 03:52 - 01358336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-09-30 13:34 - 2016-09-16 03:52 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NaturalLanguage6.dll
2016-09-30 13:34 - 2016-09-16 03:52 - 00525824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintDialogs.dll
2016-09-30 13:34 - 2016-09-16 03:52 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-09-30 13:34 - 2016-09-16 03:49 - 00901120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2016-09-30 13:34 - 2016-09-16 03:49 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2016-09-30 13:34 - 2016-09-16 03:48 - 01321472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2016-09-30 13:34 - 2016-09-16 03:48 - 01112576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2016-09-30 13:34 - 2016-09-16 03:47 - 01077760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll
2016-09-30 13:34 - 2016-09-16 03:47 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Energy.dll
2016-09-30 13:34 - 2016-09-16 03:46 - 03305984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-09-30 13:34 - 2016-09-16 03:46 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ffbroker.dll
2016-09-30 13:34 - 2016-09-16 03:45 - 02642944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2016-09-30 13:34 - 2016-09-16 03:45 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2016-09-30 13:34 - 2016-09-16 03:44 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAC3ENC.DLL
2016-09-30 13:34 - 2016-09-16 03:44 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\cngkeyhelper.dll
2016-09-30 13:34 - 2016-09-16 03:43 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfksproxy.dll
2016-09-30 13:34 - 2016-09-16 03:42 - 01220608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2016-09-30 13:34 - 2016-09-16 03:42 - 00719872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_sr.dll
2016-09-30 13:34 - 2016-09-16 03:42 - 00492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2016-09-30 13:34 - 2016-09-16 03:42 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhvr.sys
2016-09-30 13:34 - 2016-09-16 03:41 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2016-09-30 13:34 - 2016-09-16 03:41 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.SyncEngine.dll
2016-09-30 13:34 - 2016-09-16 03:41 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-09-30 13:34 - 2016-09-16 03:41 - 00156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.Client.dll
2016-09-30 13:34 - 2016-09-16 03:41 - 00108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.Authentication.dll
2016-09-30 13:34 - 2016-09-16 03:40 - 02026496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-09-30 13:34 - 2016-09-16 03:40 - 01988096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2016-09-30 13:34 - 2016-09-16 03:40 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll
2016-09-30 13:34 - 2016-09-16 03:40 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2016-09-30 13:34 - 2016-09-16 03:40 - 00082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.UserDeviceAssociation.dll
2016-09-30 13:34 - 2016-09-16 03:39 - 00827904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-09-30 13:34 - 2016-09-16 03:39 - 00408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-09-30 13:34 - 2016-09-16 03:39 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2016-09-30 13:34 - 2016-09-16 03:39 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-09-30 13:34 - 2016-09-16 03:39 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
2016-09-30 13:34 - 2016-09-16 03:38 - 01291264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2016-09-30 13:34 - 2016-09-16 03:38 - 00691200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-09-30 13:34 - 2016-09-16 03:38 - 00671232 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkCollectionAgent.dll
2016-09-30 13:34 - 2016-09-16 03:38 - 00573952 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrGidsHandler.dll
2016-09-30 13:34 - 2016-09-16 03:38 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFiDirect.dll
2016-09-30 13:34 - 2016-09-16 03:38 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SmartCards.Phone.dll
2016-09-30 13:34 - 2016-09-16 03:38 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-09-30 13:34 - 2016-09-16 03:38 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2016-09-30 13:34 - 2016-09-16 03:38 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SerialCommunication.dll
2016-09-30 13:34 - 2016-09-16 03:38 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2016-09-30 13:34 - 2016-09-16 03:37 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-09-30 13:34 - 2016-09-16 03:37 - 00568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.LowLevel.dll
2016-09-30 13:34 - 2016-09-16 03:37 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll
2016-09-30 13:34 - 2016-09-16 03:36 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsregcmd.exe
2016-09-30 13:34 - 2016-09-16 03:36 - 00648192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2016-09-30 13:34 - 2016-09-16 03:36 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-09-30 13:34 - 2016-09-16 03:36 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2016-09-30 13:34 - 2016-09-16 03:36 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2016-09-30 13:34 - 2016-09-16 03:36 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-09-30 13:34 - 2016-09-16 03:36 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupugc.exe
2016-09-30 13:34 - 2016-09-16 03:35 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataExchange.dll
2016-09-30 13:34 - 2016-09-16 03:35 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2016-09-30 13:34 - 2016-09-16 03:34 - 00441856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
2016-09-30 13:34 - 2016-09-16 03:34 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2016-09-30 13:34 - 2016-09-16 03:34 - 00284160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2016-09-30 13:34 - 2016-09-16 03:33 - 03753984 _____ (Microsoft Corporation) C:\WINDOWS\system32\bootux.dll
2016-09-30 13:34 - 2016-09-16 03:33 - 01004032 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-09-30 13:34 - 2016-09-16 03:33 - 00963584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebcamUi.dll
2016-09-30 13:34 - 2016-09-16 03:33 - 00512000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprapi.dll
2016-09-30 13:34 - 2016-09-16 03:32 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2016-09-30 13:34 - 2016-09-16 03:32 - 00634368 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2016-09-30 13:34 - 2016-09-16 03:31 - 01053184 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2016-09-30 13:34 - 2016-09-16 03:31 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2016-09-30 13:34 - 2016-09-16 03:30 - 01639424 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2016-09-30 13:34 - 2016-09-16 03:29 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2016-09-30 13:34 - 2016-09-16 03:29 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RelPost.exe
2016-09-30 13:34 - 2016-09-16 03:28 - 03288064 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2016-09-30 13:34 - 2016-09-16 03:28 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2016-09-30 13:34 - 2016-09-16 03:28 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2016-09-30 13:34 - 2016-09-16 03:27 - 02860032 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2016-09-30 13:34 - 2016-09-16 03:27 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-09-30 13:34 - 2016-09-16 03:27 - 00702976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2016-09-30 13:34 - 2016-09-16 03:26 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\system32\imapi2.dll
2016-09-30 13:34 - 2016-09-16 03:25 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2016-09-30 13:34 - 2016-09-16 03:25 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\BackgroundMediaPolicy.dll
2016-09-30 13:34 - 2016-09-16 03:23 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2016-09-30 13:34 - 2016-09-16 03:23 - 01361408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-09-30 13:34 - 2016-09-16 03:23 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2016-09-30 13:34 - 2016-09-16 03:23 - 00611328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.dll
2016-09-30 13:34 - 2016-09-16 03:23 - 00347648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2016-09-30 13:34 - 2016-09-16 03:22 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-09-30 13:34 - 2016-09-16 03:22 - 01709056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2016-09-30 13:34 - 2016-09-16 03:22 - 01643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-09-30 13:34 - 2016-09-16 03:22 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-09-30 13:34 - 2016-09-16 03:22 - 00376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
2016-09-30 13:34 - 2016-09-16 03:21 - 00971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-09-30 13:34 - 2016-09-16 03:21 - 00674304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-09-30 13:34 - 2016-09-16 03:20 - 02424320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Perception.dll
2016-09-30 13:34 - 2016-09-16 03:20 - 02095616 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-09-30 13:34 - 2016-09-16 03:20 - 01710080 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-09-30 13:34 - 2016-09-16 03:20 - 01275392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2016-09-30 13:34 - 2016-09-16 03:19 - 03202048 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2016-09-30 13:34 - 2016-09-16 03:19 - 00730112 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-09-30 13:34 - 2016-09-16 03:18 - 01369088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll
2016-09-30 13:34 - 2016-09-16 03:18 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-09-30 13:34 - 2016-09-16 03:17 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-09-30 13:34 - 2016-09-16 03:16 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-09-30 13:34 - 2016-09-16 03:16 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\spaceman.exe
2016-09-30 13:34 - 2016-08-06 14:34 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\smphost.dll
2016-09-30 13:34 - 2016-08-05 19:29 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.UXRes.dll
2016-09-30 13:33 - 2016-09-16 04:37 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-09-30 13:33 - 2016-09-16 04:37 - 00496872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2016-09-30 13:33 - 2016-09-16 04:29 - 00424640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ws2_32.dll
2016-09-30 13:33 - 2016-09-16 04:29 - 00169056 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2016-09-30 13:33 - 2016-09-16 04:29 - 00074080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpci.sys
2016-09-30 13:33 - 2016-09-16 04:27 - 01883784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-09-30 13:33 - 2016-09-16 04:27 - 00128352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-09-30 13:33 - 2016-09-16 04:25 - 00340320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-09-30 13:33 - 2016-09-16 04:25 - 00280472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdeunlock.exe
2016-09-30 13:33 - 2016-09-16 04:22 - 00433832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2016-09-30 13:33 - 2016-09-16 04:21 - 00272720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2016-09-30 13:33 - 2016-09-16 04:18 - 06654616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-09-30 13:33 - 2016-09-16 04:15 - 00557408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2016-09-30 13:33 - 2016-09-16 04:15 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-09-30 13:33 - 2016-09-16 04:14 - 01415752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2016-09-30 13:33 - 2016-09-16 04:14 - 00988512 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2016-09-30 13:33 - 2016-09-16 04:14 - 00947552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2016-09-30 13:33 - 2016-09-16 04:14 - 00811872 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2016-09-30 13:33 - 2016-09-16 04:14 - 00435040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-09-30 13:33 - 2016-09-16 04:12 - 01472536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-09-30 13:33 - 2016-09-16 04:11 - 01990640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-09-30 13:33 - 2016-09-16 04:11 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2016-09-30 13:33 - 2016-09-16 04:11 - 01066104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-09-30 13:33 - 2016-09-16 04:11 - 00862064 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2016-09-30 13:33 - 2016-09-16 04:11 - 00725664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2016-09-30 13:33 - 2016-09-16 04:11 - 00160096 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2016-09-30 13:33 - 2016-09-16 04:08 - 05683712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-09-30 13:33 - 2016-09-16 04:07 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-09-30 13:33 - 2016-09-16 04:07 - 01418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-09-30 13:33 - 2016-09-16 04:07 - 00128864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2016-09-30 13:33 - 2016-09-16 04:06 - 00372440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2016-09-30 13:33 - 2016-09-16 04:01 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Radios.dll
2016-09-30 13:33 - 2016-09-16 03:59 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unimdm.tsp
2016-09-30 13:33 - 2016-09-16 03:59 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinRtTracing.dll
2016-09-30 13:33 - 2016-09-16 03:58 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2016-09-30 13:33 - 2016-09-16 03:58 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2016-09-30 13:33 - 2016-09-16 03:58 - 00142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFi.dll
2016-09-30 13:33 - 2016-09-16 03:58 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.SerialCommunication.dll
2016-09-30 13:33 - 2016-09-16 03:57 - 00392192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.Input.dll
2016-09-30 13:33 - 2016-09-16 03:57 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.XboxLive.Storage.dll
2016-09-30 13:33 - 2016-09-16 03:57 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ClipboardServer.dll
2016-09-30 13:33 - 2016-09-16 03:56 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2016-09-30 13:33 - 2016-09-16 03:56 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Import.dll
2016-09-30 13:33 - 2016-09-16 03:56 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2016-09-30 13:33 - 2016-09-16 03:56 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Core.dll
2016-09-30 13:33 - 2016-09-16 03:55 - 00386048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFiDirect.dll
2016-09-30 13:33 - 2016-09-16 03:55 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2016-09-30 13:33 - 2016-09-16 03:55 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WwaApi.dll
2016-09-30 13:33 - 2016-09-16 03:55 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2016-09-30 13:33 - 2016-09-16 03:55 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupugc.exe
2016-09-30 13:33 - 2016-09-16 03:54 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-09-30 13:33 - 2016-09-16 03:54 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Picker.dll
2016-09-30 13:33 - 2016-09-16 03:53 - 00819200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll
2016-09-30 13:33 - 2016-09-16 03:52 - 00500224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll
2016-09-30 13:33 - 2016-09-16 03:52 - 00445952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprapi.dll
2016-09-30 13:33 - 2016-09-16 03:52 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2016-09-30 13:33 - 2016-09-16 03:51 - 00762368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprddm.dll
2016-09-30 13:33 - 2016-09-16 03:50 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pwrshplugin.dll
2016-09-30 13:33 - 2016-09-16 03:49 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dll
2016-09-30 13:33 - 2016-09-16 03:48 - 01320448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2016-09-30 13:33 - 2016-09-16 03:46 - 00795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MiracastReceiver.dll
2016-09-30 13:33 - 2016-09-16 03:46 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2016-09-30 13:33 - 2016-09-16 03:46 - 00343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2016-09-30 13:33 - 2016-09-16 03:45 - 02749440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2016-09-30 13:33 - 2016-09-16 03:45 - 00470016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2016-09-30 13:33 - 2016-09-16 03:44 - 02153984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2016-09-30 13:33 - 2016-09-16 03:44 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
2016-09-30 13:33 - 2016-09-16 03:44 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2016-09-30 13:33 - 2016-09-16 03:43 - 03520512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2016-09-30 13:33 - 2016-09-16 03:43 - 03196416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-09-30 13:33 - 2016-09-16 03:43 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToReceiver.dll
2016-09-30 13:33 - 2016-09-16 03:43 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-09-30 13:33 - 2016-09-16 03:43 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2016-09-30 13:33 - 2016-09-16 03:42 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BackgroundMediaPolicy.dll
2016-09-30 13:33 - 2016-09-16 03:41 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2016-09-30 13:33 - 2016-09-16 03:41 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Geolocation.dll
2016-09-30 13:33 - 2016-09-16 03:41 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\unimdm.tsp
2016-09-30 13:33 - 2016-09-16 03:40 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-09-30 13:33 - 2016-09-16 03:40 - 01656320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Perception.dll
2016-09-30 13:33 - 2016-09-16 03:40 - 01247232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2016-09-30 13:33 - 2016-09-16 03:40 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.XboxLive.Storage.dll
2016-09-30 13:33 - 2016-09-16 03:40 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2016-09-30 13:33 - 2016-09-16 03:40 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Background.SystemEventsBroker.dll
2016-09-30 13:33 - 2016-09-16 03:40 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-09-30 13:33 - 2016-09-16 03:39 - 01232384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll
2016-09-30 13:33 - 2016-09-16 03:39 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Phone.dll
2016-09-30 13:33 - 2016-09-16 03:39 - 01004544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2016-09-30 13:33 - 2016-09-16 03:38 - 00773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2016-09-30 13:33 - 2016-09-16 03:38 - 00620544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-09-30 13:33 - 2016-09-16 03:38 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmrdvcore.dll
2016-09-30 13:33 - 2016-09-16 03:38 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsvcext.dll
2016-09-30 13:33 - 2016-09-16 03:38 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2016-09-30 13:33 - 2016-09-16 03:37 - 01507840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.FaceAnalysis.dll
2016-09-30 13:33 - 2016-09-16 03:37 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SmartCards.dll
2016-09-30 13:33 - 2016-09-16 03:37 - 00296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlancfg.dll
2016-09-30 13:33 - 2016-09-16 03:37 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\biwinrt.dll
2016-09-30 13:33 - 2016-09-16 03:37 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-09-30 13:33 - 2016-09-16 03:36 - 00719360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2016-09-30 13:33 - 2016-09-16 03:36 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2016-09-30 13:33 - 2016-09-16 03:36 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-09-30 13:33 - 2016-09-16 03:36 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2016-09-30 13:33 - 2016-09-16 03:36 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-09-30 13:33 - 2016-09-16 03:36 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2016-09-30 13:33 - 2016-09-16 03:35 - 00645120 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-09-30 13:33 - 2016-09-16 03:35 - 00472064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2016-09-30 13:33 - 2016-09-16 03:35 - 00432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2016-09-30 13:33 - 2016-09-16 03:35 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SessEnv.dll
2016-09-30 13:33 - 2016-09-16 03:35 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\rshx32.dll
2016-09-30 13:33 - 2016-09-16 03:34 - 00642048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll
2016-09-30 13:33 - 2016-09-16 03:33 - 00966144 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbe.dll
2016-09-30 13:33 - 2016-09-16 03:33 - 00560128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2016-09-30 13:33 - 2016-09-16 03:31 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\pwrshplugin.dll
2016-09-30 13:33 - 2016-09-16 03:30 - 03776512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-09-30 13:33 - 2016-09-16 03:30 - 01403392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Editing.dll
2016-09-30 13:33 - 2016-09-16 03:30 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-09-30 13:33 - 2016-09-16 03:30 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Energy.dll
2016-09-30 13:33 - 2016-09-16 03:29 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2016-09-30 13:33 - 2016-09-16 03:28 - 00442368 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2016-09-30 13:33 - 2016-09-16 03:27 - 00796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2016-09-30 13:33 - 2016-09-16 03:27 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAC3ENC.DLL
2016-09-30 13:33 - 2016-09-16 03:25 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2016-09-30 13:33 - 2016-09-16 03:25 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-09-30 13:33 - 2016-09-16 03:24 - 04596224 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2016-09-30 13:33 - 2016-09-16 03:24 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2016-09-30 13:33 - 2016-09-16 03:24 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2016-09-30 13:33 - 2016-09-16 03:24 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Geolocation.dll
2016-09-30 13:33 - 2016-09-16 03:24 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2016-09-30 13:33 - 2016-09-16 03:23 - 01040896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NaturalLanguage6.dll
2016-09-30 13:33 - 2016-09-16 03:23 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Midi.dll
2016-09-30 13:33 - 2016-09-16 03:22 - 00857600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprddm.dll
2016-09-30 13:33 - 2016-09-16 03:20 - 00875520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-09-30 13:33 - 2016-09-16 03:19 - 01424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2016-09-30 13:33 - 2016-09-16 03:17 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2016-09-30 13:33 - 2016-09-16 03:16 - 00886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2016-09-30 13:33 - 2016-09-16 03:16 - 00531456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2016-09-30 13:33 - 2016-08-06 14:33 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smphost.dll
2016-09-28 14:23 - 2016-10-11 11:32 - 00003766 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-09-28 13:58 - 2016-10-04 09:05 - 00002278 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-28 13:56 - 2016-09-29 12:16 - 00000944 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-28 13:56 - 2016-09-29 12:16 - 00000940 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-28 13:56 - 2016-09-28 13:56 - 00004002 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-09-28 13:56 - 2016-09-28 13:56 - 00003770 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-09-22 20:46 - 2016-09-17 09:36 - 00134712 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2016-09-22 20:46 - 2016-09-10 05:25 - 00269600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2016-09-22 20:46 - 2016-09-10 05:25 - 00261920 _____ C:\WINDOWS\system32\vulkan-1.dll
2016-09-22 20:46 - 2016-09-10 05:25 - 00110880 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2016-09-22 20:46 - 2016-09-10 05:24 - 00125216 _____ C:\WINDOWS\system32\vulkaninfo.exe
2016-09-22 20:41 - 2016-09-17 11:45 - 40068544 _____ C:\WINDOWS\system32\nvcompiler.dll
2016-09-22 20:41 - 2016-09-17 11:45 - 35182648 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2016-09-22 20:41 - 2016-09-17 11:45 - 34849336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2016-09-22 20:41 - 2016-09-17 11:45 - 10868288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2016-09-22 20:41 - 2016-09-17 11:45 - 10753576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2016-09-22 20:41 - 2016-09-17 11:45 - 10294720 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2016-09-22 20:41 - 2016-09-17 11:45 - 09098352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2016-09-22 20:41 - 2016-09-17 11:45 - 08877480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2016-09-22 20:41 - 2016-09-17 11:45 - 08691848 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2016-09-22 20:41 - 2016-09-17 11:45 - 02912192 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2016-09-22 20:41 - 2016-09-17 11:45 - 02551352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2016-09-22 20:41 - 2016-09-17 11:45 - 01922616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437290.dll
2016-09-22 20:41 - 2016-09-17 11:45 - 01585088 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437290.dll
2016-09-22 20:41 - 2016-09-17 11:45 - 01019328 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2016-09-22 20:41 - 2016-09-17 11:45 - 00956864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2016-09-22 20:41 - 2016-09-17 11:45 - 00943672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2016-09-22 20:41 - 2016-09-17 11:45 - 00895032 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2016-09-22 20:41 - 2016-09-17 11:45 - 00802768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2016-09-22 20:41 - 2016-09-17 11:45 - 00688784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2016-09-22 20:41 - 2016-09-17 11:45 - 00643928 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2016-09-22 20:41 - 2016-09-17 11:45 - 00578240 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2016-09-22 20:41 - 2016-09-17 11:45 - 00439352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2016-09-22 20:41 - 2016-09-17 11:45 - 00394704 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2016-09-22 20:41 - 2016-09-17 11:45 - 00390200 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2016-09-22 20:41 - 2016-09-17 11:45 - 00386104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2016-09-22 20:41 - 2016-09-17 11:45 - 00348728 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2016-09-22 20:41 - 2016-09-17 11:45 - 00327408 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2016-09-22 19:34 - 2016-10-11 11:33 - 00001495 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2016-09-22 19:33 - 2016-10-11 11:33 - 00003954 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-09-22 19:33 - 2016-10-11 11:32 - 00004018 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-09-22 19:33 - 2016-10-11 11:32 - 00003990 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-09-22 19:33 - 2016-10-11 11:32 - 00003928 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-09-22 19:33 - 2016-10-11 11:32 - 00003724 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-09-22 19:33 - 2016-09-30 15:24 - 01842624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2016-09-22 19:33 - 2016-09-30 15:24 - 01755072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2016-09-22 19:33 - 2016-09-30 15:24 - 01444288 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2016-09-22 19:33 - 2016-09-30 15:24 - 01317312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2016-09-22 19:33 - 2016-09-30 15:24 - 00120256 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2016-09-22 19:33 - 2016-09-30 06:27 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2016-09-22 19:33 - 2016-09-22 19:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-09-20 12:32 - 2016-09-20 12:32 - 00221043 _____ C:\Users\Andrew Hoyland\Desktop\Andrew Hoyland Resume.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-20 14:13 - 2014-11-17 21:33 - 00000000 ____D C:\Users\Andrew Hoyland\AppData\Local\CrashDumps
2016-10-20 14:11 - 2016-08-20 14:13 - 00000000 ____D C:\ProgramData\NVIDIA
2016-10-20 14:10 - 2016-08-20 14:31 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2016-10-20 14:10 - 2016-08-20 14:31 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2016-10-20 14:10 - 2013-05-17 23:45 - 00000000 ____D C:\Program Files (x86)\AlienRespawn
2016-10-20 14:09 - 2016-08-20 14:43 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-10-20 14:09 - 2016-07-16 17:04 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2016-10-20 14:09 - 2015-08-15 16:07 - 00153072 ____N (CyberLink Corp.) C:\WINDOWS\system32\Drivers\rikvm_9EC60124.sys
2016-10-20 14:08 - 2016-06-27 14:52 - 00000000 ____D C:\AdwCleaner
2016-10-20 14:07 - 2016-06-27 14:52 - 00000000 ____D C:\ProgramData\Lavasoft
2016-10-20 11:31 - 2014-04-23 15:02 - 00000000 ____D C:\Program Files (x86)\Steam
2016-10-20 11:23 - 2016-07-16 22:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-10-20 11:23 - 2015-09-05 13:56 - 00000000 ____D C:\Users\Andrew Hoyland\AppData\Local\ElevatedDiagnostics
2016-10-20 08:06 - 2014-07-18 22:37 - 00000000 ____D C:\Users\Andrew Hoyland\AppData\Local\Adobe
2016-10-19 23:11 - 2016-08-20 14:11 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-10-19 22:29 - 2016-06-28 10:24 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-10-19 21:36 - 2016-06-27 15:17 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-10-19 21:32 - 2016-06-27 15:16 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-10-19 21:10 - 2014-12-11 19:32 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2016-10-19 20:56 - 2016-06-27 15:03 - 00000000 ____D C:\TDSSKiller_Quarantine
2016-10-19 20:27 - 2016-07-16 22:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-10-19 20:04 - 2015-08-15 16:21 - 00000000 ____D C:\Users\Andrew Hoyland\AppData\Local\Packages
2016-10-19 19:59 - 2016-08-20 14:22 - 01608804 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-10-19 19:52 - 2016-08-20 14:11 - 05033392 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-10-19 19:51 - 2016-08-20 14:22 - 00000000 ____D C:\Users\Andrew Hoyland
2016-10-19 15:59 - 2016-07-16 22:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-10-19 07:50 - 2016-07-16 22:45 - 00000000 ____D C:\WINDOWS\INF
2016-10-19 07:46 - 2016-07-16 22:47 - 00000000 ___RD C:\WINDOWS\MiracastView
2016-10-18 20:17 - 2016-01-29 12:44 - 00000000 ____D C:\ProgramData\BSD
2016-10-18 19:15 - 2015-09-05 22:32 - 00000000 ___RD C:\Users\Andrew Hoyland\Creative Cloud Files
2016-10-18 19:15 - 2014-04-24 16:05 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-10-18 19:15 - 2014-04-21 15:36 - 00000000 ____D C:\Users\Andrew Hoyland\AppData\Roaming\Adobe
2016-10-18 19:15 - 2014-04-21 13:19 - 00000000 ____D C:\Users\Andrew Hoyland\Documents\Andrew
2016-10-18 18:54 - 2014-04-23 19:06 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-10-18 18:35 - 2015-06-02 20:33 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-10-18 18:31 - 2014-04-21 14:52 - 00000000 ____D C:\ProgramData\Package Cache
2016-10-18 18:30 - 2014-04-21 14:21 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-10-18 12:25 - 2016-07-16 22:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-10-17 22:29 - 2016-06-05 22:35 - 00000000 ____D C:\Users\Andrew Hoyland\Desktop\Piano
2016-10-15 00:15 - 2014-04-21 17:24 - 00000000 ____D C:\Users\Andrew Hoyland\AppData\Roaming\Skype
2016-10-13 18:40 - 2016-07-16 22:47 - 00000000 ____D C:\WINDOWS\rescache
2016-10-13 13:00 - 2015-08-15 16:21 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-10-13 12:52 - 2015-08-03 12:42 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-10-13 12:51 - 2014-05-03 23:08 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-10-13 12:51 - 2014-05-03 23:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-10-13 01:23 - 2016-07-16 22:47 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2016-10-13 01:23 - 2016-07-16 22:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-10-13 01:23 - 2016-07-16 22:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-10-13 01:23 - 2016-07-16 22:47 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-10-13 01:23 - 2016-07-16 22:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-10-13 01:23 - 2016-07-16 22:47 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-10-13 01:23 - 2016-07-16 22:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-10-12 22:49 - 2016-08-20 14:43 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-10-12 22:49 - 2015-11-02 22:48 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-10-12 12:56 - 2016-07-16 22:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-10-12 12:56 - 2016-07-16 22:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-10-12 10:17 - 2014-04-21 13:39 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-10-12 10:08 - 2014-04-21 13:39 - 143495576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-10-12 10:07 - 2014-05-03 23:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-10-12 08:47 - 2016-07-16 22:43 - 00783360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2016-10-12 08:47 - 2016-07-16 22:42 - 00177664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2016-10-11 14:01 - 2014-05-11 10:09 - 00000000 ____D C:\Users\Andrew Hoyland\AppData\Local\Ubisoft Game Launcher
2016-10-11 11:33 - 2016-08-20 14:13 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-10-11 11:32 - 2016-08-20 14:13 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-10-11 11:32 - 2013-05-18 01:17 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-10-10 17:24 - 2014-04-21 12:58 - 00000000 ____D C:\Users\Andrew Hoyland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2016-10-04 07:09 - 2016-07-16 22:49 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-10-04 07:09 - 2016-07-16 22:49 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-10-03 15:45 - 2014-07-27 21:47 - 00000000 ____D C:\Users\Andrew Hoyland\AppData\Roaming\BitTorrent
2016-10-01 00:09 - 2016-07-16 22:47 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2016-10-01 00:09 - 2016-07-16 22:47 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-10-01 00:09 - 2016-07-16 22:47 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2016-10-01 00:09 - 2016-07-16 22:47 - 00000000 ____D C:\WINDOWS\system32\setup
2016-10-01 00:09 - 2016-07-16 22:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-10-01 00:09 - 2016-07-16 22:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-10-01 00:09 - 2016-07-16 17:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-10-01 00:09 - 2016-07-16 17:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-10-01 00:09 - 2016-07-16 17:04 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-10-01 00:08 - 2016-07-16 22:47 - 00000000 ____D C:\WINDOWS\Provisioning
2016-10-01 00:08 - 2016-07-16 22:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-09-30 12:42 - 2016-08-22 14:30 - 00000366 _____ C:\Users\Andrew Hoyland\Desktop\Internet.txt
2016-09-29 15:21 - 2014-04-21 12:33 - 00000000 ____D C:\Users\Andrew Hoyland\AppData\Local\NVIDIA Corporation
2016-09-28 13:58 - 2014-04-21 12:10 - 00000000 ____D C:\Users\Andrew Hoyland\AppData\Local\Google
2016-09-28 13:58 - 2014-04-21 12:10 - 00000000 ____D C:\Program Files (x86)\Google
2016-09-22 20:47 - 2013-05-17 23:46 - 00000000 ____D C:\Temp
2016-09-22 20:46 - 2016-03-08 12:57 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-09-22 19:33 - 2014-04-21 12:33 - 00000000 ____D C:\Users\Andrew Hoyland\AppData\Local\NVIDIA

==================== Files in the root of some directories =======

2014-05-10 14:44 - 2014-05-10 14:44 - 0000132 _____ () C:\Users\Andrew Hoyland\AppData\Roaming\Adobe PNG Format CC Prefs
2014-10-10 16:46 - 2014-10-10 16:46 - 0001181 _____ () C:\Users\Andrew Hoyland\AppData\Roaming\trace_FilterInstaller.1.txt
2014-10-10 16:46 - 2014-11-23 17:40 - 0000919 _____ () C:\Users\Andrew Hoyland\AppData\Roaming\trace_FilterInstaller.txt
2014-10-10 16:46 - 2014-11-23 17:40 - 0000000 _____ () C:\Users\Andrew Hoyland\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2015-08-15 12:59 - 2016-03-26 21:27 - 0007602 _____ () C:\Users\Andrew Hoyland\AppData\Local\Resmon.ResmonCfg
2014-04-21 13:54 - 2014-04-21 13:54 - 1223188 _____ () C:\ProgramData\1398046620.bdinstall.bin
2014-04-21 14:15 - 2014-04-21 14:15 - 0040805 _____ () C:\ProgramData\1398050113.bdinstall.bin
2014-07-10 19:32 - 2014-07-10 19:32 - 0258214 _____ () C:\ProgramData\1404981083.bdinstall.bin
2016-06-28 12:29 - 2016-06-28 12:29 - 0226068 _____ () C:\ProgramData\1467077169.bdinstall.bin

Some files in TEMP:
====================
C:\Users\Andrew Hoyland\AppData\Local\Temp\libeay32.dll
C:\Users\Andrew Hoyland\AppData\Local\Temp\msvcr120.dll
C:\Users\Andrew Hoyland\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Andrew Hoyland\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Andrew Hoyland\AppData\Local\Temp\nvStInst.exe
C:\Users\Andrew Hoyland\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Andrew Hoyland\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-10-14 15:50

==================== End of FRST.txt ============================

Thank you so much for your time!
Apologies again for the broken-up replies
almond_stash is offline  
Old 10-20-2016, 03:28 PM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello almond_stash. You're welcome.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

https://windows.microsoft.com/en-us/w...-up-your-files

------------------------------------------------------

CCleaner

We do not recommend the use of registry cleaners, or the registry cleaner feature of CCleaner. Our colleague miekiemoes has an excellent writeup here

------------------------------------------------------

I see you have P2P software ( BitTorrent ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

A reference for the risk of these programs is here and here

I would strongly recommend that you uninstall it. You can do so via Programs and Features(right-click the Windows "logo" button > Programs and Features).

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    CustomCLSID: HKU\S-1-5-21-3497426211-1140279176-3504571802-1003_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-71FB846151F4}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
    Task: {024C8018-75E8-4795-ABA3-AF87BF0E22F9} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {1F11B4F0-8FDE-4832-B8A8-0067CB4514F9} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {282B8883-84C7-4737-B672-EC2227666ECA} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {47066EE0-EFE7-4368-8FD4-A7F40392B1BA} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {4A1163C4-4099-4BF9-BFB8-39B3C7E8FD28} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {4FF806D8-9B57-4245-8D59-3F77E313DCB3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {553F9F92-E60E-47EB-8337-3468CACC2348} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {8776EB75-E8CA-422B-B65C-FD6792221E53} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {8B56760D-2764-4D7F-B272-BE1D5545D1D4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {8D6042BE-05D0-40F9-8AED-AA460359E444} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
    Task: {A3EEED6D-28DA-4B1D-AFB3-95DDA3A11A62} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {E5D80AFC-7F80-4D35-9281-8FEDA9A5DAD1} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    AlternateDataStreams: C:\Users\Andrew Hoyland\Desktop\rkill.exe:BDU [0]
    AlternateDataStreams: C:\Users\Andrew Hoyland\Documents\rkill.exe:BDU [0]
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    SearchScopes: HKU\S-1-5-21-3497426211-1140279176-3504571802-1003 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
    FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [No File]
    FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll [No File]
    FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [No File]
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
    CHR StartupUrls: Default -> "hxxp://mysearch.avg.com?cid={D469A95B-849E-46DC-8F12-C12F0F4E2CC3}&mid=8d5169c3f7d347d2b2a0b17f9b57aec2-7ac0edc46c9c23446e8bbd472873265d52d5bd07&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-04-13 21:46:49&v=18.0.5.292&pid=safeguard&sg=&sap=hp"
    CHR HKU\S-1-5-21-3497426211-1140279176-3504571802-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fkkcgfbgohboipdhliafmacjnhjbhmim] - hxxps://clients2.google.com/service/update2/crx
    U3 idsvc; no ImagePath
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-20-2016, 06:16 PM   #7
Registered Member
 
Join Date: Oct 2016
Posts: 12
OS: Windows 10



I understand that this might be a lengthy process, and haven't taken any further steps to fix the Issue.

Thank you for the advice on CCleaner and BitTorrent; I have uninstalled both.

Here is my fixlog.txt:

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-10-2016
Ran by Andrew Hoyland (21-10-2016 11:57:52) Run:1
Running from C:\Users\Andrew Hoyland\Downloads
Loaded Profiles: Andrew Hoyland (Available Profiles: Andrew Hoyland)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
CustomCLSID: HKU\S-1-5-21-3497426211-1140279176-3504571802-1003_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-71FB846151F4}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
Task: {024C8018-75E8-4795-ABA3-AF87BF0E22F9} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {1F11B4F0-8FDE-4832-B8A8-0067CB4514F9} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {282B8883-84C7-4737-B672-EC2227666ECA} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {47066EE0-EFE7-4368-8FD4-A7F40392B1BA} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {4A1163C4-4099-4BF9-BFB8-39B3C7E8FD28} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {4FF806D8-9B57-4245-8D59-3F77E313DCB3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {553F9F92-E60E-47EB-8337-3468CACC2348} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {8776EB75-E8CA-422B-B65C-FD6792221E53} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {8B56760D-2764-4D7F-B272-BE1D5545D1D4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {8D6042BE-05D0-40F9-8AED-AA460359E444} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {A3EEED6D-28DA-4B1D-AFB3-95DDA3A11A62} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {E5D80AFC-7F80-4D35-9281-8FEDA9A5DAD1} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\Andrew Hoyland\Desktop\rkill.exe:BDU [0]
AlternateDataStreams: C:\Users\Andrew Hoyland\Documents\rkill.exe:BDU [0]
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-3497426211-1140279176-3504571802-1003 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
CHR StartupUrls: Default -> "hxxp://mysearch.avg.com?cid={D469A95B-849E-46DC-8F12-C12F0F4E2CC3}&mid=8d5169c3f7d347d2b2a0b17f9b57aec2-7ac0edc46c9c23446e8bbd472873265d52d5bd07&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-04-13 21:46:49&v=18.0.5.292&pid=safeguard&sg=&sap=hp"
CHR HKU\S-1-5-21-3497426211-1140279176-3504571802-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fkkcgfbgohboipdhliafmacjnhjbhmim] - hxxps://clients2.google.com/service/update2/crx
U3 idsvc; no ImagePath
EmptyTemp:
end
*****************

Restore point was successfully created.
"HKU\S-1-5-21-3497426211-1140279176-3504571802-1003_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-71FB846151F4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{024C8018-75E8-4795-ABA3-AF87BF0E22F9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{024C8018-75E8-4795-ABA3-AF87BF0E22F9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1F11B4F0-8FDE-4832-B8A8-0067CB4514F9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F11B4F0-8FDE-4832-B8A8-0067CB4514F9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{282B8883-84C7-4737-B672-EC2227666ECA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{282B8883-84C7-4737-B672-EC2227666ECA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{47066EE0-EFE7-4368-8FD4-A7F40392B1BA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47066EE0-EFE7-4368-8FD4-A7F40392B1BA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4A1163C4-4099-4BF9-BFB8-39B3C7E8FD28}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4A1163C4-4099-4BF9-BFB8-39B3C7E8FD28}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4FF806D8-9B57-4245-8D59-3F77E313DCB3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4FF806D8-9B57-4245-8D59-3F77E313DCB3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{553F9F92-E60E-47EB-8337-3468CACC2348}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{553F9F92-E60E-47EB-8337-3468CACC2348}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8776EB75-E8CA-422B-B65C-FD6792221E53}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8776EB75-E8CA-422B-B65C-FD6792221E53}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8B56760D-2764-4D7F-B272-BE1D5545D1D4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B56760D-2764-4D7F-B272-BE1D5545D1D4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8D6042BE-05D0-40F9-8AED-AA460359E444}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8D6042BE-05D0-40F9-8AED-AA460359E444}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A3EEED6D-28DA-4B1D-AFB3-95DDA3A11A62}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A3EEED6D-28DA-4B1D-AFB3-95DDA3A11A62}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E5D80AFC-7F80-4D35-9281-8FEDA9A5DAD1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E5D80AFC-7F80-4D35-9281-8FEDA9A5DAD1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
C:\Users\Andrew Hoyland\Desktop\rkill.exe => ":BDU" ADS removed successfully.
C:\Users\Andrew Hoyland\Documents\rkill.exe => ":BDU" ADS removed successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKU\S-1-5-21-3497426211-1140279176-3504571802-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => key removed successfully
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found.
"HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.5.1" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@esn/npbattlelog,version=2.3.2" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@esn/npbattlelog,version=2.5.1" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922" => key removed successfully
Chrome StartupUrls => removed successfully
"HKU\S-1-5-21-3497426211-1140279176-3504571802-1003\SOFTWARE\Google\Chrome\Extensions\fkkcgfbgohboipdhliafmacjnhjbhmim" => key removed successfully
idsvc => service removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 37794000 B
Java, Flash, Steam htmlcache => 411097236 B
Windows/system/drivers => 29976278 B
Edge => 8094875 B
Chrome => 842587204 B
Firefox => 367969472 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 6156 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 150772 B
NetworkService => 160582 B
Andrew Hoyland => 528867465 B

RecycleBin => 843096059 B
EmptyTemp: => 2.9 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 12:09:16 ====
almond_stash is offline  
Old 10-21-2016, 12:13 PM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, almond_stash. Are you still experiencing the same issues you first reported?

I'm not seeing anything else in the logs.

------------------------------------------------------

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the Internet Services option remains checked.
  • Check all the other boxes.
  • Click Scan.
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log in your next reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-21-2016, 04:09 PM   #9
Registered Member
 
Join Date: Oct 2016
Posts: 12
OS: Windows 10



Yes, I'm still experiencing the issue. My taskbar is inaccesible and I do not have permission to view image and video files.

Here are the logs:

Farbar Service Scanner Version: 27-01-2016
Ran by Andrew Hoyland (administrator) on 22-10-2016 at 1000
Running from "C:\Users\Andrew Hoyland\Downloads"
Microsoft Windows 10 Home (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
almond_stash is offline  
Old 10-21-2016, 08:48 PM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Did this happen all of a sudden with no reason, or did you do something just before this started?
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-22-2016, 12:15 AM   #11
Registered Member
 
Join Date: Oct 2016
Posts: 12
OS: Windows 10



I was trying out an adobe crack for a friend because I'd done it before. Silly, I know, but that's why I suspected a rootkit/trojan.
almond_stash is offline  
Old 10-22-2016, 05:55 PM   #12
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, almond_stash.
  • Launch Malwarebytes' Anti-Malware
  • On the Dashboard, click the Scan Now button.
  • A check for database updates will be performed.
  • After the update check completes, a Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs
  • Double-click on the Scan Log which shows the Date and Time of the scan just performed.
  • Click Export
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Post that saved log in your next reply.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Go here and click 'SCAN NOW' under 'ESET Online Scanner' to check for remnants.
  • You will be prompted to download and install esetonlinescanner_enu.exe. Click on the link and save the file to a convenient location.
  • Double-click on esetonlinescanner_enu.exe to install and a new window will open. Follow the prompts.
  • Turn off the real-time scanner of any existing antivirus program before performing the online scan. Here's how
  • At the bottom of the Terms of use window, tick the option Download latest version of ESET Online Scanner then click Accept
  • When/if prompted by UAC, 'Do you want to allow this app to make changes to your PC?', please choose Yes
  • Tick the option Enable detection of potentially unwanted applications
  • Click on Advanced settings
  • Make sure that the option Clean threats automatically is unticked.
  • Ensure these options are ticked:
    • Enable detection of potentially unsafe applications
    • Enable detection of suspicious applications
    • Scan archives
    • Enable Anti-Stealth technology
  • Click Scan
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says Threats found, click Save to text file... then name it and save it to your desktop.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Please copy/paste the contents of the log in your next reply.
  • To close ESET Online Scanner, select Do not clean then Finish
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-24-2016, 05:43 AM   #13
Registered Member
 
Join Date: Oct 2016
Posts: 12
OS: Windows 10



Malwarebytes Anti-Malware
www.malwarebytes.org


Update, 10/23/2016 6:37 PM, SYSTEM, MININT-S3JC059, Manual, IP Database, 2016.10.18.1, 2016.10.21.1,
Update, 10/23/2016 6:37 PM, SYSTEM, MININT-S3JC059, Manual, Domain Database, 2016.10.18.5, 2016.10.21.7,
Update, 10/23/2016 6:38 PM, SYSTEM, MININT-S3JC059, Manual, Malware Database, 2016.10.19.4, 2016.10.23.1,
Scan, 10/23/2016 7:17 PM, SYSTEM, MININT-S3JC059, Manual, Start:10/23/2016 6:38 PM, Duration:39 min 18 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,

(end)



ESET LOG: (Note: The "Download latest version of ESET Online Scanner" was not at the bottom of "terms of use", however, virus signature databases were updated.)

The ESET Cleaner did not complete scans, despite many attempts and upgrading to a newer version. This seems to be a common issue that has not been resolved by the developers yet. Pictures included.
Attached Thumbnails
Click image for larger version

Name:	ESET Working.png
Views:	48
Size:	99.7 KB
ID:	295033   Click image for larger version

Name:	ESET Not Working.png
Views:	58
Size:	94.3 KB
ID:	295041  
almond_stash is offline  
Old 10-24-2016, 08:48 PM   #14
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, almond_stash. Yes, we've been having problems with ESET completing on Win10 systems.

Can you stop ESET and save a log before it stalls and see what 3 files it detects?

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-24-2016, 09:23 PM   #15
Registered Member
 
Join Date: Oct 2016
Posts: 12
OS: Windows 10



These are the 3 files detected:

C:\Program Files (x86)\AlienRespawn\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
C:\Program Files (x86)\Cheat Engine 6.4\standalonephase1.dat a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application
almond_stash is offline  
Old 10-25-2016, 07:14 PM   #16
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, almond_stash. Those 3 ESET finds are just PUAs(potentially unsafe applications). They wouldn't cause the problems you are experiencing.

If MBAM isn't detecting anything either, it doesn't appear that your problems are due to malware.

Have you considered restoring to an earlier system restore point? You have a restore point back to 10/10/16. Did you problem start after that?

Have you considered resetting your PC? You can keep your files and just reinstall Windows10.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-26-2016, 02:02 AM   #17
Registered Member
 
Join Date: Oct 2016
Posts: 12
OS: Windows 10



Would you know where I can locate that backup? Windows says I have no restore points or recovery media avaliable.

I upgraded to windows 10 as a free upgrade from windows 7. Would this mean that if i were to reset my pc that I would go back to windows 7?
almond_stash is offline  
Old 10-26-2016, 06:29 PM   #18
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



ello again, almond_stash.

No, once you upgrade to Win10 you can't go back to Win7 after I think 30 days. So it would just reinstall Win10.

Your last Addition.txt listed these restore points:

Quote:
10-10-2016 16:11:28 Scheduled Checkpoint
17-10-2016 19:30:50 Scheduled Checkpoint
Right-click the Start button > System > System Protection > System Restore... > Next

It doesn't list any restore points?

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-29-2016, 09:08 PM   #19
Registered Member
 
Join Date: Oct 2016
Posts: 12
OS: Windows 10



Unfortunately it doesn't list that as an avaliable backup, so I'm going to restore my system. I will report back here after the process is complete.
almond_stash is offline  
Old 10-30-2016, 01:09 AM   #20
Registered Member
 
Join Date: Oct 2016
Posts: 12
OS: Windows 10



The system reset has fixed the issue. Thank you so much for your time and patience :)
almond_stash is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
I my laptop also infected with a backdoor trojan/rootkit?
Hello, I have a desktop infected with a backdoor trojan/rootkit. A TSF tech is already helping me with the desktop. My problem is that I need to use my laptop to effect the some of the steps required and I'm not confident that it's not also infected. Could you please look at the scans results...
tuto Resolved HJT Threads 9 07-31-2014 12:10 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 08:04 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts