Help with slow xomputer

sandra · November 6, 2016

Help to make this computer run faster !!

sandra · November 6, 2016

Howdy Sandra and welcome to BestTechie !!!

My name is flashh4 (Chuck) and i will be assisting you with the cleaning of your computer.

Run these 1 at a time & post each log as you get it ! Work them as your time permits you to !!

If you don't understand something, please don't hesitate to ask for clarification before proceeding !!! You can PM me if you need to !!

Perform all actions in the order given.

Please stay with us until we give you the "All Clean Speech"! Just because the problem has stopped it may still need some clean-up !

Do Not Remove anything or run any tools/programs until advised to do so !

Please note that all instructions given are customized for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.

===================================

AdwCleaner

Please download https://toolslib.net/downloads/viewdownload/1-adwcleaner/ by Xplode onto your desktop.
Double click on AdwCleaner.exe to run the tool again.
Windows XP : Double click on the icon to run it.

Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

    *Click on the Scan button.
    *AdwCleaner will begin to scan your computer like it did before.
    *After the scan has finished .......

    This time, click on the "Clean" button.

    *Press OK when asked to close all programs and follow the onscreen prompts.
    *Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    *After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
    *Copy and paste the contents of that logfile in your next reply.
    *A copy of that logfile will also be saved in the C:\AdwCleaner folder.

Shut down your protection software now to avoid potential conflicts.

    * Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    * The tool will open and start scanning your system.
    * Please be patient as this can take a while to complete depending on your system's specifications.
    * On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    * Post the contents of JRT.txt into your next reply !

Re-Boot your computer now !!

    Download the free version Malwarebytes' Anti-Malware (save it to your desktop). >>> https://www.malwarebytes.org/antimalware/

      * Windows XP : Double click on the icon to run it.
      * Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

* On the Dashboard click on Update Now
* Go to the Setting Tab
* Under Setting go to Detection and Protection
* Under PUP and PUM make sure both are set to show Treat Detections as Malware
* Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
* Then on the Dashboard click on Scan
* Make sure to select THREAT SCAN
* Then click on Scan

When the scan is finished on the bottom right click on SAVE RESULTS then select Copy to Clipboard
Please paste the log back into this thread for review
Exit Malwarebytes

sandra · November 6, 2016

Chuck here is the Adwcleaner log !!

# AdwCleaner v6.030 - Logfile created 06/11/2016 at 10:30:03
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-11-05.1 [Server]
# Operating System : Windows 10 Home (X64)
# Username : Sandra - SANDRA-PC
# Running from : C:\Users\Sandra\Downloads\adwcleaner_6.030.exe
# Mode: Clean
# Support : hxxps://www.malwarebytes.com/support

***** [ Services ] *****

[-] Service deleted: CouponPrinterService
[-] Service deleted: BeFrugal.com Service

***** [ Folders ] *****

[-] Folder deleted: C:\Users\Sandra\AppData\Local\Programs\BeFrugal.com
[-] Folder deleted: C:\Users\Sandra\AppData\LocalLow\iac
[#] Folder deleted on reboot: C:\Users\Sandra\AppData\LocalLow\IAC
[-] Folder deleted: C:\Users\Sandra\AppData\Roaming\ShopAtHome
[-] Folder deleted: C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iWin.com Games
[-] Folder deleted: C:\Users\Sandra\AppData\Local\VirtualStore\Program Files (x86)\iWin.com Games
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iWin.com Games
[-] Folder deleted: C:\Program Files (x86)\Coupons
[-] Folder deleted: C:\Program Files (x86)\iWin.com Games
[-] Folder deleted: C:\Program Files (x86)\Common Files\BeFrugal.com
[-] Folder deleted: C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk

***** [ Files ] *****

[-] File deleted: C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mallpejgeafdahhflmliiahjdpgbegpk_0.localstorage
[-] File deleted: C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mallpejgeafdahhflmliiahjdpgbegpk_0.localstorage-journal

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

[-] Task deleted: BeFrugal.com Toolbar

***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1be14fe1-3175-4324-a77b-33fe5cb7a6ed}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6818868a-1b3d-4e35-a561-fa964a96cd3b}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{79e57afa-bc05-4636-9457-fbc0abb3576b}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9193e23b-4182-493f-a38e-682307a7c463}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{b5ccb33f-6c0a-418a-8af1-10c35bbd579a}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{bf75b5a2-8403-4f70-88a6-488e3bea0d7b}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e1f80eb5-8af4-410d-87c1-4f3e2776822a}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e2784e68-21fd-4e31-a59a-9189676cfe64}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f5bfad3a-d783-4ad7-98aa-d8f082626f8d}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fc65300a-dc43-4d86-b153-e59cf6e74216}
[-] Key deleted: HKU\S-1-5-21-2577339454-2355841015-3053957489-1000\Software\Classes\ShopAtHomeHelper.CookiesManager
[-] Key deleted: HKU\S-1-5-21-2577339454-2355841015-3053957489-1000\Software\Classes\ShopAtHomeHelper.CookiesManager.1
[-] Key deleted: HKU\S-1-5-21-2577339454-2355841015-3053957489-1000\Software\Classes\ShopAtHomeHelper.hxxpHandle302
[-] Key deleted: HKU\S-1-5-21-2577339454-2355841015-3053957489-1000\Software\Classes\ShopAtHomeHelper.hxxpHandle302.1
[-] Key deleted: HKU\S-1-5-21-2577339454-2355841015-3053957489-1000\Software\Classes\ShopAtHomeHelper.PostUrlWorker
[-] Key deleted: HKU\S-1-5-21-2577339454-2355841015-3053957489-1000\Software\Classes\ShopAtHomeHelper.PostUrlWorker.1
[#] Key deleted on reboot: HKCU\Software\Classes\ShopAtHomeHelper.CookiesManager
[#] Key deleted on reboot: HKCU\Software\Classes\ShopAtHomeHelper.CookiesManager.1
[#] Key deleted on reboot: HKCU\Software\Classes\ShopAtHomeHelper.hxxpHandle302
[#] Key deleted on reboot: HKCU\Software\Classes\ShopAtHomeHelper.hxxpHandle302.1
[#] Key deleted on reboot: HKCU\Software\Classes\ShopAtHomeHelper.PostUrlWorker
[#] Key deleted on reboot: HKCU\Software\Classes\ShopAtHomeHelper.PostUrlWorker.1
[-] Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
[-] Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\ShopAtHomeHelper.CookiesManager
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\ShopAtHomeHelper.CookiesManager.1
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\ShopAtHomeHelper.hxxpHandle302
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\ShopAtHomeHelper.hxxpHandle302.1
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\ShopAtHomeHelper.PostUrlWorker
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\ShopAtHomeHelper.PostUrlWorker.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Key deleted: HKU\S-1-5-21-2577339454-2355841015-3053957489-1000\Software\Classes\TypeLib\{B944FF5E-EC87-4E1E-8C49-2FF3BC573997}
[-] Key deleted: HKCU\Software\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
[-] Key deleted: HKCU\Software\Classes\CLSID\{08613A51-6E3E-43CC-9ECF-DD58B5837341}
[-] Key deleted: HKCU\Software\Classes\CLSID\{153EDC41-A2CC-4BEB-9EC8-008242389E50}
[-] Key deleted: HKCU\Software\Classes\CLSID\{188028B8-D91D-4BE2-BABA-68E32BDE4420}
[-] Key deleted: HKCU\Software\Classes\CLSID\{28E74F15-18C2-465E-B545-6CC738121C68}
[-] Key deleted: HKCU\Software\Classes\CLSID\{2BF6042B-B9B1-46D9-A3F8-9C987FADD4C6}
[-] Key deleted: HKCU\Software\Classes\CLSID\{40A222E2-93B1-45F9-9B07-0D1160A31A6C}
[-] Key deleted: HKCU\Software\Classes\CLSID\{6325A84C-E746-4007-A9C5-E4C1A50ED61F}
[-] Key deleted: HKCU\Software\Classes\CLSID\{9BCA87A0-5B8F-4500-A5AF-EA1279714FDF}
[-] Key deleted: HKCU\Software\Classes\CLSID\{BB17DE65-B548-48C2-AC73-1FD1996C7261}
[-] Key deleted: HKCU\Software\Classes\CLSID\{C77D3EEF-FDCA-4D37-B0D2-5FF650E07825}
[-] Key deleted: HKCU\Software\Classes\CLSID\{EA70EB31-CBAD-4862-AFDA-DCFCC32722ED}
[-] Key deleted: HKCU\Software\Classes\CLSID\{EC9100F8-5918-4F1B-9CC1-4D34A64E0FE0}
[-] Key deleted: HKCU\Software\Classes\CLSID\{F1A1ABE3-F454-4DD9-B520-01F2EEC5F0DD}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{2335A057-CBA6-40F6-A712-C6A7C98F7813}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{5BA2C4EE-42EF-4E2D-88BE-7271AE4E35B7}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{81DBD99D-8D37-439A-A705-6A6504261E26}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{83571411-ED91-467A-A172-CEC63A645ED4}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{F8534A9F-4F29-4FDC-9CD9-023ACF0EF9B9}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{6E673599-659A-439E-837D-A0931AFA3A7F}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{84654D5D-611C-41C9-BBA1-BEB77502F633}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{AB50591C-2474-4890-9D06-518D415ADA7C}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{B2793774-A9B9-43FB-94F8-EC94BF3E6BC2}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{EF6A3723-635E-4905-A0F8-5FAC26932330}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[#] Key deleted on reboot: HKCU\Software\Classes\TypeLib\{B944FF5E-EC87-4E1E-8C49-2FF3BC573997}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{B04A9E6A-C9C5-4A2F-ADF9-B69BAC127A14}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{2A05A54D-0614-4EA3-B955-8814E45DCD83}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{9250F6C1-0B7F-4D0A-A55A-44876D353DCF}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{93AB986F-51E4-4188-8CE2-B6E03E004943}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2335A057-CBA6-40F6-A712-C6A7C98F7813}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2335A057-CBA6-40F6-A712-C6A7C98F7813}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5BA2C4EE-42EF-4E2D-88BE-7271AE4E35B7}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2335A057-CBA6-40F6-A712-C6A7C98F7813}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5BA2C4EE-42EF-4E2D-88BE-7271AE4E35B7}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{5BA2C4EE-42EF-4E2D-88BE-7271AE4E35B7}]
[-] Key deleted: HKU\S-1-5-21-2577339454-2355841015-3053957489-1000\Software\BEFRUGAL
[-] Key deleted: HKU\S-1-5-21-2577339454-2355841015-3053957489-1000\Software\ShopAtHome.com
[-] Key deleted: HKU\S-1-5-21-2577339454-2355841015-3053957489-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\ShopAtHome.com Helper
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2577339454-2355841015-3053957489-1000\Software\BEFRUGAL
[#] Key deleted on reboot: HKCU\Software\BEFRUGAL
[#] Key deleted on reboot: HKCU\Software\ShopAtHome.com
[-] Key deleted: HKLM\SOFTWARE\BEFRUGAL
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\ShopAtHome.com Helper
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6ADB86DC-7727-492F-865E-A7CAFFABAC72}_is1
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9CC676BB-4D00-4E54-9C8E-DE54A1710A80}_is1
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.1.3
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2577339454-2355841015-3053957489-1000\Software\BEFRUGAL
[#] Key deleted on reboot: [x64] HKCU\Software\BEFRUGAL
[#] Key deleted on reboot: [x64] HKCU\Software\ShopAtHome.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\ShopAtHome.com Helper
[-] Key deleted: HKU\S-1-5-21-2577339454-2355841015-3053957489-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{23088cf8-eaf8-4bb3-a251-9ba61557ac75}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dotomi.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\driverupdate.net
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\fromdoctopdf.dl.tb.ask.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\iad-usadmm.dotomi.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\myimageconverter.dl.tb.ask.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\myway.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mywebface.dl.myway.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dotomi.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\driverupdate.net
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\fromdoctopdf.dl.tb.ask.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\iad-usadmm.dotomi.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\myimageconverter.dl.tb.ask.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\myway.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mywebface.dl.myway.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BFHP]
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\ShopAtHomeUpdater
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\ShopAtHomeWatcher
[-] Key deleted: HKCU\Software\Classes\AppID\ShopAtHomeHelper.EXE
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\befrgl.EXE

***** [ Web browsers ] *****

[-] Chrome preferences cleaned: "extensions.toolbar.mindspark._ceMembers_.lastActivePing" - "1478019197901"
[-] Chrome preferences cleaned: "extensions.toolbar.mindspark.hp.enabled" - false
[-] Chrome preferences cleaned: "extensions.toolbar.mindspark.lastInstalled" - "[email protected]"
[-] [C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: mallpejgeafdahhflmliiahjdpgbegpk

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [15218 Bytes] - [06/11/2016 10:30:03]
C:\AdwCleaner\AdwCleaner[S0].txt - [14588 Bytes] - [06/11/2016 10:28:32]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [15366 Bytes] ##########

sandra · November 6, 2016

Here is the JTL log !

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 10 Home x64
Ran by Sandra (Administrator) on Sun 11/06/2016 at 10:42:04.66
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 3

Successfully deleted: C:\ProgramData\befrugal (Folder)
Successfully deleted: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\components\yahoo-search.xml (File)
Successfully deleted: C:\WINDOWS\couponprinter.ocx (File)

Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 11/06/2016 at 10:44:25.70
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

sandra · November 6, 2016

Malwarebytes cleaned & removed everything found !

flashh4 · November 6, 2016

Thanks Sandy, not much more then we will be finished !

Download OldTimer to your desk top !
Links: http://oldtimer.geekstogo.com/OTL.com http://oldtimer.geekstogo.com/OTL.scr

If you already have a copy of OTL delete it and use this version. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).

* Double click OTL.exe to launch the program.
* Check the following.

o Scan all users.
o Standard Output. o Lop check.
o Purity check. oExtra Registry > Use SafeList

* Under Extra Registry section, select Use SafeList
* Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
* When finished it will produce two logs.

o OTL.txt (open on your desktop).
o Extras.txt (minimised in your taskbar) The Extras.txt file will only appear the very first time you run OTL.

* Please post me both logs. This may have to be broken into more than one post !

Post that log next !

Thanks

Chuck

sandra · November 6, 2016

Here is one of the logs !

OTL logfile created on: 11/6/2016 11:26:48 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sandra\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.14393.0)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.89 Gb Total Physical Memory | 5.28 Gb Available Physical Memory | 66.94% Memory free
15.89 Gb Paging File | 12.94 Gb Available in Paging File | 81.48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.10 Gb Total Space | 383.63 Gb Free Space | 82.48% Space Free | Partition Type: NTFS

Computer Name: SANDRA-PC | User Name: Sandra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2016/11/06 11:26:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sandra\Downloads\OTL.scr
PRC - [2016/10/29 08:46:51 | 000,509,384 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2016/10/03 08:12:13 | 000,633,024 | ---- | M] (Microsoft Corporation) -- C:\Users\Sandra\AppData\Local\Microsoft\OneDrive\OneDrive.exe
PRC - [2016/09/20 08:21:29 | 007,500,048 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
PRC - [2016/09/20 08:21:29 | 007,277,840 | ---- | M] (TeamViewer GmbH) -- c:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
PRC - [2016/09/20 08:21:24 | 026,907,312 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\TeamViewer.exe
PRC - [2016/09/20 07:10:09 | 000,240,912 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\tv_w32.exe
PRC - [2016/09/16 10:24:06 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2016/03/10 14:07:30 | 001,136,608 | ---- | M] (Malwarebytes) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2016/03/10 14:07:28 | 001,514,464 | ---- | M] (Malwarebytes) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2016/03/10 14:07:20 | 009,926,112 | ---- | M] (Malwarebytes) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/07/11 15:14:20 | 000,118,272 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2014/07/11 14:58:08 | 007,241,728 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2013/01/30 14:32:10 | 000,505,856 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
PRC - [2013/01/30 14:29:54 | 001,448,448 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
PRC - [2012/12/27 13:26:20 | 004,522,496 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
PRC - [2012/10/26 09:40:10 | 000,282,112 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe
PRC - [2012/09/11 12:51:42 | 000,365,344 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012/09/11 12:51:42 | 000,277,792 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012/09/01 17:07:22 | 000,014,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012/08/21 05:32:04 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/07/05 07:23:18 | 000,129,856 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012/06/19 18:10:34 | 000,634,632 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe
PRC - [2011/02/23 16:11:22 | 000,323,584 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [1998/07/07 14:18:42 | 000,051,712 | ---- | M] () -- C:\Program Files (x86)\Ulead Systems\Ulead Photo Express 2\CalCheck.exe

========== Modules (No Company Name) ==========

MOD - [2016/10/03 08:13:13 | 000,118,976 | ---- | M] () -- C:\Users\Sandra\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileSyncViews.dll
MOD - [2016/10/03 08:12:13 | 001,383,616 | ---- | M] () -- C:\Users\Sandra\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\ClientTelemetry.dll
MOD - [2014/06/22 12:54:30 | 002,236,416 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxCmpV.dll
MOD - [2014/06/22 12:54:30 | 001,564,672 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\areaifdll.dll
MOD - [2014/06/22 12:54:30 | 001,396,736 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxCommonV.dll
MOD - [2014/06/22 12:54:30 | 000,868,352 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxBaseV.dll
MOD - [2014/06/22 12:54:30 | 000,847,872 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxXML2V.dll
MOD - [2014/06/22 12:54:30 | 000,782,336 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxImV.dll
MOD - [2014/06/22 12:54:30 | 000,688,128 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll
MOD - [2014/06/22 12:54:30 | 000,528,384 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxProcV.dll
MOD - [2014/06/22 12:54:30 | 000,471,040 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESCom.dll
MOD - [2014/06/22 12:54:30 | 000,462,848 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxFFV.dll
MOD - [2014/06/22 12:54:30 | 000,406,016 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\KFx.dll
MOD - [2014/06/22 12:54:30 | 000,356,352 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Atlas.dll
MOD - [2014/06/22 12:54:30 | 000,339,968 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx
MOD - [2014/06/22 12:54:30 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx
MOD - [2014/06/22 12:54:30 | 000,264,192 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\AppCore.dll
MOD - [2014/06/22 12:54:30 | 000,237,568 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll
MOD - [2014/06/22 12:54:30 | 000,234,496 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaControls.esx
MOD - [2014/06/22 12:54:30 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxZipV.dll
MOD - [2014/06/22 12:54:30 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll
MOD - [2014/06/22 12:54:30 | 000,129,536 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\kpries40.dll
MOD - [2014/06/22 12:54:30 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx
MOD - [2014/06/22 12:54:30 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll
MOD - [2014/06/22 12:54:30 | 000,084,480 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx
MOD - [2014/06/22 12:54:30 | 000,084,480 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\keml40.dll
MOD - [2014/06/22 12:54:30 | 000,062,464 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\DibLibIP.dll
MOD - [2014/06/22 12:54:30 | 000,052,224 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll
MOD - [2014/06/22 12:54:30 | 000,044,544 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocCamBack.dll
MOD - [2014/06/22 12:54:30 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll
MOD - [2014/06/22 12:54:29 | 011,503,616 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESSkin.esx
MOD - [2014/06/22 12:54:29 | 000,761,856 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESCliWicMDRW.esx
MOD - [2014/06/22 12:54:29 | 000,684,032 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESEmail.esx
MOD - [2014/06/22 12:54:29 | 000,171,520 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Pcd.esx
MOD - [2014/06/22 12:54:29 | 000,152,576 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx
MOD - [2014/06/22 12:54:29 | 000,078,848 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx
MOD - [2014/02/01 12:30:46 | 000,861,184 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\platforms\qwindows.dll
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
MOD - [1998/07/07 14:18:42 | 000,051,712 | ---- | M] () -- C:\Program Files (x86)\Ulead Systems\Ulead Photo Express 2\CalCheck.exe

========== Services (SafeList) ==========

SRV:64bit: - [2016/10/14 21:55:15 | 000,635,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FlightSettings.dll -- (wisvc)
SRV:64bit: - [2016/10/14 21:52:40 | 000,339,456 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\cdpusersvc.dll -- (CDPUserSvc)
SRV:64bit: - [2016/10/14 21:52:08 | 000,410,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cdpsvc.dll -- (CDPSvc)
SRV:64bit: - [2016/10/14 21:45:57 | 000,337,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2016/10/14 21:42:58 | 000,805,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FrameServer.dll -- (FrameServer)
SRV:64bit: - [2016/10/14 21:42:44 | 000,539,136 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\usocore.dll -- (UsoSvc)
SRV:64bit: - [2016/10/14 21:39:00 | 002,266,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2016/10/14 21:37:03 | 001,980,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:64bit: - [2016/10/13 06:38:36 | 000,329,480 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.11.427\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2016/10/05 03:18:56 | 000,983,040 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ngcsvc.dll -- (NgcSvc)
SRV:64bit: - [2016/10/05 03:17:34 | 004,136,960 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\Windows.StateRepository.dll -- (StateRepository)
SRV:64bit: - [2016/10/03 10:26:54 | 000,447,488 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2016/10/03 10:26:46 | 001,312,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SensorDataService.exe -- (SensorDataService)
SRV:64bit: - [2016/10/03 10:26:46 | 001,232,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\dosvc.dll -- (DoSvc)
SRV:64bit: - [2016/10/03 10:26:46 | 000,781,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PhoneService.dll -- (PhoneSvc)
SRV:64bit: - [2016/10/03 10:26:41 | 000,026,112 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\LicenseManagerSvc.dll -- (LicenseManager)
SRV:64bit: - [2016/10/03 10:26:35 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\moshost.dll -- (MapsBroker)
SRV:64bit: - [2016/10/03 10:26:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\tzautoupdate.dll -- (tzautoupdate)
SRV:64bit: - [2016/10/03 10:19:40 | 000,083,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV:64bit: - [2016/10/03 10:19:35 | 000,026,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mqsvc.exe -- (MSMQ)
SRV:64bit: - [2016/09/15 11:24:30 | 000,764,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CoreMessaging.dll -- (CoreMessagingRegistrar)
SRV:64bit: - [2016/09/15 10:40:41 | 000,140,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\RMapi.dll -- (RmSvc)
SRV:64bit: - [2016/09/15 10:38:15 | 000,203,776 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\PimIndexMaintenance.dll -- (PimIndexMaintenanceSvc)
SRV:64bit: - [2016/09/15 10:38:00 | 000,349,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvcext.dll -- (vmicvss)
SRV:64bit: - [2016/09/15 10:38:00 | 000,349,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvcext.dll -- (vmicrdv)
SRV:64bit: - [2016/09/15 10:36:05 | 000,407,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\Windows.Internal.Management.dll -- (DmEnrollmentSvc)
SRV:64bit: - [2016/09/15 10:35:45 | 000,417,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SensorService.dll -- (SensorService)
SRV:64bit: - [2016/09/15 10:35:06 | 000,305,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvmsession)
SRV:64bit: - [2016/09/15 10:35:06 | 000,305,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2016/09/15 10:35:06 | 000,305,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2016/09/15 10:35:06 | 000,305,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2016/09/15 10:35:06 | 000,305,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2016/09/15 10:35:06 | 000,305,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2016/09/15 10:35:03 | 001,013,248 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\XblAuthManager.dll -- (XblAuthManager)
SRV:64bit: - [2016/09/15 10:33:01 | 000,560,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2016/09/15 10:23:51 | 001,020,928 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\usermgr.dll -- (UserManager)
SRV:64bit: - [2016/09/15 10:23:06 | 000,650,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\RDXService.dll -- (RetailDemo)
SRV:64bit: - [2016/09/15 10:22:05 | 000,770,560 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2016/09/15 10:20:07 | 000,691,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2016/08/05 21:34:01 | 000,023,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2016/07/16 05:43:50 | 000,082,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2016/07/16 05:43:47 | 000,436,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WalletService.dll -- (WalletService)
SRV:64bit: - [2016/07/16 05:43:18 | 000,167,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2016/07/16 05:43:10 | 001,836,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2016/07/16 05:43:06 | 000,347,328 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2016/07/16 05:43:04 | 000,103,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2016/07/16 05:42:42 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2016/07/16 05:42:39 | 000,285,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\EnterpriseAppMgmtSvc.dll -- (EntAppSvc)
SRV:64bit: - [2016/07/16 05:42:39 | 000,161,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Windows.SharedPC.AccountManager.dll -- (shpamsvc)
SRV:64bit: - [2016/07/16 05:42:38 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\XboxNetApiSvc.dll -- (XboxNetApiSvc)
SRV:64bit: - [2016/07/16 05:42:38 | 000,057,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dmwappushsvc.dll -- (dmwappushservice)
SRV:64bit: - [2016/07/16 05:42:38 | 000,055,296 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2016/07/16 05:42:37 | 000,718,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2016/07/16 05:42:36 | 000,183,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dcpsvc.dll -- (DcpSvc)
SRV:64bit: - [2016/07/16 05:42:27 | 000,827,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2016/07/16 05:42:27 | 000,265,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NetSetupSvc.dll -- (NetSetupSvc)
SRV:64bit: - [2016/07/16 05:42:27 | 000,096,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2016/07/16 05:42:27 | 000,093,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe -- (diagnosticshub.standardcollector.service)
SRV:64bit: - [2016/07/16 05:42:27 | 000,044,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (WpnUserService_3e8a1)
SRV:64bit: - [2016/07/16 05:42:27 | 000,044,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\svchost.exe -- (UserDataSvc_3e8a1)
SRV:64bit: - [2016/07/16 05:42:27 | 000,044,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\svchost.exe -- (UnistoreSvc_3e8a1)
SRV:64bit: - [2016/07/16 05:42:27 | 000,044,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\svchost.exe -- (PimIndexMaintenanceSvc_3e8a1)
SRV:64bit: - [2016/07/16 05:42:27 | 000,044,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\svchost.exe -- (OneSyncSvc_3e8a1)
SRV:64bit: - [2016/07/16 05:42:27 | 000,044,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (MessagingService_3e8a1)
SRV:64bit: - [2016/07/16 05:42:27 | 000,044,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\svchost.exe -- (CDPUserSvc_3e8a1)
SRV:64bit: - [2016/07/16 05:42:23 | 000,366,592 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\APHostService.dll -- (OneSyncSvc)
SRV:64bit: - [2016/07/16 05:42:20 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2016/07/16 05:42:19 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2016/07/16 05:42:16 | 000,287,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\TieringEngineService.exe -- (TieringEngineService)
SRV:64bit: - [2016/07/16 05:42:16 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2016/07/16 05:42:16 | 000,013,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2016/07/16 05:42:13 | 000,590,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SmsRouterSvc.dll -- (SmsRouter)
SRV:64bit: - [2016/07/16 05:42:12 | 000,519,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2016/07/16 05:42:12 | 000,052,224 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\MessagingService.dll -- (MessagingService)
SRV:64bit: - [2016/07/16 05:42:09 | 001,512,448 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\UserDataService.dll -- (UserDataSvc)
SRV:64bit: - [2016/07/16 05:42:09 | 001,184,256 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\Unistore.dll -- (UnistoreSvc)
SRV:64bit: - [2016/07/16 05:42:09 | 000,574,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\tileobjserver.dll -- (tiledatamodelsvc)
SRV:64bit: - [2016/07/16 05:42:09 | 000,387,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2016/07/16 05:42:09 | 000,358,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2016/07/16 05:42:09 | 000,339,968 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2016/07/16 05:42:09 | 000,326,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NgcCtnrSvc.dll -- (NgcCtnrSvc)
SRV:64bit: - [2016/07/16 05:42:09 | 000,234,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wpnservice.dll -- (WpnService)
SRV:64bit: - [2016/07/16 05:42:09 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tetheringservice.dll -- (icssvc)
SRV:64bit: - [2016/07/16 05:42:09 | 000,177,664 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBrokerSvc)
SRV:64bit: - [2016/07/16 05:42:09 | 000,074,240 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\WpnUserService.dll -- (WpnUserService)
SRV:64bit: - [2016/07/16 05:42:09 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lfsvc.dll -- (lfsvc)
SRV:64bit: - [2016/07/16 05:42:09 | 000,034,304 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DevQueryBroker.dll -- (DevQueryBroker)
SRV:64bit: - [2016/07/16 05:42:07 | 001,159,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\XblGameSave.dll -- (XblGameSave)
SRV:64bit: - [2016/07/16 05:42:06 | 000,729,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ClipSVC.dll -- (ClipSVC)
SRV:64bit: - [2016/07/16 05:42:06 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AJRouter.dll -- (AJRouter)
SRV:64bit: - [2016/07/16 05:42:05 | 002,104,832 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2016/07/16 05:42:05 | 000,197,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2016/07/16 05:42:05 | 000,152,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dssvc.dll -- (DsSvc)
SRV:64bit: - [2016/07/16 05:42:05 | 000,140,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\embeddedmodesvc.dll -- (embeddedmode)
SRV:64bit: - [2016/07/16 05:42:04 | 000,067,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hvhostsvc.dll -- (HvHost)
SRV:64bit: - [2016/07/16 05:41:50 | 003,318,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2016/07/16 05:41:50 | 000,321,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\BthHFSrv.dll -- (BthHFSrv)
SRV:64bit: - [2016/05/03 22:30:46 | 000,337,888 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\igfxCUIService.exe -- (igfxCUIService1.0.0.0)
SRV:64bit: - [2015/12/16 19:07:40 | 000,255,472 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/06/19 18:10:34 | 000,634,632 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV:64bit: - [2011/10/19 15:19:30 | 000,395,136 | R--- | M] (cFos Software GmbH) [Auto | Running] -- C:\Program Files\ASRock\XFast LAN\spd.exe -- (cFosSpeedS)
SRV - [2016/10/29 08:46:50 | 000,172,488 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2016/10/26 11:28:16 | 000,270,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2016/10/05 03:09:49 | 003,369,984 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\Windows.StateRepository.dll -- (StateRepository)
SRV - [2016/10/03 10:19:44 | 000,507,392 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2016/10/03 10:19:44 | 000,507,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2016/10/03 10:19:39 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV - [2016/10/03 10:19:37 | 000,057,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2016/09/20 08:21:29 | 007,500,048 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe -- (TeamViewer)
SRV - [2016/09/16 10:24:06 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2016/09/15 10:56:09 | 000,298,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Windows.Internal.Management.dll -- (DmEnrollmentSvc)
SRV - [2016/09/15 10:16:15 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\CoreMessaging.dll -- (CoreMessagingRegistrar)
SRV - [2016/08/12 17:38:48 | 000,177,376 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe -- (iumsvc)
SRV - [2016/08/05 21:33:24 | 000,020,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2016/07/16 05:42:55 | 000,968,704 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysWOW64\Unistore.dll -- (UnistoreSvc)
SRV - [2016/07/16 05:41:50 | 003,318,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2016/05/03 22:30:46 | 000,299,488 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2016/03/10 14:07:30 | 001,136,608 | ---- | M] (Malwarebytes) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2016/03/10 14:07:28 | 001,514,464 | ---- | M] (Malwarebytes) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/07/11 14:58:08 | 007,241,728 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2012/10/26 09:40:10 | 000,282,112 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2012/09/11 12:51:42 | 000,365,344 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/09/11 12:51:42 | 000,277,792 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/09/01 17:07:22 | 000,014,904 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2012/08/21 05:32:04 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/07/05 07:23:18 | 000,129,856 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2016/11/06 11:07:52 | 000,192,216 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2016/10/14 22:37:01 | 000,063,328 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2016/10/14 22:30:16 | 000,557,408 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2016/10/14 21:58:34 | 000,258,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xboxgip.sys -- (xboxgip)
DRV:64bit: - [2016/10/14 21:31:37 | 000,227,328 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2016/10/05 04:35:31 | 000,279,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2016/10/05 04:09:07 | 000,064,352 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\MegaSas2i.sys -- (megasas2i)
DRV:64bit: - [2016/10/03 10:26:54 | 000,108,384 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2016/10/03 10:26:35 | 000,073,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hvservice.sys -- (hvservice)
DRV:64bit: - [2016/10/03 10:26:34 | 000,118,112 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2016/10/03 10:26:34 | 000,043,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xinputhid.sys -- (xinputhid)
DRV:64bit: - [2016/10/03 10:19:44 | 000,175,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mqac.sys -- (MQAC)
DRV:64bit: - [2016/10/03 10:18:44 | 000,199,008 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2016/09/15 11:29:54 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2016/09/15 11:29:03 | 000,081,760 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2016/09/15 11:15:56 | 000,130,912 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2016/09/15 11:15:03 | 000,218,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2016/09/15 11:14:50 | 000,119,648 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\wcifs.sys -- (wcifs)
DRV:64bit: - [2016/09/15 10:36:57 | 000,719,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdiWiFi.sys -- (wdiwifi)
DRV:64bit: - [2016/09/10 07:21:43 | 000,118,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\capimg.sys -- (CapImg)
DRV:64bit: - [2016/09/05 04:47:12 | 000,165,504 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2016/09/05 04:47:06 | 000,131,712 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2016/08/16 02:18:34 | 000,159,936 | ---- | M] (MBB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb2ser.sys -- (wdm_usb)
DRV:64bit: - [2016/07/16 08:27:23 | 000,038,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2016/07/16 08:27:05 | 000,029,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2016/07/16 05:44:01 | 000,030,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2016/07/16 05:43:06 | 000,123,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2016/07/16 05:43:04 | 000,290,144 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2016/07/16 05:43:04 | 000,044,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2016/07/16 05:42:38 | 000,125,440 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2016/07/16 05:42:36 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2016/07/16 05:42:36 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2016/07/16 05:42:36 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\applockerfltr.sys -- (applockerfltr)
DRV:64bit: - [2016/07/16 05:42:35 | 000,928,608 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refsv1.sys -- (ReFSv1)
DRV:64bit: - [2016/07/16 05:42:35 | 000,376,160 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2016/07/16 05:42:35 | 000,045,920 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iorate.sys -- (iorate)
DRV:64bit: - [2016/07/16 05:42:28 | 000,107,032 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WindowsTrustedRT.sys -- (WindowsTrustedRT)
DRV:64bit: - [2016/07/16 05:42:28 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gpuenergydrv.sys -- (GpuEnergyDrv)
DRV:64bit: - [2016/07/16 05:42:27 | 000,263,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ufx01000.sys -- (Ufx01000)
DRV:64bit: - [2016/07/16 05:42:27 | 000,201,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2016/07/16 05:42:27 | 000,151,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2016/07/16 05:42:27 | 000,108,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UcmTcpciCx.sys -- (UcmTcpciCx0101)
DRV:64bit: - [2016/07/16 05:42:27 | 000,095,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UcmCx.sys -- (UcmCx0101)
DRV:64bit: - [2016/07/16 05:42:27 | 000,079,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2016/07/16 05:42:27 | 000,078,336 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\storqosflt.sys -- (storqosflt)
DRV:64bit: - [2016/07/16 05:42:27 | 000,074,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2016/07/16 05:42:27 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urscx01000.sys -- (UrsCx01000)
DRV:64bit: - [2016/07/16 05:42:27 | 000,053,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2016/07/16 05:42:27 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IndirectKmd.sys -- (IndirectKmd)
DRV:64bit: - [2016/07/16 05:42:27 | 000,031,584 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2016/07/16 05:42:27 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2016/07/16 05:42:23 | 000,038,752 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cnghwassist.sys -- (cnghwassist)
DRV:64bit: - [2016/07/16 05:42:22 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mmcss.sys -- (MMCSS)
DRV:64bit: - [2016/07/16 05:42:18 | 000,088,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2016/07/16 05:42:12 | 000,120,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\irda.sys -- (irda)
DRV:64bit: - [2016/07/16 05:42:11 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2016/07/16 05:42:09 | 000,168,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2016/07/16 05:42:09 | 000,156,000 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2016/07/16 05:42:09 | 000,070,144 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\registry.sys -- (clreg)
DRV:64bit: - [2016/07/16 05:42:09 | 000,066,560 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\wcnfs.sys -- (wcnfs)
DRV:64bit: - [2016/07/16 05:42:03 | 000,210,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Ucx01000.sys -- (Ucx01000)
DRV:64bit: - [2016/07/16 05:42:03 | 000,126,816 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2016/07/16 05:42:03 | 000,090,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NetAdapterCx.sys -- (NetAdapterCx)
DRV:64bit: - [2016/07/16 05:42:03 | 000,088,576 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\filecrypt.sys -- (FileCrypt)
DRV:64bit: - [2016/07/16 05:42:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (tsusbflt)
DRV:64bit: - [2016/07/16 05:42:03 | 000,045,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Udecx.sys -- (UdeCx)
DRV:64bit: - [2016/07/16 05:42:03 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhf.sys -- (vhf)
DRV:64bit: - [2016/07/16 05:41:55 | 000,535,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2016/07/16 05:41:55 | 000,381,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2016/07/16 05:41:55 | 000,137,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ufxsynopsys.sys -- (ufxsynopsys)
DRV:64bit: - [2016/07/16 05:41:55 | 000,096,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UfxChipidea.sys -- (UfxChipidea)
DRV:64bit: - [2016/07/16 05:41:55 | 000,095,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2016/07/16 05:41:55 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UcmUcsi.sys -- (UcmUcsi)
DRV:64bit: - [2016/07/16 05:41:55 | 000,028,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urschipidea.sys -- (UrsChipidea)
DRV:64bit: - [2016/07/16 05:41:55 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urssynopsys.sys -- (UrsSynopsys)
DRV:64bit: - [2016/07/16 05:41:55 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\genericusbfn.sys -- (genericusbfn)
DRV:64bit: - [2016/07/16 05:41:55 | 000,017,944 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WindowsTrustedRTProxy.sys -- (WindowsTrustedRTProxy)
DRV:64bit: - [2016/07/16 05:41:54 | 000,176,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSS2i_I2C.sys -- (iaLPSS2i_I2C)
DRV:64bit: - [2016/07/16 05:41:54 | 000,081,408 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iai2c.sys -- (iai2c)
DRV:64bit: - [2016/07/16 05:41:54 | 000,064,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSS2i_GPIO2.sys -- (iaLPSS2i_GPIO2)
DRV:64bit: - [2016/07/16 05:41:54 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2016/07/16 05:41:54 | 000,050,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2016/07/16 05:41:54 | 000,050,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidinterrupt.sys -- (hidinterrupt)
DRV:64bit: - [2016/07/16 05:41:54 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\buttonconverter.sys -- (buttonconverter)
DRV:64bit: - [2016/07/16 05:41:54 | 000,034,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2016/07/16 05:41:54 | 000,033,280 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iagpio.sys -- (iagpio)
DRV:64bit: - [2016/07/16 05:41:54 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2016/07/16 05:41:54 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2016/07/16 05:41:53 | 002,104,160 | ---- | M] (Chelsio Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cht4vx64.sys -- (cht4vbd)
DRV:64bit: - [2016/07/16 05:41:53 | 001,135,456 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2016/07/16 05:41:53 | 000,842,584 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mlx4_bus.sys -- (mlx4_bus)
DRV:64bit: - [2016/07/16 05:41:53 | 000,673,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2016/07/16 05:41:53 | 000,589,824 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rt640x64.sys -- (rt640x64)
DRV:64bit: - [2016/07/16 05:41:53 | 000,526,176 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ibbus.sys -- (ibbus)
DRV:64bit: - [2016/07/16 05:41:53 | 000,346,976 | ---- | M] (Chelsio Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cht4sx64.sys -- (cht4iscsi)
DRV:64bit: - [2016/07/16 05:41:53 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2016/07/16 05:41:53 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2016/07/16 05:41:53 | 000,123,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\scmdisk0101.sys -- (scmdisk0101)
DRV:64bit: - [2016/07/16 05:41:53 | 000,108,896 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndfltr.sys -- (ndfltr)
DRV:64bit: - [2016/07/16 05:41:53 | 000,107,360 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2016/07/16 05:41:53 | 000,105,824 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2i.sys -- (LSI_SAS2i)
DRV:64bit: - [2016/07/16 05:41:53 | 000,101,216 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3i.sys -- (LSI_SAS3i)
DRV:64bit: - [2016/07/16 05:41:53 | 000,088,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\scmbus.sys -- (scmbus)
DRV:64bit: - [2016/07/16 05:41:53 | 000,083,296 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2016/07/16 05:41:53 | 000,082,776 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2016/07/16 05:41:53 | 000,077,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2016/07/16 05:41:53 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2016/07/16 05:41:53 | 000,064,864 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winverbs.sys -- (WinVerbs)
DRV:64bit: - [2016/07/16 05:41:53 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2016/07/16 05:41:53 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2016/07/16 05:41:53 | 000,061,792 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\percsas3i.sys -- (percsas3i)
DRV:64bit: - [2016/07/16 05:41:53 | 000,058,720 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\percsas2i.sys -- (percsas2i)
DRV:64bit: - [2016/07/16 05:41:53 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2016/07/16 05:41:53 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2016/07/16 05:41:53 | 000,032,096 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storufs.sys -- (storufs)
DRV:64bit: - [2016/07/16 05:41:53 | 000,032,096 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winmad.sys -- (WinMad)
DRV:64bit: - [2016/07/16 05:41:53 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2016/07/16 05:41:53 | 000,028,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2016/07/16 05:41:53 | 000,026,976 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2016/07/16 05:41:53 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AcpiDev.sys -- (AcpiDev)
DRV:64bit: - [2016/07/16 05:41:53 | 000,016,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\volume.sys -- (volume)
DRV:64bit: - [2016/07/16 05:41:53 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2016/07/16 05:41:53 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2016/07/16 05:41:53 | 000,009,728 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2016/07/16 05:41:53 | 000,009,728 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn.sys -- (bcmfn)
DRV:64bit: - [2016/07/16 05:41:52 | 003,418,976 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2016/07/16 05:41:52 | 000,533,856 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2016/07/16 05:41:52 | 000,048,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2016/07/16 05:41:52 | 000,038,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2016/07/16 05:41:50 | 000,113,152 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2016/07/16 05:41:50 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2016/07/16 05:41:50 | 000,064,000 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2016/07/16 05:41:50 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2016/07/16 05:41:50 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2016/07/16 05:41:50 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2016/07/16 05:41:50 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2016/07/16 05:41:50 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2016/07/16 05:41:50 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2016/07/16 05:41:50 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2016/07/16 05:41:50 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgid.sys -- (vmgid)
DRV:64bit: - [2016/05/15 09:20:17 | 000,034,752 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys -- (WPRO_41_2001)
DRV:64bit: - [2016/05/03 22:30:46 | 003,811,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2016/03/10 14:09:10 | 000,065,408 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2016/03/10 14:08:54 | 000,027,008 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2015/12/16 19:07:42 | 021,648,880 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2015/12/16 19:07:40 | 000,674,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2015/12/01 13:46:03 | 000,038,896 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2015/08/21 10:50:48 | 000,463,112 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2015/05/28 06:00:44 | 000,102,912 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdWT6.sys -- (AtiHDAudioService)
DRV:64bit: - [2014/06/04 23:01:29 | 000,016,648 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FNETURPX.SYS -- (FNETURPX)
DRV:64bit: - [2014/03/31 21:06:06 | 000,058,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2013/07/30 21:32:06 | 000,047,008 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ISCTD64.sys -- (ISCT)
DRV:64bit: - [2012/09/01 17:01:56 | 000,647,736 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012/08/09 16:03:06 | 000,034,640 | ---- | M] (ASRock Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AsrRamDisk.sys -- (AsrRamDisk)
DRV:64bit: - [2012/07/02 09:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/02/26 13:01:00 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012/02/09 15:24:16 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\imsevent.sys -- (imsevent)
DRV:64bit: - [2012/02/09 15:24:14 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ikbevent.sys -- (ikbevent)
DRV:64bit: - [2011/07/04 14:19:34 | 001,632,128 | ---- | M] (cFos Software GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\cfosspeed6.sys -- (cfosspeed)
DRV:64bit: - [2011/05/10 15:28:48 | 000,017,192 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AsrAppCharger.sys -- (AsrAppCharger)
DRV:64bit: - [2009/11/17 17:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV - [2016/07/16 05:41:50 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys -- (CompositeBus)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Old Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?pc=UE01&ocid=UE01DHP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US,en;q=0.5
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F7 50 0F 04 E4 EC D1 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = 74 D2 24 DA D8 BA D1 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = 01 00 00 00 48 00 00 00 C8 3D E8 A9 03 71 5B 1C B8 D5 65 2E 52 19 3B 97 6F 5F E8 E2 F0 21 D8 94 85 6C 68 45 77 DC BE 4B FE 4A 7D FE 3C 45 86 E3 E4 57 24 F2 18 A7 A0 CF 63 86 59 5C B7 D3 95 6C 2B 58 47 12 16 FE A3 6B 65 BF 40 4B 8A 7B 14 B0 02 00 00 00 0E 00 00 00 56 71 73 35 79 77 4B 77 50 4D 63 25 33 64 [Binary data over 200 bytes]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE05
IE - HKCU\..\SearchScopes\{4553B93D-627A-494F-929A-1928696E74EB}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ASRM_enUS591
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.countryCode: "US"
FF - prefs.js..browser.search.region: "US"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:49.0.2
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_205.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.111.2: C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.111.2: C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_23_0_0_205.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.111.2: C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.111.2: C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 49.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 49.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 49.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 49.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2015/08/16 17:57:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sandra\AppData\Roaming\mozilla\Extensions
[2016/11/01 11:52:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sandra\AppData\Roaming\mozilla\Firefox\Profiles\9ighisjl.default\extensions
[2016/10/30 14:47:04 | 000,005,389 | ---- | M] () (No name found) -- C:\Users\Sandra\AppData\Roaming\mozilla\firefox\profiles\9ighisjl.default\features\{533abb5a-9433-4f9a-bcf0-83c9ffba7b9c}\[email protected]
[2016/10/29 08:46:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\
CHR - Extension: No name found = C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\

O1 HOSTS File: ([2016/10/29 12:25:54 | 000,000,855 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 0.0.0.1   mssplus.mcafee.com
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxTray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [THXCfg64] C:\WINDOWS\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [WindowsDefender] C:\Program Files\Windows Defender\MSASCuiL.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [PE2CKFNT] C:\Program Files (x86)\Ulead Systems\Ulead Photo Express 2\ChkFont.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [OneDrive] C:\Users\Sandra\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DSCAutomationHostEnabled = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: pogo.com ([www] https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9f6ab490-feac-47fa-a2c2-f8c1e79d4d8d}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9f6ab490-feac-47fa-a2c2-f8c1e79d4d8d}: NameServer = 8.8.8.8
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysNative\tbauth.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\windows.tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysNative\tbauth.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation)
O18 - Protocol\Handler\windows.tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30:64bit: - LSA: Security Packages - (livessp) - File not found
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2016/11/06 10:27:20 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2016/11/06 10:01:02 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Roaming\TeamViewer
[2016/11/06 10:00:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2016/11/06 08:07:50 | 000,000,000 | -H-D | C] -- C:\OneDriveTemp
[2016/11/04 11:27:46 | 000,000,000 | ---D | C] -- C:\Users\Sandra\Documents\Harlequin.com _ Miniseries - Rocky Mountain Heirs_files
[2016/11/02 07:14:39 | 000,110,144 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\WindowsAccessBridge-64.dll
[2016/11/02 07:14:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2016/10/29 12:25:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2016/10/29 08:46:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2016/10/27 12:43:43 | 000,498,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DolbyDecMFT.dll
[2016/10/27 12:43:42 | 004,129,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfcore.dll
[2016/10/27 12:43:42 | 001,990,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfmp4srcsnk.dll
[2016/10/27 12:43:42 | 001,557,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\winmde.dll
[2016/10/27 12:43:42 | 001,472,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfplat.dll
[2016/10/27 12:43:42 | 001,062,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfsvr.dll
[2016/10/27 12:43:41 | 007,468,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mstscax.dll
[2016/10/27 12:43:41 | 000,628,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fontdrvhost.exe
[2016/10/27 12:43:40 | 006,285,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.dll
[2016/10/27 12:43:40 | 003,778,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MFMediaEngine.dll
[2016/10/27 12:43:40 | 000,244,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfps.dll
[2016/10/27 12:43:39 | 008,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mstscax.dll
[2016/10/27 12:43:39 | 001,418,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msctf.dll
[2016/10/27 12:43:39 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winsrv.dll
[2016/10/27 12:43:38 | 003,617,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32kfull.sys
[2016/10/27 12:43:34 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingsHandlers_Bluetooth.dll
[2016/10/27 12:43:32 | 000,555,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\StoreAgent.dll
[2016/10/27 12:43:32 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.BackgroundMediaPlayback.dll
[2016/10/27 12:43:32 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.Playback.BackgroundMediaPlayer.dll
[2016/10/27 12:43:32 | 000,459,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.Playback.MediaPlayer.dll
[2016/10/27 12:43:32 | 000,222,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\InstallAgentUserBroker.exe
[2016/10/27 12:43:32 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\InstallAgent.exe
[2016/10/27 12:43:31 | 001,608,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d3d9.dll
[2016/10/27 12:43:31 | 001,051,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winresume.efi
[2016/10/27 12:43:31 | 000,894,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winresume.exe
[2016/10/27 12:43:31 | 000,747,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\RemoteNaturalLanguage.dll
[2016/10/27 12:43:30 | 002,290,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dwmcore.dll
[2016/10/27 12:43:30 | 001,274,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ole32.dll
[2016/10/27 12:43:30 | 000,691,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msvproc.dll
[2016/10/27 12:43:30 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\energy.dll
[2016/10/27 12:43:29 | 001,461,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\user32.dll
[2016/10/27 12:43:29 | 000,811,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MFCaptureEngine.dll
[2016/10/27 12:43:29 | 000,749,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\drvstore.dll
[2016/10/27 12:43:29 | 000,576,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wer.dll
[2016/10/27 12:43:29 | 000,539,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\usocore.dll
[2016/10/27 12:43:29 | 000,227,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\ahcache.sys
[2016/10/27 12:43:29 | 000,186,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MusNotification.exe
[2016/10/27 12:43:29 | 000,186,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\weretw.dll
[2016/10/27 12:43:29 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\BluetoothApis.dll
[2016/10/27 12:43:28 | 001,228,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\usercpl.dll
[2016/10/27 12:43:28 | 000,842,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntshrui.dll
[2016/10/27 12:43:28 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iscsiwmi.dll
[2016/10/27 12:43:28 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\TpmTasks.dll
[2016/10/27 12:43:27 | 001,631,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Xaml.Resources.dll
[2016/10/27 12:43:27 | 000,913,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Networking.dll
[2016/10/27 12:43:27 | 000,211,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\InstallAgent.exe
[2016/10/27 12:43:26 | 001,883,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntdll.dll
[2016/10/27 12:43:26 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\StoreAgent.dll
[2016/10/27 12:43:25 | 007,817,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntoskrnl.exe
[2016/10/27 12:43:25 | 004,749,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingsHandlers_nt.dll
[2016/10/27 12:43:25 | 001,643,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.Speech.dll
[2016/10/27 12:43:24 | 017,188,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Xaml.dll
[2016/10/27 12:43:24 | 000,701,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Networking.Connectivity.dll
[2016/10/27 12:43:24 | 000,406,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentClient.dll
[2016/10/27 12:43:23 | 009,131,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinui.dll
[2016/10/27 12:43:22 | 004,673,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2016/10/27 12:43:21 | 001,354,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.efi
[2016/10/27 12:43:21 | 001,323,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wsp_fs.dll
[2016/10/27 12:43:21 | 001,173,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.exe
[2016/10/27 12:43:21 | 001,113,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wsp_health.dll
[2016/10/27 12:43:20 | 001,993,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dwmcore.dll
[2016/10/27 12:43:20 | 000,558,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wpnprv.dll
[2016/10/27 12:43:20 | 000,495,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DataSenseHandlers.dll
[2016/10/27 12:43:20 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingsHandlers_Flights.dll
[2016/10/27 12:43:20 | 000,182,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfsensorgroup.dll
[2016/10/27 12:43:20 | 000,063,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\dam.sys
[2016/10/27 12:43:19 | 003,400,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SyncCenter.dll
[2016/10/27 12:43:19 | 000,828,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\appwiz.cpl
[2016/10/27 12:43:19 | 000,773,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\oleaut32.dll
[2016/10/27 12:43:19 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\hgcpl.dll
[2016/10/27 12:43:19 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SystemSettings.UserAccountsHandlers.dll
[2016/10/27 12:43:19 | 000,455,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\DolbyDecMFT.dll
[2016/10/27 12:43:19 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuuhext.dll
[2016/10/27 12:43:19 | 000,118,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\capimg.sys
[2016/10/27 12:43:19 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\HttpsDataSource.dll
[2016/10/27 12:43:19 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\updatepolicy.dll
[2016/10/27 12:43:18 | 002,611,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\gameux.dll
[2016/10/27 12:43:18 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fontext.dll
[2016/10/27 12:43:18 | 000,655,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\sud.dll
[2016/10/27 12:43:18 | 000,567,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DevicePairing.dll
[2016/10/27 12:43:18 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Display.dll
[2016/10/27 12:43:18 | 000,163,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\autoplay.dll
[2016/10/27 12:43:18 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\cmifw.dll
[2016/10/27 12:43:17 | 002,512,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\themecpl.dll
[2016/10/27 12:43:17 | 000,717,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\taskbarcpl.dll
[2016/10/27 12:43:17 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\LockAppBroker.dll
[2016/10/27 12:43:17 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\stobject.dll
[2016/10/27 12:43:17 | 000,338,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fhcpl.dll
[2016/10/27 12:43:17 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\xboxgip.sys
[2016/10/27 12:43:17 | 000,240,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NetworkDesktopSettings.dll
[2016/10/27 12:43:17 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DevicePairingFolder.dll
[2016/10/27 12:43:17 | 000,198,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\FSClient.dll
[2016/10/27 12:43:17 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\powercfg.exe
[2016/10/27 12:43:17 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\OnDemandConnRouteHelper.dll
[2016/10/27 12:43:17 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\stdole2.tlb
[2016/10/27 12:43:16 | 000,272,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfksproxy.dll
[2016/10/27 12:43:16 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\IdCtrls.dll
[2016/10/27 12:43:16 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSManHTTPConfig.exe
[2016/10/27 12:43:15 | 013,441,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wmp.dll
[2016/10/27 12:43:15 | 000,432,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WpAXHolder.dll
[2016/10/27 12:43:15 | 000,187,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfksproxy.dll
[2016/10/27 12:43:14 | 012,349,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wmp.dll
[2016/10/27 12:43:14 | 001,631,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Xaml.Resources.dll
[2016/10/27 12:43:14 | 000,542,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Networking.Connectivity.dll
[2016/10/27 12:43:14 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Geolocation.dll
[2016/10/27 12:43:13 | 013,868,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
[2016/10/27 12:43:13 | 002,999,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\win32kfull.sys
[2016/10/27 12:43:12 | 006,108,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mos.dll
[2016/10/27 12:43:12 | 002,748,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mispace.dll
[2016/10/27 12:43:11 | 003,287,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mispace.dll
[2016/10/27 12:43:11 | 001,980,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\diagtrack.dll
[2016/10/27 12:43:11 | 001,637,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\appraiser.dll
[2016/10/27 12:43:11 | 001,554,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wsp_health.dll
[2016/10/27 12:43:11 | 001,235,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aeinv.dll
[2016/10/27 12:43:11 | 000,595,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\generaltel.dll
[2016/10/27 12:43:11 | 000,584,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\devinv.dll
[2016/10/27 12:43:11 | 000,137,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\acmigration.dll
[2016/10/27 12:43:11 | 000,078,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CompatTelRunner.exe
[2016/10/27 12:43:10 | 002,186,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\hevcdecoder.dll
[2016/10/27 12:43:10 | 001,913,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wsp_fs.dll
[2016/10/27 12:43:10 | 000,675,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Networking.dll
[2016/10/27 12:43:10 | 000,341,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wintrust.dll
[2016/10/27 12:43:10 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\splwow64.exe
[2016/10/27 12:43:09 | 003,054,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\esent.dll
[2016/10/27 12:43:09 | 002,708,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\esent.dll
[2016/10/27 12:43:09 | 000,322,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\invagent.dll
[2016/10/27 12:43:09 | 000,232,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aepic.dll
[2016/10/27 12:43:08 | 005,376,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\BingMaps.dll
[2016/10/27 12:43:08 | 000,908,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drvstore.dll
[2016/10/27 12:43:08 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\JpMapControl.dll
[2016/10/27 12:43:08 | 000,760,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\NMAA.dll
[2016/10/27 12:43:08 | 000,682,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wer.dll
[2016/10/27 12:43:08 | 000,292,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wmpeffects.dll
[2016/10/27 12:43:08 | 000,079,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\crashdmp.sys
[2016/10/27 12:43:07 | 001,726,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Immersive.dll
[2016/10/27 12:43:07 | 000,881,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\authui.dll
[2016/10/27 12:43:07 | 000,715,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MapControlCore.dll
[2016/10/27 12:43:07 | 000,509,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\storport.sys
[2016/10/27 12:43:07 | 000,483,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinapi.dll
[2016/10/27 12:43:07 | 000,254,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wmpeffects.dll
[2016/10/27 12:43:07 | 000,238,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\weretw.dll
[2016/10/27 12:43:07 | 000,217,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wmpdxm.dll
[2016/10/27 12:43:07 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\cmifw.dll
[2016/10/27 12:43:07 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iscsiwmi.dll
[2016/10/27 12:43:06 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wmpdxm.dll
[2016/10/27 12:43:06 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wmpshell.dll
[2016/10/27 12:43:06 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\updatepolicy.dll
[2016/10/27 12:43:06 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\efsext.dll
[2016/10/27 12:43:05 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wmpshell.dll
[2016/10/27 12:43:04 | 000,869,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuapi.dll
[2016/10/27 12:43:04 | 000,549,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ActionCenterCPL.dll
[2016/10/27 12:43:04 | 000,339,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\esentutl.exe
[2016/10/27 12:43:04 | 000,336,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msinfo32.exe
[2016/10/27 12:43:04 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\esentutl.exe
[2016/10/27 12:43:04 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\chartv.dll
[2016/10/27 12:43:04 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\chartv.dll
[2016/10/27 12:43:04 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wups.dll
[2016/10/27 12:43:02 | 001,600,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\sppobjs.dll
[2016/10/27 12:43:02 | 001,365,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wpncore.dll
[2016/10/27 12:43:02 | 001,356,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ClipUp.exe
[2016/10/27 12:43:02 | 000,742,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\sppwinob.dll
[2016/10/27 12:43:02 | 000,429,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SndVolSSO.dll
[2016/10/27 12:43:01 | 000,882,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\EditionUpgradeManagerObj.dll
[2016/10/27 12:43:00 | 005,685,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Data.Pdf.dll
[2016/10/27 12:43:00 | 000,590,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AudioSes.dll
[2016/10/27 12:42:59 | 007,654,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mos.dll
[2016/10/27 12:42:59 | 007,216,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Data.Pdf.dll
[2016/10/27 12:42:59 | 004,474,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\D3DCompiler_47.dll
[2016/10/27 12:42:58 | 004,311,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\explorer.exe
[2016/10/27 12:42:58 | 000,545,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\fontdrvhost.exe
[2016/10/27 12:42:58 | 000,310,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AppXDeploymentClient.dll
[2016/10/27 12:42:58 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WSManHTTPConfig.exe
[2016/10/27 12:42:57 | 007,626,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinui.dll
[2016/10/27 12:42:56 | 001,492,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\lsasrv.dll
[2016/10/27 12:42:56 | 001,267,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WinTypes.dll
[2016/10/27 12:42:56 | 000,886,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CPFilters.dll
[2016/10/27 12:42:56 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.BackgroundMediaPlayback.dll
[2016/10/27 12:42:56 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.Playback.MediaPlayer.dll
[2016/10/27 12:42:56 | 000,673,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winlogon.exe
[2016/10/27 12:42:55 | 007,792,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\BingMaps.dll
[2016/10/27 12:42:55 | 004,708,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ExplorerFrame.dll
[2016/10/27 12:42:55 | 001,969,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\hevcdecoder.dll
[2016/10/27 12:42:55 | 000,718,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.Playback.BackgroundMediaPlayer.dll
[2016/10/27 12:42:55 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\daxexec.dll
[2016/10/27 12:42:55 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\cdpsvc.dll
[2016/10/27 12:42:55 | 000,339,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\cdpusersvc.dll
[2016/10/27 12:42:55 | 000,329,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wc_storage.dll
[2016/10/27 12:42:55 | 000,283,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DeviceCensus.exe
[2016/10/27 12:42:54 | 002,913,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\combase.dll
[2016/10/27 12:42:54 | 002,827,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d3d11.dll
[2016/10/27 12:42:54 | 001,851,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\crypt32.dll
[2016/10/27 12:42:54 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\JpMapControl.dll
[2016/10/27 12:42:54 | 001,005,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\D3D12.dll
[2016/10/27 12:42:54 | 000,936,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NMAA.dll
[2016/10/27 12:42:54 | 000,905,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MapControlCore.dll
[2016/10/27 12:42:54 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.WiFi.dll
[2016/10/27 12:42:54 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.WiFi.dll
[2016/10/27 12:42:54 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\BthRadioMedia.dll
[2016/10/27 12:42:53 | 002,484,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\gameux.dll
[2016/10/27 12:42:53 | 001,556,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Immersive.dll
[2016/10/27 12:42:53 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\usercpl.dll
[2016/10/27 12:42:53 | 001,029,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MapsStore.dll
[2016/10/27 12:42:53 | 000,798,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\authui.dll
[2016/10/27 12:42:53 | 000,635,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\FlightSettings.dll
[2016/10/27 12:42:53 | 000,120,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\BluetoothApis.dll
[2016/10/27 12:42:53 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MDMAppInstaller.exe
[2016/10/27 12:42:52 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\hgcpl.dll
[2016/10/27 12:42:52 | 000,579,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LockAppBroker.dll
[2016/10/27 12:42:52 | 000,566,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ActionCenterCPL.dll
[2016/10/27 12:42:52 | 000,534,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AudioEng.dll
[2016/10/27 12:42:52 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinapi.dll
[2016/10/27 12:42:52 | 000,337,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AudioEndpointBuilder.dll
[2016/10/27 12:42:52 | 000,313,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\moshostcore.dll
[2016/10/27 12:42:52 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dafBth.dll
[2016/10/27 12:42:52 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\efsext.dll
[2016/10/27 12:42:52 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dtdump.exe
[2016/10/27 12:42:49 | 000,632,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\sud.dll
[2016/10/27 12:42:49 | 000,506,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\DevicePairing.dll
[2016/10/27 12:42:49 | 000,438,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\EncDec.dll
[2016/10/27 12:42:49 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msinfo32.exe
[2016/10/27 12:42:49 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\systemcpl.dll
[2016/10/27 12:42:49 | 000,265,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dhcpcore6.dll
[2016/10/27 12:42:49 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\shdocvw.dll
[2016/10/27 12:42:49 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\EditionUpgradeHelper.dll
[2016/10/27 12:42:49 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\autoplay.dll
[2016/10/27 12:42:48 | 002,458,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\themecpl.dll
[2016/10/27 12:42:48 | 000,956,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentExtensions.desktop.dll
[2016/10/27 12:42:48 | 000,896,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\fontext.dll
[2016/10/27 12:42:48 | 000,690,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieproxy.dll
[2016/10/27 12:42:48 | 000,402,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\dxgmms1.sys
[2016/10/27 12:42:48 | 000,306,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieproxy.dll
[2016/10/27 12:42:47 | 001,690,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentExtensions.onecore.dll
[2016/10/27 12:42:47 | 001,512,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32kbase.sys
[2016/10/27 12:42:47 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\FrameServer.dll
[2016/10/27 12:42:47 | 000,658,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\dxgmms2.sys
[2016/10/27 12:42:47 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfsensorgroup.dll
[2016/10/27 12:42:45 | 002,266,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentServer.dll
[2016/10/27 12:42:45 | 000,909,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Search.dll
[2016/10/27 12:42:45 | 000,467,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Geolocation.dll
[2016/10/27 12:42:44 | 002,476,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DWrite.dll
[2016/10/27 12:42:44 | 001,694,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winmde.dll
[2016/10/27 12:42:44 | 000,631,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NotificationController.dll
[2016/10/27 12:42:44 | 000,557,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\spaceport.sys
[2016/10/27 12:42:43 | 022,568,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\edgehtml.dll
[2016/10/27 12:42:43 | 003,892,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfcore.dll
[2016/10/27 12:42:43 | 000,952,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfsvr.dll
[2016/10/27 12:42:43 | 000,709,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\CPFilters.dll
[2016/10/27 12:42:42 | 004,612,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.dll
[2016/10/27 12:42:42 | 003,307,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MFMediaEngine.dll
[2016/10/27 12:42:42 | 001,123,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfplat.dll
[2016/10/27 12:42:42 | 000,410,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SndVolSSO.dll
[2016/10/27 12:42:42 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\daxexec.dll
[2016/10/27 12:42:40 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.Speech.dll
[2016/10/27 12:42:40 | 000,712,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Search.dll
[2016/10/27 12:42:39 | 019,418,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\edgehtml.dll
[2016/10/27 12:42:39 | 003,733,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\D3DCompiler_47.dll
[2016/10/27 12:42:37 | 004,423,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ExplorerFrame.dll
[2016/10/27 12:42:37 | 001,790,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LocationFramework.dll
[2016/10/27 12:42:37 | 000,983,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\RemoteNaturalLanguage.dll
[2016/10/27 12:42:37 | 000,846,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WinTypes.dll
[2016/10/27 12:42:37 | 000,806,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\D3D12.dll
[2016/10/27 12:42:37 | 000,160,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CloudExperienceHostBroker.dll
[2016/10/27 12:42:36 | 002,276,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\d3d11.dll
[2016/10/27 12:42:36 | 002,166,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\combase.dll
[2016/10/27 12:42:36 | 001,853,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfmp4srcsnk.dll
[2016/10/27 12:42:36 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MusUpdateHandlers.dll
[2016/10/27 12:42:35 | 001,637,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieapfltr.dll
[2016/10/27 12:42:35 | 000,687,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msvproc.dll
[2016/10/27 12:42:35 | 000,409,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\FWPKCLNT.SYS
[2016/10/27 12:42:35 | 000,323,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinui.pcshell.dll
[2016/10/27 12:42:35 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\indexeddbserver.dll
[2016/10/27 12:42:35 | 000,227,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\cdd.dll
[2016/10/27 12:42:35 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\indexeddbserver.dll
[2016/10/27 12:42:34 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieapfltr.dll
[2016/10/27 12:42:33 | 000,388,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\zipfldr.dll
[2016/10/27 12:42:33 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dhcpcore6.dll
[2016/10/27 12:42:33 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AudioSrvPolicyManager.dll
[2016/10/27 12:42:33 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\hidclass.sys
[2016/10/27 12:42:33 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\powercfg.exe
[2016/10/27 12:42:32 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\FSClient.dll
[2016/10/27 12:42:32 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mshtmled.dll
[2016/10/27 12:42:32 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mshtmled.dll
[2016/10/27 12:42:32 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\stdole2.tlb
[2016/10/26 11:20:03 | 000,000,000 | ---D | C] -- C:\Users\Sandra\Documents\Lincoln's Gettysburg Address_files
[2016/10/12 09:20:45 | 000,426,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Wallet.dll
[2016/10/12 09:20:45 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\UserDeviceRegistration.dll
[2016/10/12 09:20:45 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\UserDeviceRegistration.Ngc.dll
[2016/10/12 09:20:44 | 006,474,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mspaint.exe
[2016/10/12 09:20:44 | 000,873,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\aadtb.dll
[2016/10/12 09:20:44 | 000,566,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ShareHost.dll
[2016/10/12 09:20:44 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.AllJoyn.dll
[2016/10/12 09:20:43 | 000,404,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dsreg.dll
[2016/10/12 09:20:43 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\UserMgrProxy.dll
[2016/10/12 09:20:43 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AuthBroker.dll
[2016/10/12 09:20:43 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Networking.ServiceDiscovery.Dnssd.dll
[2016/10/12 09:20:43 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\UserDeviceRegistration.Ngc.dll
[2016/10/12 09:20:42 | 000,759,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msfeeds.dll
[2016/10/12 09:20:42 | 000,480,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dsreg.dll
[2016/10/12 09:20:42 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\UserMgrProxy.dll
[2016/10/12 09:20:42 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\UserDeviceRegistration.dll
[2016/10/12 09:20:42 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AuthBroker.dll
[2016/10/12 09:20:41 | 002,800,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\netshell.dll
[2016/10/12 09:20:40 | 002,914,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CertEnroll.dll
[2016/10/12 09:20:40 | 001,589,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msdtctm.dll
[2016/10/12 09:20:38 | 001,322,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wpx.dll
[2016/10/12 09:20:38 | 000,396,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ncsi.dll
[2016/10/12 09:20:37 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\bcdedit.exe
[2016/10/12 09:20:37 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\credprovs.dll
[2016/10/12 09:20:35 | 000,983,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ngcsvc.dll
[2016/10/12 09:20:32 | 000,431,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\efswrt.dll
[2016/10/12 09:20:32 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dialclient.dll
[2016/10/12 09:20:29 | 008,126,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Chakra.dll
[2016/10/12 09:20:29 | 006,043,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Chakra.dll
[2016/10/12 09:20:29 | 002,682,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\netshell.dll
[2016/10/12 09:20:29 | 000,822,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Chakradiag.dll
[2016/10/12 09:20:27 | 004,747,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2016/10/12 09:20:27 | 001,107,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aadtb.dll
[2016/10/12 09:20:27 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\apprepsync.dll
[2016/10/12 09:20:27 | 000,237,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Web.Diagnostics.dll
[2016/10/12 09:20:27 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\apprepapi.dll
[2016/10/12 09:20:26 | 002,390,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\smartscreen.exe
[2016/10/12 09:20:26 | 000,064,352 | ---- | C] (Avago Technologies) -- C:\WINDOWS\SysNative\drivers\MegaSas2i.sys
[2016/10/12 09:20:24 | 000,590,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vbscript.dll
[2016/10/12 09:20:22 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\credprovs.dll
[2016/10/12 09:20:22 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\adsmsext.dll
[2016/10/12 09:20:22 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\offreg.dll
[2016/10/12 09:20:19 | 000,858,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\EmailApis.dll
[2016/10/12 09:20:19 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ContactApis.dll
[2016/10/12 09:20:19 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AppointmentApis.dll
[2016/10/12 09:20:19 | 000,661,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WpcWebFilter.dll
[2016/10/12 09:20:19 | 000,590,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\efswrt.dll
[2016/10/12 09:20:19 | 000,299,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\UserDataAccountApis.dll
[2016/10/12 09:20:19 | 000,146,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CloudExperienceHostCommon.dll
[2016/10/12 09:20:18 | 002,646,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\CertEnroll.dll
[2016/10/12 09:20:18 | 000,765,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.Sensors.dll
[2016/10/12 09:20:18 | 000,651,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.AllJoyn.dll
[2016/10/12 09:20:18 | 000,640,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MCRecvSrc.dll
[2016/10/12 09:20:18 | 000,187,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dialclient.dll
[2016/10/12 09:20:17 | 001,859,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.Store.dll
[2016/10/12 09:20:17 | 001,255,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AzureSettingSyncProvider.dll
[2016/10/12 09:20:17 | 000,567,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ChatApis.dll
[2016/10/12 09:20:17 | 000,360,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SystemSettingsAdminFlows.exe
[2016/10/12 09:20:16 | 003,105,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mstsc.exe
[2016/10/12 09:20:16 | 001,430,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.dll
[2016/10/12 09:20:12 | 000,945,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WpcWebFilter.dll
[2016/10/12 09:20:02 | 002,213,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\KernelBase.dll
[2016/10/12 09:20:02 | 000,980,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfnetcore.dll
[2016/10/12 09:19:59 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Web.Http.dll
[2016/10/12 09:19:59 | 000,774,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Web.dll
[2016/10/12 09:19:59 | 000,561,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.Wallet.dll
[2016/10/12 09:19:58 | 003,369,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.StateRepository.dll
[2016/10/12 09:19:58 | 000,924,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Networking.BackgroundTransfer.dll
[2016/10/12 09:19:58 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Networking.BackgroundTransfer.dll
[2016/10/12 09:19:58 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.StateRepositoryClient.dll
[2016/10/12 09:19:55 | 000,998,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\TSWorkspace.dll
[2016/10/12 09:19:55 | 000,775,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\GamePanel.exe
[2016/10/12 09:19:55 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\UIRibbonRes.dll
[2016/10/12 09:19:55 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\UIRibbonRes.dll
[2016/10/12 09:19:55 | 000,379,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\apprepsync.dll
[2016/10/12 09:19:55 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\apprepapi.dll
[2016/10/12 09:19:55 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Networking.ServiceDiscovery.Dnssd.dll
[2016/10/12 09:19:54 | 001,013,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Web.Http.dll
[2016/10/12 09:19:54 | 000,598,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Web.dll
[2016/10/12 09:19:54 | 000,241,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CloudExperienceHost.dll
[2016/10/12 09:19:54 | 000,223,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Networking.HostName.dll
[2016/10/12 09:19:54 | 000,116,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\CloudExperienceHostCommon.dll
[2016/10/12 09:19:53 | 001,112,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppxPackaging.dll
[2016/10/12 09:19:52 | 001,360,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfnetsrc.dll
[2016/10/12 09:19:52 | 001,022,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AppxPackaging.dll
[2016/10/12 09:19:52 | 000,128,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\tm.sys
[2016/10/12 09:19:51 | 003,059,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msi.dll
[2016/10/12 09:19:51 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Networking.HostName.dll
[2016/10/12 09:19:51 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\offreg.dll
[2016/10/12 09:19:51 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ConfigureExpandedStorage.dll
[2016/10/12 09:19:50 | 001,145,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\EmailApis.dll
[2016/10/12 09:19:50 | 001,071,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfnetcore.dll
[2016/10/12 09:19:50 | 000,748,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ChatApis.dll
[2016/10/12 09:19:49 | 001,013,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ContactApis.dll
[2016/10/12 09:19:49 | 000,936,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MCRecvSrc.dll
[2016/10/12 09:19:49 | 000,771,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppointmentApis.dll
[2016/10/12 09:19:49 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.StateRepositoryBroker.dll
[2016/10/12 09:19:48 | 006,664,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mspaint.exe
[2016/10/12 09:19:47 | 000,833,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32spl.dll
[2016/10/12 09:19:47 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.StateRepositoryClient.dll
[2016/10/12 09:19:46 | 004,136,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.StateRepository.dll
[2016/10/12 09:19:46 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ShareHost.dll
[2016/10/12 09:19:44 | 001,908,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AzureSettingSyncProvider.dll
[2016/10/12 09:19:39 | 000,589,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.Sensors.dll
[2016/10/12 09:19:38 | 001,456,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\GdiPlus.dll
[2016/10/12 09:19:38 | 000,279,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\sdbus.sys
[2016/10/12 09:19:37 | 001,656,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\GdiPlus.dll
[2016/10/12 09:19:37 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\cloudAP.dll
[2016/10/12 09:19:36 | 000,187,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\dumpsd.sys
[2016/10/12 09:19:36 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ErrorDetails.dll
[2016/10/12 09:19:36 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\adsmsext.dll
[2016/10/10 12:17:45 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2016/10/10 11:35:38 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[1 C:\WINDOWS\SysNative\*.tmp files -> C:\WINDOWS\SysNative\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2016/11/06 11:13:23 | 001,159,066 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2016/11/06 11:13:23 | 000,948,014 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2016/11/06 11:13:23 | 000,207,856 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2016/11/06 11:12:44 | 000,001,175 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2016/11/06 11:08:32 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2016/11/06 11:07:52 | 000,192,216 | ---- | M] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
[2016/11/06 11:06:27 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2016/11/06 11:06:25 | 2056,626,175 | -HS- | M] () -- C:\hiberfil.sys
[2016/11/06 10:31:40 | 004,950,608 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2016/11/06 10:01:02 | 000,001,104 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 11.lnk
[2016/11/04 11:27:47 | 001,176,315 | ---- | M] () -- C:\Users\Sandra\Documents\Harlequin.com _ Miniseries - Rocky Mountain Heirs.htm
[2016/11/03 09:15:46 | 000,420,864 | ---- | M] () -- C:\Users\Sandra\Documents\Joseph5.png
[2016/11/03 09:14:37 | 000,002,422 | ---- | M] () -- C:\Users\Public\Desktop\radar.lnk
[2016/11/03 09:14:37 | 000,002,260 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2016/11/03 09:14:37 | 000,002,144 | ---- | M] () -- C:\Users\Public\Desktop\Brother Creative Center.lnk
[2016/11/03 09:14:37 | 000,001,399 | ---- | M] () -- C:\Users\Sandra\Desktop\Internet Explorer.lnk
[2016/11/03 09:14:37 | 000,001,184 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2016/11/03 09:14:37 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2016/11/02 07:14:14 | 000,110,144 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\WindowsAccessBridge-64.dll
[2016/11/02 07:14:14 | 000,110,144 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysNative\WindowsAccessBridge-64.dll
[2016/11/02 07:13:48 | 000,097,856 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
[2016/10/29 12:25:54 | 000,002,009 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2016/10/29 07:05:54 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2016/10/28 13:30:27 | 000,015,425 | ---- | M] () -- C:\WINDOWS\SysNative\OEMDefaultAssociations.xml
[2016/10/26 11:20:03 | 000,004,057 | ---- | M] () -- C:\Users\Sandra\Documents\Lincoln's Gettysburg Address.html
[2016/10/26 11:15:27 | 000,457,557 | ---- | M] () -- C:\Users\Sandra\Documents\CONTRACT_FOR_THE_VOTER.pdf
[2016/10/24 17:30:58 | 000,828,408 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
[2016/10/24 17:30:58 | 000,176,632 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
[2016/10/17 08:32:00 | 000,000,323 | ---- | M] () -- C:\Users\Sandra\Desktop\Facebook.url
[2016/10/14 22:51:51 | 001,051,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winresume.efi
[2016/10/14 22:51:51 | 000,894,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winresume.exe
[2016/10/14 22:51:31 | 002,186,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\hevcdecoder.dll
[2016/10/14 22:51:24 | 001,637,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\appraiser.dll
[2016/10/14 22:51:24 | 001,235,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aeinv.dll
[2016/10/14 22:51:23 | 000,595,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\generaltel.dll
[2016/10/14 22:51:23 | 000,584,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\devinv.dll
[2016/10/14 22:51:23 | 000,322,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\invagent.dll
[2016/10/14 22:51:23 | 000,232,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aepic.dll
[2016/10/14 22:51:23 | 000,137,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\acmigration.dll
[2016/10/14 22:51:23 | 000,078,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CompatTelRunner.exe
[2016/10/14 22:51:17 | 000,283,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DeviceCensus.exe
[2016/10/14 22:51:13 | 000,590,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AudioSes.dll
[2016/10/14 22:48:59 | 000,498,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DolbyDecMFT.dll
[2016/10/14 22:48:42 | 001,354,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.efi
[2016/10/14 22:48:42 | 001,173,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.exe
[2016/10/14 22:48:28 | 007,817,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntoskrnl.exe
[2016/10/14 22:48:21 | 000,773,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\oleaut32.dll
[2016/10/14 22:47:16 | 001,883,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntdll.dll
[2016/10/14 22:43:55 | 001,356,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ClipUp.exe
[2016/10/14 22:38:52 | 000,409,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\FWPKCLNT.SYS
[2016/10/14 22:37:01 | 000,063,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\dam.sys
[2016/10/14 22:34:46 | 001,969,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\hevcdecoder.dll
[2016/10/14 22:33:21 | 000,455,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\DolbyDecMFT.dll
[2016/10/14 22:31:50 | 002,827,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d3d11.dll
[2016/10/14 22:31:48 | 000,402,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\dxgmms1.sys
[2016/10/14 22:31:43 | 000,658,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\dxgmms2.sys
[2016/10/14 22:30:17 | 000,509,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\storport.sys
[2016/10/14 22:30:16 | 000,557,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\spaceport.sys
[2016/10/14 22:30:16 | 000,341,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wintrust.dll
[2016/10/14 22:30:06 | 001,851,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\crypt32.dll
[2016/10/14 22:30:06 | 000,682,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wer.dll
[2016/10/14 22:30:05 | 000,238,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\weretw.dll
[2016/10/14 22:29:46 | 002,913,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\combase.dll
[2016/10/14 22:29:45 | 000,079,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\crashdmp.sys
[2016/10/14 22:29:44 | 001,267,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WinTypes.dll
[2016/10/14 22:29:43 | 000,908,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drvstore.dll
[2016/10/14 22:26:59 | 004,129,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfcore.dll
[2016/10/14 22:26:59 | 001,694,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winmde.dll
[2016/10/14 22:26:56 | 001,472,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfplat.dll
[2016/10/14 22:26:56 | 000,691,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msvproc.dll
[2016/10/14 22:26:53 | 001,062,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfsvr.dll
[2016/10/14 22:26:52 | 001,990,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfmp4srcsnk.dll
[2016/10/14 22:26:52 | 000,811,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MFCaptureEngine.dll
[2016/10/14 22:26:50 | 000,534,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AudioEng.dll
[2016/10/14 22:26:43 | 001,274,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ole32.dll
[2016/10/14 22:26:16 | 000,160,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CloudExperienceHostBroker.dll
[2016/10/14 22:26:14 | 004,673,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2016/10/14 22:26:03 | 001,600,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\sppobjs.dll
[2016/10/14 22:25:52 | 000,742,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\sppwinob.dll
[2016/10/14 22:25:51 | 000,882,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\EditionUpgradeManagerObj.dll
[2016/10/14 22:22:35 | 001,608,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d3d9.dll
[2016/10/14 22:22:35 | 001,461,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\user32.dll
[2016/10/14 22:22:32 | 000,628,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fontdrvhost.exe
[2016/10/14 22:22:29 | 001,418,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msctf.dll
[2016/10/14 22:21:33 | 000,292,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wmpeffects.dll
[2016/10/14 22:20:49 | 002,276,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\d3d11.dll
[2016/10/14 22:18:59 | 000,576,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wer.dll
[2016/10/14 22:18:45 | 000,186,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\weretw.dll
[2016/10/14 22:18:09 | 000,846,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WinTypes.dll
[2016/10/14 22:18:06 | 000,749,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\drvstore.dll
[2016/10/14 22:18:01 | 002,166,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\combase.dll
[2016/10/14 22:15:51 | 003,892,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfcore.dll
[2016/10/14 22:15:48 | 001,853,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfmp4srcsnk.dll
[2016/10/14 22:15:46 | 001,557,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\winmde.dll
[2016/10/14 22:15:46 | 000,687,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msvproc.dll
[2016/10/14 22:15:45 | 001,123,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfplat.dll
[2016/10/14 22:15:43 | 000,952,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfsvr.dll
[2016/10/14 22:14:42 | 004,311,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\explorer.exe
[2016/10/14 22:11:24 | 000,545,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\fontdrvhost.exe
[2016/10/14 22:10:07 | 000,254,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wmpeffects.dll
[2016/10/14 22:06:09 | 005,685,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Data.Pdf.dll
[2016/10/14 22:05:48 | 007,216,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Data.Pdf.dll
[2016/10/14 22:02:18 | 022,568,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\edgehtml.dll
[2016/10/14 22:01:00 | 001,631,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Xaml.Resources.dll
[2016/10/14 22:00:40 | 001,631,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Xaml.Resources.dll
[2016/10/14 22:00:30 | 000,323,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinui.pcshell.dll
[2016/10/14 22:00:11 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wups.dll
[2016/10/14 22:00:03 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\stdole2.tlb
[2016/10/14 21:59:51 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\stdole2.tlb
[2016/10/14 21:59:49 | 000,187,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfksproxy.dll
[2016/10/14 21:59:22 | 000,272,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfksproxy.dll
[2016/10/14 21:59:08 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\splwow64.exe
[2016/10/14 21:58:43 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\efsext.dll
[2016/10/14 21:58:34 | 000,258,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\xboxgip.sys
[2016/10/14 21:58:18 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\efsext.dll
[2016/10/14 21:57:50 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mshtmled.dll
[2016/10/14 21:57:46 | 000,186,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MusNotification.exe
[2016/10/14 21:57:40 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wmpdxm.dll
[2016/10/14 21:57:40 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dtdump.exe
[2016/10/14 21:57:02 | 000,217,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wmpdxm.dll
[2016/10/14 21:56:51 | 000,306,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\esentutl.exe
[2016/10/14 21:56:49 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\HttpsDataSource.dll
[2016/10/14 21:56:41 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\OnDemandConnRouteHelper.dll
[2016/10/14 21:56:32 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AudioSrvPolicyManager.dll
[2016/10/14 21:56:15 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.WiFi.dll
[2016/10/14 21:56:14 | 000,339,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\esentutl.exe
[2016/10/14 21:56:14 | 000,227,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\cdd.dll
[2016/10/14 21:56:07 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\BthRadioMedia.dll
[2016/10/14 21:56:06 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\BluetoothApis.dll
[2016/10/14 21:56:05 | 000,327,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\daxexec.dll
[2016/10/14 21:56:05 | 000,120,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\BluetoothApis.dll
[2016/10/14 21:55:50 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\hidclass.sys
[2016/10/14 21:55:44 | 000,329,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wc_storage.dll
[2016/10/14 21:55:33 | 000,142,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.WiFi.dll
[2016/10/14 21:55:30 | 000,567,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DevicePairing.dll
[2016/10/14 21:55:24 | 000,126,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wmpshell.dll
[2016/10/14 21:55:23 | 000,265,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dhcpcore6.dll
[2016/10/14 21:55:15 | 000,635,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\FlightSettings.dll
[2016/10/14 21:55:07 | 000,236,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingsHandlers_Flights.dll
[2016/10/14 21:55:07 | 000,182,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfsensorgroup.dll
[2016/10/14 21:54:55 | 000,717,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\taskbarcpl.dll
[2016/10/14 21:54:51 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wmpshell.dll
[2016/10/14 21:54:49 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\InstallAgent.exe
[2016/10/14 21:54:25 | 000,211,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\InstallAgent.exe
[2016/10/14 21:54:23 | 000,217,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DevicePairingFolder.dll
[2016/10/14 21:54:21 | 000,463,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\daxexec.dll
[2016/10/14 21:54:18 | 000,314,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\FSClient.dll
[2016/10/14 21:54:18 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\autoplay.dll
[2016/10/14 21:54:17 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\TpmTasks.dll
[2016/10/14 21:54:11 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfsensorgroup.dll
[2016/10/14 21:54:07 | 000,241,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dafBth.dll
[2016/10/14 21:54:05 | 000,555,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\StoreAgent.dll
[2016/10/14 21:54:00 | 000,410,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SndVolSSO.dll
[2016/10/14 21:53:50 | 000,198,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\FSClient.dll
[2016/10/14 21:53:38 | 000,313,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\moshostcore.dll
[2016/10/14 21:53:21 | 000,240,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NetworkDesktopSettings.dll
[2016/10/14 21:53:14 | 000,744,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\StoreAgent.dll
[2016/10/14 21:53:07 | 000,222,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\InstallAgentUserBroker.exe
[2016/10/14 21:53:05 | 000,566,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ActionCenterCPL.dll
[2016/10/14 21:53:01 | 000,147,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winsrv.dll
[2016/10/14 21:53:00 | 000,549,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ActionCenterCPL.dll
[2016/10/14 21:52:59 | 000,690,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieproxy.dll
[2016/10/14 21:52:59 | 000,306,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieproxy.dll
[2016/10/14 21:52:51 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\systemcpl.dll
[2016/10/14 21:52:51 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mshtmled.dll
[2016/10/14 21:52:40 | 000,339,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\cdpusersvc.dll
[2016/10/14 21:52:37 | 000,632,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\sud.dll
[2016/10/14 21:52:26 | 000,506,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\DevicePairing.dll
[2016/10/14 21:52:19 | 000,432,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WpAXHolder.dll
[2016/10/14 21:52:13 | 000,523,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MusUpdateHandlers.dll
[2016/10/14 21:52:12 | 000,163,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\autoplay.dll
[2016/10/14 21:52:10 | 006,285,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.dll
[2016/10/14 21:52:08 | 000,410,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\cdpsvc.dll
[2016/10/14 21:52:08 | 000,115,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\IdCtrls.dll
[2016/10/14 21:51:47 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dhcpcore6.dll
[2016/10/14 21:51:30 | 000,261,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\indexeddbserver.dll
[2016/10/14 21:51:29 | 000,429,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SndVolSSO.dll
[2016/10/14 21:51:15 | 013,868,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
[2016/10/14 21:50:56 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\fontext.dll
[2016/10/14 21:50:54 | 017,188,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Xaml.dll
[2016/10/14 21:50:37 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\updatepolicy.dll
[2016/10/14 21:50:36 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\updatepolicy.dll
[2016/10/14 21:50:26 | 000,198,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\indexeddbserver.dll
[2016/10/14 21:50:21 | 000,310,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AppXDeploymentClient.dll
[2016/10/14 21:50:20 | 000,438,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\EncDec.dll
[2016/10/14 21:50:12 | 000,509,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingsHandlers_Bluetooth.dll
[2016/10/14 21:49:47 | 000,388,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\zipfldr.dll
[2016/10/14 21:49:45 | 000,495,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DataSenseHandlers.dll
[2016/10/14 21:49:19 | 001,913,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wsp_fs.dll
[2016/10/14 21:49:09 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WSManHTTPConfig.exe
[2016/10/14 21:49:07 | 009,131,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinui.dll
[2016/10/14 21:49:04 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSManHTTPConfig.exe
[2016/10/14 21:49:02 | 000,838,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\JpMapControl.dll
[2016/10/14 21:49:01 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MDMAppInstaller.exe
[2016/10/14 21:48:56 | 001,554,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wsp_health.dll
[2016/10/14 21:48:11 | 003,778,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MFMediaEngine.dll
[2016/10/14 21:48:01 | 001,323,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wsp_fs.dll
[2016/10/14 21:47:56 | 004,612,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.dll
[2016/10/14 21:47:52 | 000,720,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.BackgroundMediaPlayback.dll
[2016/10/14 21:47:49 | 001,113,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wsp_health.dll
[2016/10/14 21:47:48 | 000,558,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wpnprv.dll
[2016/10/14 21:47:40 | 007,792,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\BingMaps.dll
[2016/10/14 21:47:07 | 000,369,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msinfo32.exe
[2016/10/14 21:47:04 | 007,626,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinui.dll
[2016/10/14 21:46:42 | 000,471,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.BackgroundMediaPlayback.dll
[2016/10/14 21:46:39 | 019,418,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\edgehtml.dll
[2016/10/14 21:46:18 | 003,287,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mispace.dll
[2016/10/14 21:46:14 | 000,718,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.Playback.BackgroundMediaPlayer.dll
[2016/10/14 21:46:14 | 000,336,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msinfo32.exe
[2016/10/14 21:45:57 | 000,337,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AudioEndpointBuilder.dll
[2016/10/14 21:45:53 | 001,790,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LocationFramework.dll
[2016/10/14 21:45:28 | 000,702,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.Playback.MediaPlayer.dll
[2016/10/14 21:45:06 | 000,406,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentClient.dll
[2016/10/14 21:44:48 | 003,307,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MFMediaEngine.dll
[2016/10/14 21:44:36 | 000,470,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.Playback.BackgroundMediaPlayer.dll
[2016/10/14 21:44:20 | 000,747,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\RemoteNaturalLanguage.dll
[2016/10/14 21:44:12 | 000,465,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\LockAppBroker.dll
[2016/10/14 21:44:09 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\powercfg.exe
[2016/10/14 21:43:41 | 002,748,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mispace.dll
[2016/10/14 21:43:35 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iscsiwmi.dll
[2016/10/14 21:43:16 | 001,365,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wpncore.dll
[2016/10/14 21:43:15 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\energy.dll
[2016/10/14 21:42:59 | 000,459,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.Playback.MediaPlayer.dll
[2016/10/14 21:42:58 | 000,805,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\FrameServer.dll
[2016/10/14 21:42:53 | 000,956,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentExtensions.desktop.dll
[2016/10/14 21:42:47 | 012,349,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wmp.dll
[2016/10/14 21:42:44 | 000,539,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\usocore.dll
[2016/10/14 21:42:24 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\chartv.dll
[2016/10/14 21:42:21 | 000,467,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Geolocation.dll
[2016/10/14 21:42:16 | 006,108,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mos.dll
[2016/10/14 21:42:02 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\powercfg.exe
[2016/10/14 21:41:58 | 005,376,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\BingMaps.dll
[2016/10/14 21:41:55 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\EditionUpgradeHelper.dll
[2016/10/14 21:41:43 | 000,496,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SystemSettings.UserAccountsHandlers.dll
[2016/10/14 21:41:29 | 007,654,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mos.dll
[2016/10/14 21:41:28 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iscsiwmi.dll
[2016/10/14 21:41:25 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fontext.dll
[2016/10/14 21:41:16 | 000,655,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\sud.dll
[2016/10/14 21:40:38 | 001,690,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentExtensions.onecore.dll
[2016/10/14 21:39:57 | 000,357,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Geolocation.dll
[2016/10/14 21:39:57 | 000,109,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\chartv.dll
[2016/10/14 21:39:56 | 000,631,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NotificationController.dll
[2016/10/14 21:39:45 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\JpMapControl.dll
[2016/10/14 21:39:42 | 001,228,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\usercpl.dll
[2016/10/14 21:39:40 | 000,869,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuapi.dll
[2016/10/14 21:39:38 | 000,243,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\shdocvw.dll
[2016/10/14 21:39:35 | 004,474,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\D3DCompiler_47.dll
[2016/10/14 21:39:26 | 004,749,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingsHandlers_nt.dll
[2016/10/14 21:39:26 | 001,005,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\D3D12.dll
[2016/10/14 21:39:08 | 000,806,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\D3D12.dll
[2016/10/14 21:39:04 | 003,400,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SyncCenter.dll
[2016/10/14 21:39:00 | 002,266,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentServer.dll
[2016/10/14 21:38:56 | 013,441,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wmp.dll
[2016/10/14 21:38:55 | 002,458,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\themecpl.dll
[2016/10/14 21:38:44 | 000,828,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\appwiz.cpl
[2016/10/14 21:38:41 | 000,675,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Networking.dll
[2016/10/14 21:38:31 | 007,468,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mstscax.dll
[2016/10/14 21:38:10 | 000,913,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Networking.dll
[2016/10/14 21:38:02 | 000,579,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LockAppBroker.dll
[2016/10/14 21:38:01 | 001,993,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dwmcore.dll
[2016/10/14 21:37:58 | 001,029,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MapsStore.dll
[2016/10/14 21:37:52 | 001,643,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.Speech.dll
[2016/10/14 21:37:49 | 000,093,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\cmifw.dll
[2016/10/14 21:37:47 | 003,733,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\D3DCompiler_47.dll
[2016/10/14 21:37:46 | 000,709,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\CPFilters.dll
[2016/10/14 21:37:37 | 000,715,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MapControlCore.dll
[2016/10/14 21:37:20 | 000,712,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Search.dll
[2016/10/14 21:37:18 | 004,708,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ExplorerFrame.dll
[2016/10/14 21:37:16 | 002,611,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\gameux.dll
[2016/10/14 21:37:04 | 008,075,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mstscax.dll
[2016/10/14 21:37:03 | 001,980,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\diagtrack.dll
[2016/10/14 21:36:59 | 000,673,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winlogon.exe
[2016/10/14 21:36:56 | 002,484,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\gameux.dll
[2016/10/14 21:36:56 | 002,290,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dwmcore.dll
[2016/10/14 21:36:56 | 000,909,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Search.dll
[2016/10/14 21:36:55 | 004,423,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ExplorerFrame.dll
[2016/10/14 21:36:55 | 001,170,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.Speech.dll
[2016/10/14 21:36:46 | 000,542,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Networking.Connectivity.dll
[2016/10/14 21:36:46 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Display.dll
[2016/10/14 21:36:45 | 001,637,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieapfltr.dll
[2016/10/14 21:36:43 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\hgcpl.dll
[2016/10/14 21:36:42 | 000,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\authui.dll
[2016/10/14 21:36:41 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\hgcpl.dll
[2016/10/14 21:36:27 | 000,983,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\RemoteNaturalLanguage.dll
[2016/10/14 21:36:25 | 001,492,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\lsasrv.dll
[2016/10/14 21:36:25 | 001,359,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\usercpl.dll
[2016/10/14 21:36:19 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\cmifw.dll
[2016/10/14 21:36:17 | 002,512,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\themecpl.dll
[2016/10/14 21:36:14 | 003,617,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32kfull.sys
[2016/10/14 21:36:14 | 000,338,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fhcpl.dll
[2016/10/14 21:36:10 | 001,556,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Immersive.dll
[2016/10/14 21:35:59 | 000,760,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\NMAA.dll
[2016/10/14 21:35:56 | 000,422,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinapi.dll
[2016/10/14 21:35:56 | 000,389,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\stobject.dll
[2016/10/14 21:35:53 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieapfltr.dll
[2016/10/14 21:35:49 | 000,483,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinapi.dll
[2016/10/14 21:35:39 | 001,512,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32kbase.sys
[2016/10/14 21:35:36 | 000,701,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Networking.Connectivity.dll
[2016/10/14 21:35:34 | 002,999,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\win32kfull.sys
[2016/10/14 21:35:23 | 000,798,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\authui.dll
[2016/10/14 21:35:18 | 002,708,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\esent.dll
[2016/10/14 21:35:15 | 003,054,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\esent.dll
[2016/10/14 21:35:08 | 000,905,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MapControlCore.dll
[2016/10/14 21:35:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuuhext.dll
[2016/10/14 21:34:54 | 002,476,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DWrite.dll
[2016/10/14 21:34:49 | 000,936,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NMAA.dll
[2016/10/14 21:34:37 | 000,842,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntshrui.dll
[2016/10/14 21:34:22 | 001,726,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Immersive.dll
[2016/10/14 21:32:24 | 000,886,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CPFilters.dll
[2016/10/14 21:31:37 | 000,227,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\ahcache.sys
[2016/10/12 09:04:52 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Web.Diagnostics.dll
[2016/10/12 09:04:47 | 000,783,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\TSWorkspace.dll
[1 C:\WINDOWS\SysNative\*.tmp files -> C:\WINDOWS\SysNative\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2016/11/06 10:01:02 | 000,001,116 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
[2016/11/06 10:01:02 | 000,001,104 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 11.lnk
[2016/11/04 11:27:46 | 001,176,315 | ---- | C] () -- C:\Users\Sandra\Documents\Harlequin.com _ Miniseries - Rocky Mountain Heirs.htm
[2016/11/03 09:10:46 | 000,420,864 | ---- | C] () -- C:\Users\Sandra\Documents\Joseph5.png
[2016/10/26 11:20:03 | 000,004,057 | ---- | C] () -- C:\Users\Sandra\Documents\Lincoln's Gettysburg Address.html
[2016/10/26 11:15:25 | 000,457,557 | ---- | C] () -- C:\Users\Sandra\Documents\CONTRACT_FOR_THE_VOTER.pdf
[2016/10/12 09:19:53 | 000,446,124 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml
[2016/10/10 11:35:37 | 000,002,009 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2016/10/03 10:33:12 | 000,265,728 | ---- | C] () -- C:\WINDOWS\SysWow64\Windows.Perception.Stub.dll
[2016/10/03 10:32:41 | 002,048,496 | ---- | C] () -- C:\WINDOWS\SysWow64\CoreUIComponents.dll
[2016/10/03 07:38:23 | 001,030,458 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2016/10/03 07:34:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2016/10/03 07:33:12 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2016/07/16 05:47:57 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2016/07/16 05:47:57 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2016/07/16 05:43:04 | 000,055,296 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2016/07/16 05:43:00 | 000,019,968 | ---- | C] () -- C:\WINDOWS\SysWow64\GamePanelExternalHook.dll
[2016/07/16 05:42:55 | 000,167,640 | ---- | C] () -- C:\WINDOWS\SysWow64\chs_singlechar_pinyin.dat
[2016/07/16 05:42:53 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2016/07/16 05:42:49 | 000,304,640 | ---- | C] () -- C:\WINDOWS\SysWow64\HrtfApo.dll
[2016/07/16 05:42:48 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2016/07/16 05:42:43 | 000,002,307 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2016/07/16 05:42:12 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2016/05/03 22:30:46 | 000,200,200 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll
[2016/05/03 22:30:44 | 000,161,288 | ---- | C] () -- C:\WINDOWS\SysWow64\igdail32.dll
[2016/01/03 14:37:57 | 000,000,020 | ---- | C] () -- C:\Program Files (x86)\FullScreensavers.ini
[2015/12/16 19:07:40 | 000,152,560 | ---- | C] () -- C:\WINDOWS\SysWow64\atieah32.exe
[2015/12/16 19:07:40 | 000,111,088 | ---- | C] () -- C:\WINDOWS\SysWow64\hsa-thunk.dll
[2015/12/16 19:07:38 | 001,004,032 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_as32.exe
[2015/12/16 19:07:36 | 000,807,424 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_ld32.exe
[2015/12/16 19:07:34 | 000,198,640 | ---- | C] () -- C:\WINDOWS\SysWow64\amdgfxinfo32.dll
[2015/12/16 19:07:34 | 000,132,080 | ---- | C] () -- C:\WINDOWS\SysWow64\amdhdl32.dll
[2015/11/04 20:24:18 | 000,204,952 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsvl.dat
[2015/11/04 20:24:18 | 000,157,144 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsva.dat
[2015/05/24 09:46:25 | 008,610,080 | ---- | C] () -- C:\Users\Sandra\han july
[2015/05/24 09:19:37 | 002,800,816 | ---- | C] () -- C:\Users\Sandra\june han
[2015/05/24 09:00:16 | 004,439,612 | ---- | C] () -- C:\Users\Sandra\han calendar
[2015/02/25 11:58:57 | 000,000,450 | ---- | C] () -- C:\Users\Sandra\AppData\Roaming\Weather Meter_Settings.ini
[2015/02/22 12:33:25 | 000,000,446 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2015/01/02 23:05:05 | 000,003,302 | ---- | C] () -- C:\WINDOWS\BRPARAM.INI
[2015/01/02 23:03:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2014/12/25 21:21:42 | 000,043,520 | ---- | C] () -- C:\WINDOWS\SysWow64\CmdLineExt03.dll
[2014/06/04 23:01:40 | 000,000,003 | ---- | C] () -- C:\Users\Sandra\AppData\Local\user_data.ini

========== ZeroAccess Check ==========

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\windows.storage.dll -- [2016/09/15 11:16:13 | 007,219,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\windows.storage.dll -- [2016/09/15 11:22:40 | 005,722,320 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2016/07/16 05:42:31 | 000,977,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2016/07/16 05:42:56 | 000,779,776 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2016/07/16 05:42:31 | 000,518,656 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2016/01/10 22:25:21 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\ControlCenter4
[2014/12/25 21:20:34 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Leadertech
[2014/08/23 10:17:22 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\library_dir
[2016/08/06 18:02:06 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Opera Software
[2014/06/07 12:58:26 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Oracle
[2014/10/06 12:37:55 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\PC-FAX TX
[2014/08/23 10:18:09 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Raptr
[2014/06/22 12:47:00 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Skinux
[2016/11/06 10:01:02 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\TeamViewer
[2014/12/26 19:58:20 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Windows Live Writer

========== Purity Check ==========

< End of report >

sandra · November 6, 2016

And the other log !

OTL Extras logfile created on: 11/6/2016 11:26:48 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sandra\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.14393.0)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.89 Gb Total Physical Memory | 5.28 Gb Available Physical Memory | 66.94% Memory free
15.89 Gb Paging File | 12.94 Gb Available in Paging File | 81.48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.10 Gb Total Space | 383.63 Gb Free Space | 82.48% Space Free | Partition Type: NTFS

Computer Name: SANDRA-PC | User Name: Sandra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Powershell] -- powershell.exe -noexit -command Set-Location '%V' (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Powershell] -- powershell.exe -noexit -command Set-Location '%V' (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 1C FA 49 7D 7E 1D D2 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = [binary data]
"DontEnumerateCommonFilesUpgradeExe" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3211CE38-BF25-46AC-852F-3F63596CC88C}" = lport=54925 | protocol=17 | dir=in | svc=stisvc | name=brothernetwork scanner |
"{74D80ACD-4262-4C09-875D-38309FDE058D}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
"{84A28CA7-2DAE-4C5F-AA56-C6CD0955B8A1}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
"{BDE4299A-1D2C-4775-8FDA-C70B152FCA40}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E7A9A2F3-D962-4AD2-B5C4-1CAED53B4B51}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{F1241F32-F172-4A46-A4DE-CFEC0D98996B}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00FB93E4-1749-4478-B907-311B5F864EEE}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{0297F752-6E03-4F24-816A-6DA674B1D99C}" = dir=in | name=@{microsoft.zunevideo_10.16092.10311.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{04A19DFC-D7B8-4A51-8940-39EE7237685C}" = dir=in | name=microsoft sticky notes |
"{0EDB6D59-CE23-421E-8838-989D660DF0AB}" = dir=out | name=@{microsoft.skypeapp_11.9.251.0_x64__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/skypevideo_productname} |
"{0FDD821D-0A31-4BCC-8A2C-088C9DB8B631}" = dir=in | app=c:\users\sandra\appdata\local\microsoft\skydrive\skydrive.exe |
"{0FF8A6F9-7501-4165-95E8-49B12D2B3C0F}" = dir=out | name=@{microsoft.3dbuilder_11.1.9.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.3dbuilder/resources/appstorename} |
"{10BEE06F-5A49-4238-A88E-A7B64ADC23D8}" = dir=out | name=@{microsoft.microsoftedge_38.14393.0.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} |
"{11A702B6-8FCC-4ABC-8D07-648349B05867}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{124AF59D-B2A9-4092-A077-0CBF8E1BB124}" = protocol=17 | dir=in | app=c:\program files (x86)\brother\brmfl13b\faxrx.exe |
"{1A42A3C6-DB5B-4A30-B165-6E13F24A5F9E}" = dir=out | name=@{microsoft.zunevideo_10.16092.10311.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{1B68FC8A-12F2-411D-A69C-7E56F4A27B68}" = dir=in | name=@{microsoft.commsphone_2.17.27003.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.commsphone/resources/appstorename} |
"{1BF81D3F-9580-42E9-BB2C-7AD0EF1AE59C}" = dir=in | name=@{microsoft.zunemusic_10.16092.10311.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{1D751EA1-11A4-4E11-A91D-EF05AE1A5AEF}" = dir=in | name=@{microsoft.microsoftedge_38.14393.0.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} |
"{1F0DAFFA-F347-4CED-B632-A83DF24FD223}" = dir=out | name=@{microsoft.xboxgamecallableui_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.xboxgamecallableui/resources/pkgdisplayname} |
"{201DF0AD-3E6D-42BD-9BAB-9B579E870B2D}" = dir=out | name=@{microsoft.windows.contentdeliverymanager_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.contentdeliverymanager/resources/appdisplayname} |
"{2206E26D-257C-4DCB-8A50-6ED2790AC1BD}" = dir=out | name=windows_ie_ac_001 |
"{23B33319-753C-4E48-961E-DEF076DBB98F}" = dir=out | name=@{microsoft.connectivitystore_1.1604.4.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.connectivitystore/mswifiresources/appstorename} |
"{24275479-3C74-433D-9F6C-B63B57B74B35}" = dir=out | name=@{microsoft.aad.brokerplugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} |
"{25B934BE-AE8D-4310-89BA-A3492D5EDC49}" = dir=in | name=sway |
"{2C1E963D-48F2-4FA6-AA0A-8AE3832FCFD7}" = dir=out | name=xbox |
"{2C5A2A59-79F5-4918-89CD-F3E7C8CB7C3B}" = dir=out | name=@{microsoft.bingweather_4.16.15.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/applicationtitlewithbranding} |
"{2D64C91F-BF7A-4E32-8716-27BC3657DACE}" = dir=in | name=@{microsoft.aad.brokerplugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} |
"{2ECC0F9F-DFE1-48BF-A915-7C9B662F7A17}" = dir=out | name=windowsdvdplayer |
"{2FF6F019-CF66-4A81-B42B-1271659592A0}" = dir=out | name=@{microsoft.ppiprojection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} |
"{30FC95B2-0500-4790-84D9-5731C3185415}" = dir=in | name=@{microsoft.bingfinance_4.16.19.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/applicationtitlewithbranding} |
"{33A299D7-E13C-4055-9C00-C85B569F8AE8}" = dir=out | name=@{microsoft.accountscontrol_10.0.14393.206_neutral__cw5n1h2txyewy?ms-resource://microsoft.accountscontrol/resources/displayname} |
"{37A21869-7A56-4CD1-BB03-047D3221481E}" = dir=out | name=@{microsoft.windows.shellexperiencehost_10.0.14393.206_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.shellexperiencehost/resources/pkgdisplayname} |
"{395FF626-B2E4-4EE1-9D90-7C603985FF46}" = dir=in | name=xbox |
"{3A52F85A-D083-4A5C-90BF-339FC054FA33}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.7369.40827.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/appmanifest_outlookdesktop_displayname} |
"{3E610361-F975-4623-87F6-A428503F6D0C}" = dir=out | name=@{microsoft.windows.cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cortana/resources/packagedisplayname} |
"{440AB3E2-0ECA-4753-938F-A981B00E6830}" = protocol=58 | dir=out | [email protected],-503 |
"{45A48DCC-F4F1-406D-AE87-F15E2DB256B9}" = dir=out | name=store purchase app |
"{461E2AA6-37FF-4102-944B-E27FB1559590}" = dir=out | name=@{microsoft.windows.cloudexperiencehost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} |
"{4A5BAD0D-31D2-48DD-AEC4-909A9575542A}" = dir=out | name=@{microsoft.windows.photos_16.722.10060.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windows.photos/resources/appstorename} |
"{4AD95146-005E-4673-BF5F-774509ACEA5F}" = dir=out | name=@{microsoft.windows.parentalcontrols_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.parentalcontrols/resources/displayname} |
"{4BE61FEB-2716-423A-8C1F-CA03C454C9A1}" = dir=out | name=@{microsoft.microsoftofficehub_17.7420.23751.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftofficehub/officehubintl/appmanifest_getoffice_displayname} |
"{4FF5E603-548A-40D4-A38A-74BDF780921C}" = dir=out | name=@{microsoft.appconnector_1.3.3.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.appconnector/resources/connectorstubtitle} |
"{57231A9A-5A63-4D2D-AC26-3F59FE667B78}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer_service.exe |
"{5967CF97-1732-4D27-B40F-C945E4A40CF8}" = dir=in | name=@{microsoft.bingsports_4.16.17.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/applicationtitlewithbranding} |
"{615DB7DD-8F20-415E-ADB6-1C47EE6D8FFF}" = dir=in | name=onenote |
"{6A3A06AD-F14F-42A7-9E3B-EF5D097D0AD7}" = dir=out | name=microsoft sticky notes |
"{6A661F5F-6235-4F1A-A4EE-5C5088726D93}" = dir=in | name=microsoft solitaire collection |
"{70AA7DFC-7653-43FB-8F39-97E50EE4EE3A}" = dir=in | app=c:\program files (x86)\leapfrog\leapfrog connect\leapfrogconnect.exe |
"{7FA58D6C-95FD-49E4-BD42-950920628569}" = dir=out | name=@{microsoft.windowsphone_10.1609.2561.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphone/resources/appstorename} |
"{80D0E518-416A-40E7-BE3E-4300CE83D698}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{84EA7BDE-3FE9-4B1B-B1DB-D58E075BE428}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{84F920FF-7003-465F-9A7B-0216C712D85E}" = dir=out | name=@{microsoft.ppiprojection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} |
"{8660FB82-37B6-465A-9179-8B7A5ABC21FB}" = dir=in | name=@{microsoft.windowsfeedbackhub_1.1608.2441.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsfeedbackhub/resources/appstorename} |
"{868B92B9-2E71-410C-944F-339C2604A5B5}" = dir=out | name=@{microsoft.bingsports_4.16.17.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/applicationtitlewithbranding} |
"{86D68614-994F-4EC8-8935-FB7CF680A7A7}" = dir=in | name=@{microsoft.bingweather_4.16.15.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/applicationtitlewithbranding} |
"{87749B42-2340-432C-9D7F-F3C70E6258B9}" = dir=out | name=@{windows.contactsupport_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.contactsupport/resources/appdisplayname} |
"{884E607F-60FC-47CB-A20E-F791A9EE5530}" = dir=out | name=onenote |
"{9086CF57-5674-439C-9ED8-8D2689524F4A}" = dir=out | name=@{microsoft.zunemusic_10.16092.10311.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{926FDC2D-0C09-46CD-9605-92484B6048F0}" = dir=in | name=@{microsoft.windows.cloudexperiencehost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} |
"{9278BF03-127C-4F53-8C9E-AE011E8552FA}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{94967D6B-BF9A-479B-8B50-F3D8902FE279}" = dir=out | name=@{microsoft.windowsmaps_5.1609.2651.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsmaps/resources/appstorename} |
"{98DFD857-78D4-472A-AC38-2DFFCF43889F}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.7369.40827.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/appmanifest_outlookdesktop_displayname} |
"{98E890BC-C7BB-437E-8CC7-8220346C93CB}" = dir=out | name=@{microsoft.bingfinance_4.16.19.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/applicationtitlewithbranding} |
"{9CAF71F9-18DA-4F8E-8E32-8A5C095E2374}" = dir=out | name=@{microsoft.windows.apprep.chxapp_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.apprep.chxapp/resources/displayname} |
"{9D37517C-7198-4EA0-97E4-0B8A23D5B67A}" = dir=in | name=xbox one smartglass |
"{9DB6F12B-A1CC-4E0B-9BF2-577FB67A9A0E}" = dir=in | name=@{microsoft.microsoftofficehub_17.7420.23751.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftofficehub/officehubintl/appmanifest_getoffice_displayname} |
"{9E23A7C1-6414-4E31-B08A-E25B1CFA5371}" = dir=in | name=@{microsoft.oneconnect_1.1607.6.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.oneconnect/oneconnect/appstorename} |
"{A05D9C67-A9D8-4F32-B5C2-8D7041404E19}" = dir=out | name=@{microsoft.oneconnect_1.1607.6.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.oneconnect/oneconnect/appstorename} |
"{A0B8B231-4BBA-4255-9B4F-A57986843502}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer.exe |
"{A4B6BF83-D9DE-41F4-8A34-B42B7606D64E}" = dir=in | name=@{microsoft.messaging_3.19.1001.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.messaging/resources/appstorename} |
"{A6B4F224-7565-49DB-AEB2-6D1038AE677F}" = protocol=58 | dir=in | app=system |
"{ACFFF345-C21D-4CE3-A174-CAEF0FB34522}" = dir=out | name=@{microsoft.people_10.1.2850.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.people/resources/appstorename} |
"{B17BBDDA-723C-42DB-B980-7F2C29018495}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{B47B0595-FE7E-4094-9E61-A2961E64DB3E}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{B783069F-826C-47B5-AF87-5B573B5F65EA}" = dir=out | name=@{microsoft.getstarted_4.1.15.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.getstarted/resources/appstorename} |
"{BBFF762E-F886-475D-ADD4-ECBF551CE2CF}" = dir=out | name=@{microsoft.bingnews_4.16.22.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/applicationtitlewithbranding} |
"{BC1EFBB2-3A09-4755-BA88-04CA9E71EF4F}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{BE3DC28C-78FA-4275-977E-6F6A3343B756}" = dir=in | name=@{microsoft.bingnews_4.16.22.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/applicationtitlewithbranding} |
"{BE595380-5519-49AA-8921-E67EB75DCDBA}" = dir=out | name=@{microsoft.xboxidentityprovider_11.19.19003.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxidentityprovider/resources/displayname} |
"{BFD8CA55-FFE4-40A6-97FF-96C5B5E91E39}" = dir=in | name=@{microsoft.windowsstore_11610.1001.10.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsstore/resources/storetitle} |
"{C2B86E02-15BB-4A85-A525-43A4D72D1D63}" = dir=out | name=@{microsoft.commsphone_2.17.27003.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.commsphone/resources/appstorename} |
"{C3536C95-31E5-4D09-BB6B-A86270D4E60D}" = dir=in | name=@{microsoft.windows.cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cortana/resources/packagedisplayname} |
"{C3D8E005-5DD4-4631-8880-93DD9A1955BF}" = dir=out | name=@{microsoft.windowsfeedbackhub_1.1608.2441.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsfeedbackhub/resources/appstorename} |
"{C4D7042D-5D43-4428-ADD7-C356C66E880E}" = dir=in | name=@{microsoft.ppiprojection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} |
"{C5658E79-E1CA-4D71-9CBA-0EB604882F6F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{C8D5B79F-B086-4BEC-9FF0-73F92E18A153}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer_service.exe |
"{D01DE283-C8A7-4F5A-A77A-AB0111D11512}" = protocol=6 | dir=in | app=c:\users\sandra\appdata\local\temp\7zs1341.tmp\symnrt.exe |
"{D0C8B39E-2A43-45B1-8FF2-7B6C15EB7A09}" = dir=in | name=@{windows.contactsupport_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.contactsupport/resources/appdisplayname} |
"{D3AEBBFE-8170-4EEA-AEC7-8014BC146D42}" = dir=out | name=xbox one smartglass |
"{D42D291B-9BCB-4DE1-9B74-343148EE8790}" = dir=in | name=@{microsoft.ppiprojection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} |
"{D7BD08A4-27A3-49CA-9FC8-D8AA55ED0D61}" = dir=out | name=microsoft solitaire collection |
"{D7C1C30F-50AF-4CD7-8188-DE865AACC117}" = dir=out | name=@{microsoft.windowsstore_11610.1001.10.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsstore/resources/storetitle} |
"{DA5A9FF2-F8CB-48B9-8160-596AD8053652}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{DC2E0118-2BF8-4FBC-883C-09C2CF0A301D}" = dir=out | name=twitter |
"{E1055B7E-9E3E-4748-9BD3-0E0601DA72D4}" = dir=in | name=@{microsoft.skypeapp_11.9.251.0_x64__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/skypevideo_productname} |
"{EC2841C4-B4A1-4482-8D1B-90AB6BC9A353}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer.exe |
"{EF04FC29-8404-4482-9DFF-DA127B576FD0}" = dir=out | name=candy crush soda saga |
"{EF9F0F7A-DC3F-414A-A371-6CCF9457AC9F}" = protocol=17 | dir=in | app=c:\users\sandra\appdata\local\temp\7zs1341.tmp\symnrt.exe |
"{F16B8FF3-02A2-41C1-AF5D-10DA6EB2927C}" = dir=out | name=kindle |
"{F177CC87-4CF0-4002-9D56-FB3EC313EAB1}" = dir=out | name=@{microsoft.lockapp_10.0.14393.0_neutral__cw5n1h2txyewy?ms-resource://microsoft.lockapp/resources/appdisplayname} |
"{F26C6F21-E5E0-4E5D-85E1-DECA26D5CF84}" = dir=in | name=@{microsoft.windows.photos_16.722.10060.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windows.photos/resources/appstorename} |
"{F3294310-19AC-4BD0-A24D-5C484105EDB4}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{F9172C95-00D7-44D1-9913-CAB888B06783}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{F942147F-0F82-4D01-A2E2-574253B289FD}" = dir=out | name=sway |
"{FC7F2B8C-3EF1-4F96-9B10-F0C72E8F9EC5}" = dir=out | name=@{microsoft.messaging_3.19.1001.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.messaging/resources/appstorename} |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A2E1907-D0DE-0D01-CA64-CB0AB0BFE539}" = AMD Wireless Display v3.0
"{1664D45E-FA92-8C52-92E9-E8ADB04A18ED}" = AMD Drag and Drop Transcoding
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{25058321-C33E-496B-8915-6FD64D362CAF}" = Windows Live MIME IFilter
"{25E80DAA-FD87-DCE5-202C-CC02F6673002}" = Microsoft DVD App Installation for Microsoft.WindowsDVDPlayer_2019.6.13291.0_neutral_~_8wekyb3d8bbwe (x64)
"{26A24AE4-039D-4CA4-87B4-2F64180111F0}" = Java 8 Update 111 (64-bit)
"{36FAF585-3D08-3D84-8330-4D048F4B6CE6}" = AMD Fuel
"{37B8F9C7-03FB-3253-8781-2517C99D7C00}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6119B3A6-3603-9695-0398-CDF2AF0A13F8}" = AMD Catalyst Install Manager
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{977D1ABF-4089-4CA7-BA33-CC75808B7ACE}" = Intel® Trusted Connect Service Client
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{ABD878B8-E7E3-2BC4-5A95-478133DCFFC3}" = AMD Accelerated Video Transcoding
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{CB3CA48C-95CB-412B-B7AE-6F2EA8F89907}" = Windows Live Family Safety
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
"{D1B033E8-A077-4B0D-9831-5798E19E861E}" = Intel(R) Smart Connect Technology 2.0 x64
"{D3485211-6ACA-8BC3-1AAB-29FC5552C454}" = ccc-utility64
"{D9C2E250-17A1-0D68-CB41-83232EC31C2C}" = ccc-utility64
"{D9FCBAAE-DB72-488B-96D0-0AA3C892C0D6}" = Microsoft Security Client
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"ASRock App Charger_is1" = ASRock App Charger v1.0.5
"ASRock SmartConnect_is1" = ASRock SmartConnect v1.0.6
"ASRock XFast RAM_is1" = ASRock XFast RAM v2.0.28
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"XFast LAN" = XFast LAN v6.61

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{00F9DB8C-65D7-4D47-AB5F-F698EE38580D}" = Windows Live UX Platform
"{031F80EB-1FE5-45EF-9DE2-E2F5AF01259F}" = CCC Help Spanish
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{04BE4035-3C8E-4B48-BFB8-1655849C0C8B}" = Windows Live Writer
"{07AAB66E-4718-422D-9218-4AFB3C922A71}" = Photo Gallery
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B15A8C3-3B8A-F229-A880-82EA62908425}" = CCC Help Dutch
"{0BE9E708-5DC0-4963-9CFD-0AA519090E79}" = Junk Mail filter update
"{0F974770-76EB-4C38-986E-E7BDD9C0DFC4}" = Windows Live Writer Resources
"{11087D24-567D-7D88-69C6-D7A08B5F4C47}" = Catalyst Control Center - Branding
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A6752E1-966B-9D1F-F6B7-DDBCA6FC87ED}" = CCC Help Russian
"{1D6432B4-E24D-405E-A4AB-D7E6D088CBC9}" = Windows Live Photo Common
"{1E93452B-BA3E-7375-958C-EBC5E8672A5E}" = CCC Help Danish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2058DA53-D5F2-D8D9-7325-39B0E367D1E1}" = CCC Help Swedish
"{2090B6D0-E025-5A67-9838-8F1D5768E643}" = CCC Help Chinese Standard
"{22154f09-719a-4619-bb71-5b3356999fbf}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{25A3B953-1423-3F15-640E-B620DD0F419A}" = Catalyst Control Center - Branding
"{26A24AE4-039D-4CA4-87B4-2F32180111F0}" = Java 8 Update 111
"{2AD4FF67-43E9-77AD-D90C-584F950E2D12}" = CCC Help French
"{2B642F70-BA82-5E78-41CE-BDFFD5C37530}" = CCC Help Swedish
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2EA40F3D-0D93-A391-F383-6F1C708B80BF}" = CCC Help Turkish
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{3310DD5A-3695-3390-6F38-2B93D862FE02}" = CCC Help German
"{3389DC79-8D4C-4447-B1D3-3D8FE43D65C2}" = The Chronicles of Narnia
"{38F03569-A636-4CF3-BDDE-032C8C251304}" = Movie Maker
"{3A577334-7C90-55BC-1878-F5862FA268B2}" = CCC Help Korean
"{3BF289E3-933B-F421-3B59-F6BB0D285B09}" = CCC Help Hungarian
"{3C7B5C75-FD82-BC1F-F148-89A3189EF385}" = AMD Catalyst Control Center
"{3CB6BA0C-6BC5-E543-221A-AA4DEBB6F4B5}" = CCC Help Polish
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{41C61308-6CFD-4D54-AB6A-7136ED08A18E}" = Windows Live Communications Platform
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{430E2D32-6EA9-E6E4-80A1-84047694A45B}" = CCC Help Czech
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6A8D33-09CD-FD44-4BF0-999E8A6E93C8}" = CCC Help Italian
"{4D72F94C-95A5-AA85-E75B-A1A1CB8FCE7A}" = CCC Help Greek
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{5644668B-04A5-68F6-0AA9-03255877C58F}" = Catalyst Control Center Localization All
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{5DA870C0-BC5C-BE96-5045-BD429959C0D3}" = CCC Help Korean
"{5F3182EE-2532-3B96-2BBB-03B87F574E76}" = CCC Help Portuguese
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{6152DEA9-EA0C-4013-9DBF-4A8881A7F722}" = Windows Live Family Safety
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6522F5F9-411B-4513-A75B-CEA00395F032}" = Windows Live UX Platform Language Pack
"{659CB81C-B54E-4DF1-B618-F35777393A54}" = Windows Live Installer
"{66B5819D-DE70-42BE-B40F-978FBA12452E}" = Windows Live Essentials
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6953ECF8-0B1B-FBD7-0DDB-84C82FBBC2F4}" = CCC Help Japanese
"{6D7A146A-BD56-8EE1-FCC7-BE02013ACE36}" = CCC Help Chinese Standard
"{6EBDE2A2-0CFB-9134-A859-68A0002B3FA6}" = CCC Help Thai
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{714E162E-CD4F-4F1B-8302-7F5179409C25}" = Windows Live Writer
"{71971AE8-C8F3-3C62-FB89-AC41A96761AB}" = CCC Help Italian
"{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}" = Intel(R) Update Manager
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{769E98DC-2BB0-83A7-51C9-306F30232345}" = Catalyst Control Center Graphics Previews Common
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B4C83B6-17C1-4BFD-B86D-4D7AD4498CBB}" = Brother MFL-Pro Suite MFC-J870DW
"{7D94356D-48E0-DE1A-423C-67A363C13771}" = CCC Help English
"{7DE27D8A-1D73-61EB-86F1-079AF7E55C3A}" = CCC Help Thai
"{7E0B1563-7607-00D7-21CE-7DAFA6FF009C}" = CCC Help Czech
"{7F8B68A2-0CD0-7DAF-8955-1419C60886D3}" = CCC Help Spanish
"{8181B50E-0E33-DE07-AAB2-E71BBBDBF288}" = CCC Help Portuguese
"{83FB054C-7DA5-1C76-BFB2-423426DC35BB}" = AMD Catalyst Control Center
"{87006B27-A5A6-9EF1-BA04-CD7284462419}" = CCC Help Norwegian
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A0C34E5-01A6-476B-87F3-321ABAA3948D}" = LeapFrog Connect
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A640069-9784-701E-AC8E-84F62C42D1A3}" = CCC Help English
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{93098E43-2743-1551-447F-2699E9591E9C}" = CCC Help Danish
"{947E1256-258E-60A2-7331-44D09E61CF99}" = CCC Help Russian
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A1B36B88-AF90-43A3-8906-6DBEE89B4FBD}" = Brother MFL-Pro Suite MFC-J425W
"{A2DC527D-FA79-46E9-973F-920897CA55E9}" = Windows Live Writer
"{A3168DE0-479A-D5EC-59C4-0278C7DEC11C}" = CCC Help Hungarian
"{A3703A3B-FDCF-4349-4B2E-A189A2B90B51}" = CCC Help Chinese Traditional
"{A619A488-A4BA-F2A0-72FA-4C484B93DC0F}" = CCC Help Greek
"{A7D849DD-D940-4ECF-ABF2-2022C60F85C9}" = LeapFrog LeapPad Explorer Plugin
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAAE97DA-1E8B-C0E9-F0E3-5481A09F97C8}" = CCC Help French
"{AC76BA86-0804-1033-1959-001824202044}" = Adobe Refresh Manager
"{AC76BA86-7AD7-1033-7B44-AC0F074E4100}" = Adobe Acrobat Reader DC
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AFB907F5-C0E6-4753-8284-DE955EF86AC2}" = THX TruStudio
"{AFDFBED8-CC9A-8E00-015D-845F0BF9D1E1}" = CCC Help Chinese Traditional
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B2611F8A-EFE7-4E88-875D-19F0EFAE87E4}" = Windows Live PIMT Platform
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B775C26B-EAA8-4A11-ACBF-76E52DF6B805}" = Windows Live Mail
"{BAD27F0E-5165-49A5-BE66-AF5BF73F2FEE}" = Windows Live Mail
"{BAD984EE-790E-4513-A428-3BE2D426DCA7}" = Windows Live Messenger
"{BF44ADDF-E927-4B66-E829-4AF27BF6A58B}" = CCC Help Polish
"{BFD96B89-B769-4CD6-B11E-E79FFD46F067}" = QuickTime
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C3EAC1D2-A492-7B08-A9D5-15EDD5EA1A89}" = CCC Help Dutch
"{C4799AAA-CE52-D2F1-63C8-E6D5106C78E0}" = CCC Help Norwegian
"{C6182116-5F2D-9949-B42B-06073E86A98A}" = CCC Help German
"{C992FFE0-AC32-4FA9-BC9A-F1637B9E655D}" = Photo Gallery
"{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAA0F57A-BA8C-4AD8-AA03-F32B0E4F5623}" = Photo Common
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CC6C7F05-AF23-65BD-702D-705EAB723578}" = CCC Help Japanese
"{CDC1AB00-01FF-4FC7-816A-16C67F0923C0}" = Windows Live SOXE
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1893000-EA77-493C-8DDD-E262436E959B}" = Windows Live SOXE Definitions
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D5B7F1A3-2CA6-4C5C-EFB6-4AA5772F5310}" = CCC Help Turkish
"{D7D20EB4-BD89-05C0-05C6-33E5B762989E}" = Catalyst Control Center InstallProxy
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DBA6B3EF-A8C0-4EB2-9554-3A7879838580}" = Catalyst Control Center Localization All
"{DD67BE4B-7E62-4215-AFA3-F123A800A389}" = Movie Maker
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{E703613B-BDAB-433E-A66A-DE0263E3D35D}" = Windows Live Messenger
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F4A6308C-55E6-57DF-95BB-AEEF374B469A}" = CCC Help Finnish
"{F543B0F9-D1F9-25D1-993C-8430BEC9D889}" = Catalyst Control Center InstallProxy
"{F6860530-9733-0BB2-9C09-F25101076E78}" = CCC Help Finnish
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"Adobe AIR" = Adobe AIR
"Adobe Flash Player NPAPI" = Adobe Flash Player 23 NPAPI
"ASRock eXtreme Tuner_is1" = ASRock eXtreme Tuner v0.1.338
"ASRock InstantBoot_is1" = ASRock InstantBoot v1.29
"Christmas Adventure 2 Screensaver_is1" = Christmas Adventure 2 Screensaver 1.0
"Christmas Delight Screensaver_is1" = Christmas Delight Screensaver 2.0
"Christmas Paradise Screensaver_is1" = Christmas Paradise Screensaver 1.0
"Christmas Symphony Screensaver_is1" = Christmas Symphony Screensaver 2.0
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Escape The Museum1.0" = Escape The Museum
"Fascinating Waterfalls Screensaver_is1" = Fascinating Waterfalls Screensaver 1.0
"Google Chrome" = Google Chrome
"Halloween Adventure Screensaver_is1" = Halloween Adventure Screensaver 1.0
"InstallShield_{3389DC79-8D4C-4447-B1D3-3D8FE43D65C2}" = The Chronicles of Narnia
"Jewel Quest" = Jewel Quest (remove only)
"LeapPadExplorerPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin)
"Magic Of Nature Screensaver_is1" = Magic Of Nature Screensaver 1.0
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.2.1.1043
"Mozilla Firefox 49.0.2 (x86 en-US)" = Mozilla Firefox 49.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Opera 41.0.2353.46" = Opera Stable 41.0.2353.46
"Raptr" = Raptr
"Spring Dream Screensaver_is1" = Spring Dream Screensaver 1.0
"TeamViewer" = TeamViewer 11
"Ulead Photo Express 2.0" = Ulead Photo Express 2.0
"UPCShell" = LeapFrog Connect
"Welcome To Halloween Screensaver_is1" = Welcome To Halloween Screensaver 1.0
"WinLiveSuite" = Windows Live Essentials
"WUCCCApp" = AMD Catalyst Control Center
"XFastUSB" = XFastUSB

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/3/2016 10:57:31 AM | Computer Name = Sandra-PC | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2016/11/03 09:57:31.541]: [00008212]: Initialize TwdsMain
Class failed!

Error - 11/3/2016 10:58:23 AM | Computer Name = Sandra-PC | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2016/11/03 09:58:23.441]: [00008212]: ##### Fatal ERROR!!
Create STI-device failed! #####

Error - 11/3/2016 10:58:23 AM | Computer Name = Sandra-PC | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2016/11/03 09:58:23.441]: [00008212]: Initialize TwdsMain
Class failed!

Error - 11/6/2016 10:06:29 AM | Computer Name = Sandra-PC | Source = Windows Search Service | ID = 3104
Description =

Error - 11/6/2016 11:10:34 AM | Computer Name = Sandra-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied.
.

Error - 11/6/2016 11:10:44 AM | Computer Name = Sandra-PC | Source = ESENT | ID = 489
Description = SettingSyncHost (8100) An attempt to open the file "C:\Users\Sandra\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 11/6/2016 11:10:54 AM | Computer Name = Sandra-PC | Source = ESENT | ID = 489
Description = SettingSyncHost (8100) An attempt to open the file "C:\Users\Sandra\AppData\Local\Microsoft\Windows\SettingSync\remotemetastore\v1\meta.edb"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 11/6/2016 12:01:54 PM | Computer Name = Sandra-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 11/6/2016 12:42:24 PM | Computer Name = Sandra-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied.
.

Error - 11/6/2016 12:49:51 PM | Computer Name = Sandra-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

[ System Events ]
Error - 11/6/2016 12:28:50 PM | Computer Name = Sandra-PC | Source = Service Control Manager | ID = 7034
Description = The Intel(R) ME Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 11/6/2016 12:28:50 PM | Computer Name = Sandra-PC | Source = Service Control Manager | ID = 7034
Description = The Intel(R) Management and Security Application User Notification
Service service terminated unexpectedly. It has done this 1 time(s).

Error - 11/6/2016 12:28:50 PM | Computer Name = Sandra-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 0 milliseconds: Restart the service.

Error - 11/6/2016 12:28:53 PM | Computer Name = Sandra-PC | Source = Service Control Manager | ID = 7034
Description = The BrYNSvc service terminated unexpectedly. It has done this 1 time(s).

Error - 11/6/2016 12:28:53 PM | Computer Name = Sandra-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.

Error - 11/6/2016 12:29:23 PM | Computer Name = Sandra-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Search service, but
this action failed with the following error:   %%1056

Error - 11/6/2016 12:31:46 PM | Computer Name = Sandra-PC | Source = Service Control Manager | ID = 7001
Description = The NetTcpActivator service depends on the NetTcpPortSharing service
which failed to start because of the following error:   %%1058

Error - 11/6/2016 12:32:30 PM | Computer Name = Sandra-PC | Source = DCOM | ID = 10016
Description =

Error - 11/6/2016 1:06:46 PM | Computer Name = Sandra-PC | Source = Service Control Manager | ID = 7001
Description = The NetTcpActivator service depends on the NetTcpPortSharing service
which failed to start because of the following error:   %%1058

Error - 11/6/2016 1:07:30 PM | Computer Name = Sandra-PC | Source = DCOM | ID = 10016
Description =

< End of report >

flashh4 · November 6, 2016

Hi Sandy, i'm looking threw the logs now & will be back ASAP with a OTL fix for your computer !!

Chuck

flashh4 · November 6, 2016

We need to Run an OTL fix !!
Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

* Double-click OTL.exe to start the program.
* Copy and Paste the following code into the http://img.photobucket.com/albums/v317/flashh4/customFix.png[/IMG]. text box of the OTL tool/program ! Start with and include the colon plus :OTL
Copy everthing in RED and Paste into the box in the OTL program !!
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE05
IE - HKCU\..\SearchScopes\{4553B93D-627A-494F-929A-1928696E74EB}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ASRM_enUS591
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_205.dll File not found
[2015/08/16 17:57:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sandra\AppData\Roaming\mozilla\Extensions
[2016/11/01 11:52:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sandra\AppData\Roaming\mozilla\Firefox\Profiles\9ighisjl.default\extensions
[2016/10/30 14:47:04 | 000,005,389 | ---- | M] () (No name found) -- C:\Users\Sandra\AppData\Roaming\mozilla\firefox\profiles\9ighisjl.default\features\{533abb5a-9433-4f9a-bcf0-83c9ffba7b9c}\[email protected]
[2016/10/29 08:46:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
CHR - Extension: No name found = C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\
CHR - Extension: No name found = C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30:64bit: - LSA: Security Packages - (livessp) - File not found
O30 - LSA: Security Packages - (livessp) - File not found

:Commands

[emptyjava]
[emptyflash]
[EMPTYTEMP]
[RESETHOSTS]
[CREATERESTOREPOINT]
[Reboot]

# Then click the Run Fix button at the top.
# Click http://img.photobucket.com/albums/v317/flashh4/btnOK.png[/IMG]
# Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.
Remember to enable your real time protection.

Post that log next !
Thanks
Chuck

sandra · November 6, 2016

Here is the OTL Fix Log !

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4553B93D-627A-494F-929A-1928696E74EB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4553B93D-627A-494F-929A-1928696E74EB}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
C:\Users\Sandra\AppData\Roaming\mozilla\Extensions folder moved successfully.
C:\Users\Sandra\AppData\Roaming\mozilla\Firefox\Profiles\9ighisjl.default\extensions folder moved successfully.
C:\Users\Sandra\AppData\Roaming\mozilla\firefox\profiles\9ighisjl.default\features\{533abb5a-9433-4f9a-bcf0-83c9ffba7b9c}\[email protected] moved successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_metadata folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\zh_TW folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\zh_CN folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\vi folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\uk folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\tr folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\th folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\sv folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\sr folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\sl folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\sk folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\ru folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\ro folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\pt_PT folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\pt_BR folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\pl folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\nl folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\nb folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\lv folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\lt folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\ko folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\ja folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\it folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\id folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\hu folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\hr folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\hi folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\fr folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\fil folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\fi folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\et folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\es_419 folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\es folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\en_GB folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\en folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\el folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\de folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\da folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\cs folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\ca folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\bg folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\images folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\html folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\css folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0 folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_metadata folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\zh_TW folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\zh folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\vi folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\uk folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\tr folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\th folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\te folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\ta folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\sw folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\sv folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\sr folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\sl folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\sk folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\ru folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\ro folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\pt_PT folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\pt_BR folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\pt folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\pl folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\nl folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\nb folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\ms folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\mr folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\ml folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\lv folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\lt folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\ko folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\kn folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\ja folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\iw folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\it folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\id folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\hu folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\hr folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\hi folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\gu folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\fr folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\fil folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\fi folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\fa folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\et folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\es folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\en folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\el folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\de folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\da folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\cs folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\ca folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\bn folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\bg folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\ar folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\am folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\cloud_route_details folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\cast_setup folder moved successfully.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0 folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages:livessp deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages:livessp deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Default.migrated

User: DefaultAppPool

User: Public

User: Sandra
->Java cache emptied: 50958 bytes

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Default.migrated

User: DefaultAppPool

User: Public

User: Sandra
->Flash cache emptied: 46324 bytes

Total Flash Files Cleaned = 0.00 mb

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default.migrated

User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Sandra
->Temp folder emptied: 419586510 bytes
->Temporary Internet Files folder emptied: 93616345 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 375738776 bytes
->Google Chrome cache emptied: 319864695 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 94656 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 23924151 bytes
RecycleBin emptied: 5542925 bytes

Total Files Cleaned = 1,181.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 11062016_120925

Files\Folders moved on Reboot...
C:\Users\Sandra\AppData\Local\Microsoft\Windows\INetCache\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

flashh4 · November 6, 2016

Thanks almost done !

Clean up of Malware Removal Tools

Now that we are through using these tools, let's clean them off your system so that should you ever need to have malware removed again (we hope not) fresh, updated copies will be downloaded.

    Download Delfix to your desktop and double click it to start the program [url=http://api.viglink.com/api/click?format=go&jsonp=vglnk_jsonp_14102815956339&key=bf4adfcbb328b51c165afd7f95bfc060&libId=64704d6e-537a-4ac2-beea-64e5d35e3f5f&loc=http%3A%2F%2Fwww.geekstogo.com%2Fforum%2Ftopic%2F342065-very-slow-computer-aswmbr-rootkit-not-working%2Fpage-2&v=1&out=https%3A%2F%2Ftoolslib.net%2Fdownloads%2Fviewdownload%2F2-delfix%2F&ref=http%3A%2F%2Fwww.geekstogo.com%2Fforum%2Fforum%2F37-virus-spyware-malware-removal%2F&title=Very%20slow%20computer%2C%20aswMBR%20rootkit%20not%20working%20%5BClosed%5D%20-%20Page%202%20-%20Virus%2C%20Spyware%2C%20Malware%20Removal&txt=here]here[/url]
    Ensure Remove disinfection tools is ticked
    Also tick:
    o Create registry backup
    o Purge system restore
    o Reset system settings

o Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

Post that log next !

Thanks

Chuck

sandra · November 6, 2016

# DelFix v1.013 - Logfile created 06/11/2016 at 12:27:34
# Updated 17/04/2016 by Xplode
# Username : Sandra - SANDRA-PC
# Operating System : Windows 10 Home (64 bits)

~ Removing disinfection tools ...

Deleted : C:\_OTL
Deleted : C:\AdwCleaner
Deleted : C:\Users\Sandra\Downloads\Extras.Txt
Deleted : C:\Users\Sandra\Downloads\OTL.Txt
Deleted : HKLM\SOFTWARE\OldTimer Tools

########## - EOF - ##########

flashh4 · November 6, 2016

Congratulation you are clean !!!

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

This is my standard "All Clean Speech." You may have some already installed, these are just recommendations !

Here are some tips to reduce the potential for spyware infection in the future:

Here are some tips to reduce the potential for spyware/malware infection in the future:

1. Make your Internet Explorer more secure - This can be done by following these simple instructions:

    From within Internet Explorer click on the Tools menu and then click onOptions.
    Click once on theSecurity tab
    Click once on the Internet icon so it becomes highlighted.
    Click once on the Custom Level button.
    Change the Download signed ActiveX controls to Prompt
    Change the Download unsigned ActiveX controls to Disable
    Change the Initialize and script ActiveX controls not marked as safe to Disable
    Change the Installation of desktop items to Prompt
    Change the Launching programs and files in an IFRAME to Prompt
    Change the Navigate sub-frames across different domains to Prompt
    When all these settings have been made, click on the OK button.
    If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.

2. FireFox If you use Firefox, I recommend installing the following add-ons to help make your Firefox browser more secure.
[url=https://addons.mozilla.org/en-US/firefox/addon/noscript/]NoScript[/url][/color]

[url= https://adblockplus.org/en/firefox] adblock plus[/url]

3. Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

4. Firewall Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. **There are firewalls that could be downloaded and used but I would personally only recommend using one of the following below:
[url=http://download.cnet.com/Online-Armor-Free/3000-10435_4-10426782.html]Online Armor Free[/url]
[url=http://download.cnet.com/Agnitum-Outpost-Firewall-Free/3000-10435_4-10913746.html]Agnitum Outpost Firewall Free [/url]
[url=http://personalfirewall.comodo.com/]Comodo Firewall Free [/url]

5. Make sure you keep your Windows OS current. And regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open.

6.[url=http://www.mywot.com/]WOT[/url](Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.

7. Finally, I strongly recommend that you read Miekiemoes' great advice [url= http://users.telenet.be/bluepatchy/miekiemoes/prevention.html] How to prevent malware[/url] .

Let me know how it's running ?
Any problems ?
It may run a tad slow until a few normal re-boots, but according to all logs you are clean !!

Thanks
Chuck

flashh4 · November 14, 2016

Seeing how this has been resolved i will lock this topic ! If you need it reopened please Pm any mod or me !

Thanks

Chuck

Help with slow xomputer

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites