1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

[Solved] Unexplained slow computer

Discussion in 'Malware Removal Help' started by Tony D, Dec 18, 2016.

  1. Tony D

    Tony D Super-Moderator Super Moderators

    Joined:
    Sep 25, 2009
    Messages:
    3,070
    Location:
    SE Pennsylvania, USA
    Operating System:
    Windows XP Professional
    This computer is just a bit slow and I can't figure out why. Maybe it's the hard drive. The computer is less than 2 years old. It's slow opening applications. Not real slow, but slower then I'd expect it to be. Can you please check to see that it's malware free? Thank you.

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 12/18/2016
    Scan Time: 1:19 PM
    Logfile:
    Administrator: Yes

    Version: 2.2.1.1043
    Malware Database: v2016.12.18.04
    Rootkit Database: v2016.11.20.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 10
    CPU: x64
    File System: NTFS
    User: Hinkle

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 300294
    Time Elapsed: 20 min, 59 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 10
    PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{2AD3F0F3-C808-4A19-A6DE-BFC9A5E3BCB6}, Quarantined, [4f7d21c7bddd45f1cfec5417df21f709],
    PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\CLASSES\TYPELIB\{2034CFBC-A9C0-40D3-AD5F-3E058556E31C}, Quarantined, [4f7d21c7bddd45f1cfec5417df21f709],
    PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3C8F002E-2D5D-4E68-8AC8-96E9F4FDF466}, Quarantined, [4f7d21c7bddd45f1cfec5417df21f709],
    PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{3C8F002E-2D5D-4E68-8AC8-96E9F4FDF466}, Quarantined, [4f7d21c7bddd45f1cfec5417df21f709],
    PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{2034CFBC-A9C0-40D3-AD5F-3E058556E31C}, Quarantined, [4f7d21c7bddd45f1cfec5417df21f709],
    PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{2034CFBC-A9C0-40D3-AD5F-3E058556E31C}, Quarantined, [4f7d21c7bddd45f1cfec5417df21f709],
    PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{2AD3F0F3-C808-4A19-A6DE-BFC9A5E3BCB6}, Quarantined, [4f7d21c7bddd45f1cfec5417df21f709],
    PUP.Optional.Amazon1Button.AppFlsh, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Amazon 1Button App Service, Quarantined, [4f7d21c7bddd45f1cfec5417df21f709],
    PUP.Optional.IoloSC, HKLM\SOFTWARE\WOW6432NODE\IOLO\System Checkup, Quarantined, [309c01e7a4f6da5c9305bae81ae6c739],
    PUP.Optional.Dregol, HKU\S-1-5-21-2715429996-97748672-1472004195-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\CHROMIUM, Quarantined, [7557b2365a408aac47dc6cccd72cc040],

    Registry Values: 1
    PUP.Optional.Dregol, HKU\S-1-5-21-2715429996-97748672-1472004195-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\CHROMIUM|DisplayName, Dregol, Quarantined, [7557b2365a408aac47dc6cccd72cc040]

    Registry Data: 0
    (No malicious items detected)

    Folders: 2
    PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp, Quarantined, [4f7d21c7bddd45f1cfec5417df21f709],
    PUP.Optional.IoloSC, C:\ProgramData\iolo\SCU, Quarantined, [b8146385693196a07d8221812cd456aa],

    Files: 5
    PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonBrowser.exe, Quarantined, [4f7d21c7bddd45f1cfec5417df21f709],
    PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe, Quarantined, [4f7d21c7bddd45f1cfec5417df21f709],
    PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonTaskbarApp.exe, Quarantined, [4f7d21c7bddd45f1cfec5417df21f709],
    PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonAppIE.dll, Quarantined, [4f7d21c7bddd45f1cfec5417df21f709],
    PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonIcon.ico, Quarantined, [4f7d21c7bddd45f1cfec5417df21f709],

    Physical Sectors: 0
    (No malicious items detected)
    (end)

    ** Note: I did let MBAM delete the items **

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-12-2016
    Ran by Hinkle (administrator) on BRENDA (18-12-2016 14:07:54)
    Running from C:\Users\Hinkle\Desktop
    Loaded Profiles: Hinkle (Available Profiles: Hinkle)
    Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    () C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
    (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avp.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
    (Intel(R) Corporation) C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
    (Intel(R) Corporation) C:\Program Files\Intel Corporation\Intel(R) Technology Access\LegacyCsLoaderService.exe
    (RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avpui.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
    () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Ruiware) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\smartscreen.exe

    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16690424 2016-08-26] (Realtek Semiconductor)
    HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-08] (TOSHIBA Corporation)
    HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-21] (TOSHIBA Corporation)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3946184 2015-08-10] (Synaptics Incorporated)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-07-15] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-2715429996-97748672-1472004195-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1216648 2015-07-26] (Ruiware)
    HKU\S-1-5-21-2715429996-97748672-1472004195-1001\...\Run: [HP Photosmart 6520 series (NET)] => C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\..\Interfaces\{2b31e0fe-353d-4398-8bfe-b9cd8285a947}: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{c528855e-8f37-4610-8a97-6dd36f1a5e4c}: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{cfb06467-c8e5-40e6-a518-359d131b3b3a}: [DhcpNameServer] 12.127.16.68 216.57.128.2 12.127.17.77 216.57.130.1 12.127.16.77

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TNJB
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
    HKU\S-1-5-21-2715429996-97748672-1472004195-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mail.verizon.com/webmail/driver?nimlet=showmessages&view=emails
    HKU\S-1-5-21-2715429996-97748672-1472004195-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
    SearchScopes: HKLM -> {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL =
    SearchScopes: HKU\S-1-5-21-2715429996-97748672-1472004195-1001 -> {C894BFC2-6ADA-4422-BC2F-057A8C03777E} URL =
    BHO: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\x64\IEExt\ie_plugin.dll [2016-12-02] (AO Kaspersky Lab)
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-10-11] (Microsoft Corporation)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc.)
    BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll [2015-06-09] ()
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-09-27] (Microsoft Corporation)
    BHO-x32: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\IEExt\ie_plugin.dll [2016-12-02] (AO Kaspersky Lab)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-24] (Google Inc.)
    BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files (x86)\WOT\WOT.dll [2015-06-09] ()
    Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2015-06-09] ()
    Toolbar: HKLM - Kaspersky Protection Toolbar - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\x64\IEExt\ie_plugin.dll [2016-12-02] (AO Kaspersky Lab)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc.)
    Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll [2015-06-09] ()
    Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\IEExt\ie_plugin.dll [2016-12-02] (AO Kaspersky Lab)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-24] (Google Inc.)
    Toolbar: HKU\S-1-5-21-2715429996-97748672-1472004195-1001 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2015-06-09] ()
    DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)
    Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll [2015-06-09] ()
    Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll [2015-06-09] ()

    FireFox:
    ========
    FF DefaultProfile: 8ijiyumi.default
    FF ProfilePath: C:\Users\Hinkle\AppData\Roaming\Mozilla\Firefox\Profiles\8ijiyumi.default [2015-08-01]
    FF Homepage: Mozilla\Firefox\Profiles\8ijiyumi.default -> hxxps://www.malwarebytes.org/restorebrowser//?f=1&a=drg_omxmedia_15_26&cd=2XzuyEtN2Y1L1QzutAtDtCtD0BtA0Bzy0CzzyCyC0D0AtB0EtN0D0Tzu0StCtByCzztN1L2XzutAtFtCtDtFtCtDtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyDyEzzyBtBtA0FyCtGtA0A0EtDtG0BzzyDtBtGtC0AtByDtGtBtCyE0CtCyCyEzytCzzyB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0D0CyC0FyCtCzztGyEzyyBzztGyEyB0DtBtG0BtA0AyEtG0D0DyEyEyD0DyDtAyDzz0CyD2QtN0A0LzutB&cr=380049710&ir=
    FF NewTab: Mozilla\Firefox\Profiles\8ijiyumi.default -> about:newtab
    FF HKLM-x32\...\Firefox\Extensions: [light_plugin_ACF0E80077C511E59DED005056C00008@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi
    FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi [2016-12-02]
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-02-05] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll [2016-08-17] ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)

    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR Profile: C:\Users\Hinkle\AppData\Local\Google\Chrome\User Data\Default [2016-12-18]
    CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Hinkle\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2016-08-17]
    CHR Extension: (Login Faster) - C:\Users\Hinkle\AppData\Local\Google\Chrome\User Data\Default\Extensions\flbefbhoeaoaokleoambldklhifcgppg [2016-07-08]
    CHR Extension: (Kaspersky Protection) - C:\Users\Hinkle\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpeeaghdjmhlakojjcgfdhgcejdaefmi [2016-01-28]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Hinkle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-06]
    CHR Extension: (Chrome Media Router) - C:\Users\Hinkle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-18]
    CHR HKLM\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi
    CHR HKLM-x32\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [140288 2014-04-23] () [File not signed]
    R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-07-15] (Advanced Micro Devices, Inc.) [File not signed]
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
    R2 AVP16.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avp.exe [236928 2015-12-22] (AO Kaspersky Lab)
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3040496 2016-10-04] (Microsoft Corporation)
    S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350064 2016-08-17] (WildTangent)
    R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
    S3 Intel(R) TA SAM; C:\Program Files (x86)\Intel Corporation\Intel(R) Technology Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [18152 2016-08-12] (Intel Corporation)
    R2 Intel(R) TechnologyAccessLegacyCSLoader; C:\Program Files\Intel Corporation\Intel(R) Technology Access\LegacyCsLoaderService.exe [153296 2016-04-26] (Intel(R) Corporation)
    R2 Intel(R) TechnologyAccessService; C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe [478416 2016-04-26] (Intel(R) Corporation)
    S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
    S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\x64\vssbridge64.exe [152488 2015-12-22] (AO Kaspersky Lab)
    R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-08-10] (Synaptics Incorporated)
    R2 tbaseprovisioning; C:\WINDOWS\SysWOW64\tbaseprovisioning.exe [60432 2015-06-23] (Advanced Micro Devices, Inc.)
    R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [254232 2016-08-23] (RaMMicHaeL)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 AmdAS4; C:\WINDOWS\System32\drivers\AmdAS4.sys [17640 2013-10-23] (Advanced Micro Devices, INC.)
    S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [101104 2015-06-23] (Advanced Micro Devices, Inc. )
    R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [36608 2013-12-13] (Advanced Micro Devices, Inc.)
    R0 amdpsp; C:\WINDOWS\System32\DRIVERS\amdpsp.sys [277240 2015-06-23] (Advanced Micro Devices, Inc. )
    R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
    R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
    R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [478392 2015-09-11] (Kaspersky Lab ZAO)
    R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
    R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [79752 2015-12-01] (AO Kaspersky Lab)
    R2 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [78200 2015-12-02] (AO Kaspersky Lab)
    S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [30328 2015-06-24] (Kaspersky Lab)
    R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [182664 2015-12-11] (AO Kaspersky Lab)
    R1 klhk; C:\WINDOWS\System32\drivers\klhk.sys [237912 2016-12-02] (AO Kaspersky Lab)
    R3 klids; C:\ProgramData\Kaspersky Lab\AVP16.0.1\Bases\klids.sys [178872 2016-04-28] (AO Kaspersky Lab)
    R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [992600 2016-08-16] (AO Kaspersky Lab)
    R1 KLIM6; C:\WINDOWS\system32\DRIVERS\klim6.sys [51288 2016-09-15] (AO Kaspersky Lab)
    R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [52608 2015-11-11] (AO Kaspersky Lab)
    R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
    R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [45960 2015-12-07] (AO Kaspersky Lab)
    R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [87984 2016-08-16] (AO Kaspersky Lab)
    R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [110424 2016-08-16] (AO Kaspersky Lab)
    R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [194440 2015-12-03] (AO Kaspersky Lab)
    R1 ndisrd; C:\WINDOWS\system32\DRIVERS\ndisrfl.sys [50448 2015-07-28] (Intel Corporation)
    S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
    S3 NetTap630; C:\WINDOWS\system32\DRIVERS\nettap630.sys [76560 2015-07-29] (Intel Corporation)
    R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [301784 2015-10-15] (Realtek Semiconductor Corp.)
    R3 SmbDrv; C:\WINDOWS\system32\DRIVERS\Smb_driver_AMDASF.sys [42184 2015-08-10] (Synaptics Incorporated)
    S3 ssmirrdr; C:\WINDOWS\system32\DRIVERS\ssmirrdr.sys [10112 2015-06-30] (support.com, Inc)
    R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [54424 2015-12-20] (Toshiba Corporation)
    S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
    S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-12-18 14:07 - 2016-12-18 14:08 - 00018837 _____ C:\Users\Hinkle\Desktop\FRST.txt
    2016-12-18 14:06 - 2016-12-18 14:07 - 02420224 _____ (Farbar) C:\Users\Hinkle\Desktop\FRST64.exe
    2016-12-18 11:17 - 2016-12-18 11:17 - 00000000 ____D C:\GVTS
    2016-12-18 11:07 - 2016-12-18 13:44 - 00000000 ____D C:\Program Files (x86)\Amazon
    2016-12-18 10:57 - 2016-12-18 10:58 - 10526736 _____ C:\Users\Hinkle\Downloads\CryptoPreventSetupV8.zip
    2016-12-15 20:05 - 2016-12-09 05:18 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
    2016-12-15 20:05 - 2016-12-09 05:18 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
    2016-12-15 20:05 - 2016-12-09 05:18 - 00947552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
    2016-12-15 20:05 - 2016-12-09 05:18 - 00811872 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
    2016-12-15 20:05 - 2016-12-09 05:15 - 08168000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
    2016-12-15 20:05 - 2016-12-09 05:14 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
    2016-12-15 20:05 - 2016-12-09 05:01 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
    2016-12-15 20:05 - 2016-12-09 04:57 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
    2016-12-15 20:05 - 2016-12-09 04:41 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
    2016-12-15 20:05 - 2016-12-09 04:38 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
    2016-12-15 20:05 - 2016-12-09 04:36 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
    2016-12-15 20:05 - 2016-12-09 04:36 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
    2016-12-15 20:05 - 2016-12-09 04:33 - 01589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
    2016-12-15 20:05 - 2016-12-09 04:31 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
    2016-12-15 20:05 - 2016-12-09 04:30 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
    2016-12-15 20:05 - 2016-12-09 04:28 - 03306496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
    2016-12-15 20:05 - 2016-12-09 04:22 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
    2016-12-15 20:05 - 2016-12-09 04:18 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
    2016-12-15 20:05 - 2016-12-09 04:16 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
    2016-12-15 20:05 - 2016-12-09 04:15 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
    2016-12-15 20:05 - 2016-12-09 04:15 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
    2016-12-15 20:05 - 2016-12-09 04:15 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
    2016-12-15 20:05 - 2016-11-11 05:13 - 00352096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
    2016-12-15 20:05 - 2016-11-11 05:03 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
    2016-12-15 20:05 - 2016-11-11 05:02 - 00360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
    2016-12-15 20:05 - 2016-11-11 04:51 - 00454592 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
    2016-12-15 20:05 - 2016-11-11 04:28 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CbtBackgroundManagerPolicy.dll
    2016-12-15 20:05 - 2016-11-11 04:27 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpremove.exe
    2016-12-15 20:05 - 2016-11-11 04:25 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
    2016-12-15 20:05 - 2016-11-11 04:25 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
    2016-12-15 20:05 - 2016-11-11 04:24 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
    2016-12-15 20:05 - 2016-11-11 04:24 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
    2016-12-15 20:05 - 2016-11-11 04:24 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
    2016-12-15 20:05 - 2016-11-11 04:24 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
    2016-12-15 20:05 - 2016-11-11 04:20 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
    2016-12-15 20:05 - 2016-11-11 04:19 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
    2016-12-15 20:05 - 2016-11-11 04:16 - 01477632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
    2016-12-15 20:05 - 2016-11-11 04:16 - 00560128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
    2016-12-15 20:05 - 2016-11-11 04:12 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcprx.dll
    2016-12-15 20:05 - 2016-11-11 04:08 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
    2016-12-15 20:05 - 2016-11-11 04:07 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
    2016-12-15 20:05 - 2016-11-11 04:05 - 04136448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
    2016-12-15 20:05 - 2016-11-11 04:05 - 02852864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
    2016-12-15 20:05 - 2016-11-11 04:03 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
    2016-12-15 20:05 - 2016-11-11 04:03 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
    2016-12-15 20:05 - 2016-11-11 04:02 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
    2016-12-15 20:05 - 2016-11-11 02:48 - 02277248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
    2016-12-15 20:05 - 2016-11-11 02:47 - 05722832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
    2016-12-15 20:05 - 2016-11-11 02:47 - 00527880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
    2016-12-15 20:05 - 2016-11-11 02:42 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
    2016-12-15 20:05 - 2016-11-11 02:42 - 01123912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
    2016-12-15 20:05 - 2016-11-11 02:42 - 00952416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
    2016-12-15 20:05 - 2016-11-11 02:42 - 00091936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfaudiocnv.dll
    2016-12-15 20:05 - 2016-11-11 02:41 - 00157536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudStorageWizard.exe
    2016-12-15 20:05 - 2016-11-11 02:25 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
    2016-12-15 20:05 - 2016-11-11 02:25 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
    2016-12-15 20:05 - 2016-11-11 02:23 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
    2016-12-15 20:05 - 2016-11-11 02:21 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
    2016-12-15 20:05 - 2016-11-11 02:19 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupugc.exe
    2016-12-15 20:05 - 2016-11-11 02:18 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
    2016-12-15 20:05 - 2016-11-11 02:17 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe
    2016-12-15 20:05 - 2016-11-11 02:15 - 01357824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
    2016-12-15 20:05 - 2016-11-11 02:15 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
    2016-12-15 20:05 - 2016-11-11 02:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
    2016-12-15 20:05 - 2016-11-11 02:10 - 06109184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
    2016-12-15 20:05 - 2016-11-11 02:10 - 00746496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcprx.dll
    2016-12-15 20:05 - 2016-11-11 02:09 - 05380608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
    2016-12-15 20:05 - 2016-11-11 02:09 - 00545280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
    2016-12-15 20:05 - 2016-11-11 02:08 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xolehlp.dll
    2016-12-15 20:05 - 2016-11-11 02:06 - 02362880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
    2016-12-15 20:05 - 2016-11-11 02:06 - 02109952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
    2016-12-15 20:05 - 2016-11-11 02:06 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxclu.dll
    2016-12-15 20:05 - 2016-11-11 02:05 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
    2016-12-15 20:05 - 2016-11-11 02:05 - 03370496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
    2016-12-15 20:05 - 2016-11-11 02:04 - 01992704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
    2016-12-15 20:05 - 2016-11-11 02:04 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
    2016-12-15 20:05 - 2016-11-11 02:04 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
    2016-12-15 20:05 - 2016-11-11 02:03 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
    2016-12-15 20:04 - 2016-12-09 05:34 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
    2016-12-15 20:04 - 2016-12-09 05:34 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
    2016-12-15 20:04 - 2016-12-09 05:33 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2016-12-15 20:04 - 2016-12-09 05:33 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
    2016-12-15 20:04 - 2016-12-09 05:32 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2016-12-15 20:04 - 2016-12-09 05:29 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
    2016-12-15 20:04 - 2016-12-09 05:28 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
    2016-12-15 20:04 - 2016-12-09 05:19 - 01293152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
    2016-12-15 20:04 - 2016-12-09 05:15 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
    2016-12-15 20:04 - 2016-12-09 05:14 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
    2016-12-15 20:04 - 2016-12-09 05:10 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
    2016-12-15 20:04 - 2016-12-09 05:10 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
    2016-12-15 20:04 - 2016-12-09 05:09 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
    2016-12-15 20:04 - 2016-12-09 05:01 - 01503544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
    2016-12-15 20:04 - 2016-12-09 04:52 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
    2016-12-15 20:04 - 2016-12-09 04:52 - 01415752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
    2016-12-15 20:04 - 2016-12-09 04:51 - 00117240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
    2016-12-15 20:04 - 2016-12-09 04:45 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
    2016-12-15 20:04 - 2016-12-09 04:45 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
    2016-12-15 20:04 - 2016-12-09 04:40 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
    2016-12-15 20:04 - 2016-12-09 04:37 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
    2016-12-15 20:04 - 2016-12-09 04:37 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
    2016-12-15 20:04 - 2016-12-09 04:36 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
    2016-12-15 20:04 - 2016-12-09 04:36 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
    2016-12-15 20:04 - 2016-12-09 04:33 - 03777536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
    2016-12-15 20:04 - 2016-12-09 04:31 - 03689984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
    2016-12-15 20:04 - 2016-12-09 04:29 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
    2016-12-15 20:04 - 2016-12-09 04:27 - 13084160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2016-12-15 20:04 - 2016-12-09 04:27 - 05114368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
    2016-12-15 20:04 - 2016-12-09 04:27 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
    2016-12-15 20:04 - 2016-12-09 04:26 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
    2016-12-15 20:04 - 2016-12-09 04:24 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
    2016-12-15 20:04 - 2016-12-09 04:23 - 12177920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2016-12-15 20:04 - 2016-12-09 04:22 - 02820096 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
    2016-12-15 20:04 - 2016-12-09 04:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2016-12-15 20:04 - 2016-12-09 04:21 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
    2016-12-15 20:04 - 2016-12-09 04:19 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
    2016-12-15 20:04 - 2016-12-09 04:19 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
    2016-12-15 20:04 - 2016-12-09 04:19 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
    2016-12-15 20:04 - 2016-12-09 04:19 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
    2016-12-15 20:04 - 2016-12-09 04:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
    2016-12-15 20:04 - 2016-12-09 04:16 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
    2016-12-15 20:04 - 2016-11-11 05:15 - 00101216 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceReactivation.dll
    2016-12-15 20:04 - 2016-11-11 05:14 - 00603488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
    2016-12-15 20:04 - 2016-11-11 05:13 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
    2016-12-15 20:04 - 2016-11-11 05:13 - 01886344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2016-12-15 20:04 - 2016-11-11 05:12 - 00128352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
    2016-12-15 20:04 - 2016-11-11 05:03 - 01069720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
    2016-12-15 20:04 - 2016-11-11 05:01 - 01859264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
    2016-12-15 20:04 - 2016-11-11 05:00 - 00219488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
    2016-12-15 20:04 - 2016-11-11 04:57 - 04130432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2016-12-15 20:04 - 2016-11-11 04:57 - 01473048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
    2016-12-15 20:04 - 2016-11-11 04:56 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
    2016-12-15 20:04 - 2016-11-11 04:56 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
    2016-12-15 20:04 - 2016-11-11 04:56 - 00424616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
    2016-12-15 20:04 - 2016-11-11 04:56 - 00187520 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudStorageWizard.exe
    2016-12-15 20:04 - 2016-11-11 04:56 - 00126568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfaudiocnv.dll
    2016-12-15 20:04 - 2016-11-11 04:55 - 01600624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
    2016-12-15 20:04 - 2016-11-11 04:55 - 00882680 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
    2016-12-15 20:04 - 2016-11-11 04:55 - 00743224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
    2016-12-15 20:04 - 2016-11-11 04:54 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
    2016-12-15 20:04 - 2016-11-11 04:31 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
    2016-12-15 20:04 - 2016-11-11 04:28 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
    2016-12-15 20:04 - 2016-11-11 04:26 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\modem.sys
    2016-12-15 20:04 - 2016-11-11 04:25 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
    2016-12-15 20:04 - 2016-11-11 04:25 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
    2016-12-15 20:04 - 2016-11-11 04:25 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
    2016-12-15 20:04 - 2016-11-11 04:24 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
    2016-12-15 20:04 - 2016-11-11 04:24 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
    2016-12-15 20:04 - 2016-11-11 04:24 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
    2016-12-15 20:04 - 2016-11-11 04:23 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
    2016-12-15 20:04 - 2016-11-11 04:23 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
    2016-12-15 20:04 - 2016-11-11 04:22 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
    2016-12-15 20:04 - 2016-11-11 04:22 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
    2016-12-15 20:04 - 2016-11-11 04:21 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
    2016-12-15 20:04 - 2016-11-11 04:21 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
    2016-12-15 20:04 - 2016-11-11 04:20 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
    2016-12-15 20:04 - 2016-11-11 04:20 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
    2016-12-15 20:04 - 2016-11-11 04:20 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
    2016-12-15 20:04 - 2016-11-11 04:20 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
    2016-12-15 20:04 - 2016-11-11 04:19 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2016-12-15 20:04 - 2016-11-11 04:19 - 00620544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
    2016-12-15 20:04 - 2016-11-11 04:19 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
    2016-12-15 20:04 - 2016-11-11 04:19 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
    2016-12-15 20:04 - 2016-11-11 04:19 - 00388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
    2016-12-15 20:04 - 2016-11-11 04:19 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
    2016-12-15 20:04 - 2016-11-11 04:17 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvSysprep.dll
    2016-12-15 20:04 - 2016-11-11 04:16 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
    2016-12-15 20:04 - 2016-11-11 04:16 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
    2016-12-15 20:04 - 2016-11-11 04:14 - 07654400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
    2016-12-15 20:04 - 2016-11-11 04:14 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
    2016-12-15 20:04 - 2016-11-11 04:14 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
    2016-12-15 20:04 - 2016-11-11 04:13 - 07812096 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
    2016-12-15 20:04 - 2016-11-11 04:13 - 00396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
    2016-12-15 20:04 - 2016-11-11 04:11 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
    2016-12-15 20:04 - 2016-11-11 04:09 - 01366016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
    2016-12-15 20:04 - 2016-11-11 04:09 - 00164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
    2016-12-15 20:04 - 2016-11-11 04:07 - 03441152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
    2016-12-15 20:04 - 2016-11-11 04:07 - 02953216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
    2016-12-15 20:04 - 2016-11-11 04:07 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
    2016-12-15 20:04 - 2016-11-11 04:06 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
    2016-12-15 20:04 - 2016-11-11 04:06 - 00960000 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
    2016-12-15 20:04 - 2016-11-11 04:06 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
    2016-12-15 20:04 - 2016-11-11 04:05 - 01031680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
    2016-12-15 20:04 - 2016-11-11 04:05 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
    2016-12-15 20:04 - 2016-11-11 04:04 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
    2016-12-15 20:04 - 2016-11-11 04:04 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
    2016-12-15 20:04 - 2016-11-11 04:04 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
    2016-12-15 20:04 - 2016-11-11 04:04 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
    2016-12-15 20:04 - 2016-11-11 04:03 - 00905216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
    2016-12-15 20:04 - 2016-11-11 04:02 - 03542016 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
    2016-12-15 20:04 - 2016-11-11 04:02 - 00936448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
    2016-12-15 20:04 - 2016-11-11 03:01 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
    2016-12-15 20:04 - 2016-11-11 03:01 - 01969912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
    2016-12-15 20:04 - 2016-11-11 03:01 - 00167848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
    2016-12-15 20:04 - 2016-11-11 03:00 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
    2016-12-15 20:04 - 2016-11-11 02:54 - 00122208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\migisol.dll
    2016-12-15 20:04 - 2016-11-11 02:49 - 00869848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
    2016-12-15 20:04 - 2016-11-11 02:49 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
    2016-12-15 20:04 - 2016-11-11 02:41 - 04311736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
    2016-12-15 20:04 - 2016-11-11 02:38 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
    2016-12-15 20:04 - 2016-11-11 02:27 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
    2016-12-15 20:04 - 2016-11-11 02:24 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
    2016-12-15 20:04 - 2016-11-11 02:24 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
    2016-12-15 20:04 - 2016-11-11 02:24 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
    2016-12-15 20:04 - 2016-11-11 02:23 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
    2016-12-15 20:04 - 2016-11-11 02:22 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
    2016-12-15 20:04 - 2016-11-11 02:22 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
    2016-12-15 20:04 - 2016-11-11 02:19 - 01755136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
    2016-12-15 20:04 - 2016-11-11 02:19 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
    2016-12-15 20:04 - 2016-11-11 02:18 - 01336320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
    2016-12-15 20:04 - 2016-11-11 02:18 - 01196544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
    2016-12-15 20:04 - 2016-11-11 02:18 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
    2016-12-15 20:04 - 2016-11-11 02:18 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscinterop.dll
    2016-12-15 20:04 - 2016-11-11 02:17 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
    2016-12-15 20:04 - 2016-11-11 02:15 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
    2016-12-15 20:04 - 2016-11-11 02:12 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcuiu.dll
    2016-12-15 20:04 - 2016-11-11 02:06 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
    2016-12-15 20:04 - 2016-11-11 02:04 - 02682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
    2016-12-15 20:04 - 2016-11-11 02:04 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
    2016-12-15 20:04 - 2016-11-11 02:03 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
    2016-12-15 20:04 - 2016-11-11 02:03 - 01576448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
    2016-12-15 20:04 - 2016-11-11 02:03 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
    2016-12-15 20:04 - 2016-11-11 02:02 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
    2016-12-15 20:03 - 2016-12-09 05:42 - 01637728 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
    2016-12-15 20:03 - 2016-12-09 05:42 - 00137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
    2016-12-15 20:03 - 2016-12-09 05:30 - 00377184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
    2016-12-15 20:03 - 2016-12-09 05:20 - 02677544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
    2016-12-15 20:03 - 2016-12-09 05:20 - 02189664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2016-12-15 20:03 - 2016-12-09 05:20 - 01738560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
    2016-12-15 20:03 - 2016-12-09 05:20 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
    2016-12-15 20:03 - 2016-12-09 05:20 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
    2016-12-15 20:03 - 2016-12-09 05:19 - 00168424 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
    2016-12-15 20:03 - 2016-12-09 05:18 - 02913144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
    2016-12-15 20:03 - 2016-12-09 05:18 - 01267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
    2016-12-15 20:03 - 2016-12-09 05:18 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2016-12-15 20:03 - 2016-12-09 05:11 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
    2016-12-15 20:03 - 2016-12-09 05:01 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
    2016-12-15 20:03 - 2016-12-09 05:00 - 00106896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
    2016-12-15 20:03 - 2016-12-09 04:59 - 02166752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
    2016-12-15 20:03 - 2016-12-09 04:59 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
    2016-12-15 20:03 - 2016-12-09 04:57 - 06668040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
    2016-12-15 20:03 - 2016-12-09 04:56 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
    2016-12-15 20:03 - 2016-12-09 04:47 - 22563328 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2016-12-15 20:03 - 2016-12-09 04:42 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
    2016-12-15 20:03 - 2016-12-09 04:41 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
    2016-12-15 20:03 - 2016-12-09 04:34 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
    2016-12-15 20:03 - 2016-12-09 04:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
    2016-12-15 20:03 - 2016-12-09 04:30 - 23677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2016-12-15 20:03 - 2016-12-09 04:30 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2016-12-15 20:03 - 2016-12-09 04:28 - 01004544 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
    2016-12-15 20:03 - 2016-12-09 04:27 - 19417088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2016-12-15 20:03 - 2016-12-09 04:26 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2016-12-15 20:03 - 2016-12-09 04:22 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2016-12-15 20:03 - 2016-12-09 04:21 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2016-12-15 20:03 - 2016-12-09 04:21 - 01512960 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2016-12-15 20:03 - 2016-12-09 04:20 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2016-12-15 20:03 - 2016-12-09 04:20 - 03198464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
    2016-12-15 20:03 - 2016-12-09 04:20 - 00730624 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
    2016-12-15 20:03 - 2016-12-09 04:20 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
    2016-12-15 20:03 - 2016-12-09 04:20 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
    2016-12-15 20:03 - 2016-12-09 04:18 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2016-12-15 20:03 - 2016-12-09 04:18 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
    2016-12-15 20:03 - 2016-12-09 04:17 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
    2016-12-15 20:03 - 2016-12-09 04:17 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
    2016-12-15 20:03 - 2016-12-09 04:16 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
    2016-12-15 20:03 - 2016-12-09 03:54 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
    2016-12-15 20:03 - 2016-11-11 05:14 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
    2016-12-15 20:03 - 2016-11-11 05:14 - 02186896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
    2016-12-15 20:03 - 2016-11-11 05:08 - 00142176 _____ (Microsoft Corporation) C:\WINDOWS\system32\migisol.dll
    2016-12-15 20:03 - 2016-11-11 05:03 - 00266544 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
    2016-12-15 20:03 - 2016-11-11 05:02 - 02828376 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
    2016-12-15 20:03 - 2016-11-11 05:01 - 07219672 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
    2016-12-15 20:03 - 2016-11-11 05:01 - 00637400 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
    2016-12-15 20:03 - 2016-11-11 05:00 - 00223584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
    2016-12-15 20:03 - 2016-11-11 04:59 - 00433504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
    2016-12-15 20:03 - 2016-11-11 04:57 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2016-12-15 20:03 - 2016-11-11 04:56 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
    2016-12-15 20:03 - 2016-11-11 04:29 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
    2016-12-15 20:03 - 2016-11-11 04:26 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
    2016-12-15 20:03 - 2016-11-11 04:26 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
    2016-12-15 20:03 - 2016-11-11 04:26 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReportingCSP.dll
    2016-12-15 20:03 - 2016-11-11 04:26 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgentc.exe
    2016-12-15 20:03 - 2016-11-11 04:25 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
    2016-12-15 20:03 - 2016-11-11 04:25 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
    2016-12-15 20:03 - 2016-11-11 04:23 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
    2016-12-15 20:03 - 2016-11-11 04:23 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\EAMProgressHandler.dll
    2016-12-15 20:03 - 2016-11-11 04:22 - 00489472 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
    2016-12-15 20:03 - 2016-11-11 04:22 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\EDPCleanup.exe
    2016-12-15 20:03 - 2016-11-11 04:21 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
    2016-12-15 20:03 - 2016-11-11 04:21 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
    2016-12-15 20:03 - 2016-11-11 04:21 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
    2016-12-15 20:03 - 2016-11-11 04:20 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
    2016-12-15 20:03 - 2016-11-11 04:20 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
    2016-12-15 20:03 - 2016-11-11 04:20 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
    2016-12-15 20:03 - 2016-11-11 04:20 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
    2016-12-15 20:03 - 2016-11-11 04:20 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
    2016-12-15 20:03 - 2016-11-11 04:20 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
    2016-12-15 20:03 - 2016-11-11 04:19 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
    2016-12-15 20:03 - 2016-11-11 04:19 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
    2016-12-15 20:03 - 2016-11-11 04:19 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
    2016-12-15 20:03 - 2016-11-11 04:18 - 17188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2016-12-15 20:03 - 2016-11-11 04:18 - 02084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
    2016-12-15 20:03 - 2016-11-11 04:17 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
    2016-12-15 20:03 - 2016-11-11 04:16 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
    2016-12-15 20:03 - 2016-11-11 04:16 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
    2016-12-15 20:03 - 2016-11-11 04:15 - 00282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
    2016-12-15 20:03 - 2016-11-11 04:14 - 00615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
    2016-12-15 20:03 - 2016-11-11 04:14 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppnp.dll
    2016-12-15 20:03 - 2016-11-11 04:13 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcuiu.dll
    2016-12-15 20:03 - 2016-11-11 04:07 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
    2016-12-15 20:03 - 2016-11-11 04:07 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
    2016-12-15 20:03 - 2016-11-11 04:07 - 01691136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
    2016-12-15 20:03 - 2016-11-11 04:07 - 00347648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
    2016-12-15 20:03 - 2016-11-11 04:05 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2016-12-15 20:03 - 2016-11-11 04:04 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
    2016-12-15 20:03 - 2016-11-11 04:04 - 02317312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2016-12-15 20:03 - 2016-11-11 04:04 - 01709056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
    2016-12-15 20:03 - 2016-11-11 04:04 - 01232384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
    2016-12-15 20:03 - 2016-11-11 04:04 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
    2016-12-15 20:03 - 2016-11-11 04:04 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
    2016-12-15 20:03 - 2016-11-11 04:03 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
    2016-12-15 20:03 - 2016-11-11 04:03 - 02287616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
    2016-12-15 20:03 - 2016-11-11 04:03 - 00632320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
    2016-12-15 20:03 - 2016-11-11 04:03 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
    2016-12-15 20:03 - 2016-11-11 03:39 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
    2016-12-15 20:03 - 2016-11-11 02:59 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2016-12-15 20:03 - 2016-11-11 02:49 - 00248480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
    2016-12-15 20:03 - 2016-11-11 02:47 - 01430720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
    2016-12-15 20:03 - 2016-11-11 02:42 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2016-12-15 20:03 - 2016-11-11 02:42 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
    2016-12-15 20:03 - 2016-11-11 02:42 - 00152416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTWorkQ.dll
    2016-12-15 20:03 - 2016-11-11 02:28 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
    2016-12-15 20:03 - 2016-11-11 02:26 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgentc.exe
    2016-12-15 20:03 - 2016-11-11 02:24 - 00519168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
    2016-12-15 20:03 - 2016-11-11 02:21 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
    2016-12-15 20:03 - 2016-11-11 02:20 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
    2016-12-15 20:03 - 2016-11-11 02:20 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
    2016-12-15 20:03 - 2016-11-11 02:19 - 13868544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
    2016-12-15 20:03 - 2016-11-11 02:19 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
    2016-12-15 20:03 - 2016-11-11 02:19 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
    2016-12-15 20:03 - 2016-11-11 02:18 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
    2016-12-15 20:03 - 2016-11-11 02:16 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
    2016-12-15 20:03 - 2016-11-11 02:15 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
    2016-12-15 20:03 - 2016-11-11 02:14 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
    2016-12-15 20:03 - 2016-11-11 02:13 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
    2016-12-15 20:03 - 2016-11-11 02:06 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
    2016-12-15 20:03 - 2016-11-11 02:06 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
    2016-12-15 20:03 - 2016-11-11 02:04 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2016-12-15 20:03 - 2016-11-11 02:03 - 00565248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
    2016-12-15 20:02 - 2016-12-09 05:27 - 00172528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
    2016-12-15 20:02 - 2016-12-09 04:37 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
    2016-12-15 20:02 - 2016-12-09 04:36 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
    2016-12-15 20:02 - 2016-12-09 04:34 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
    2016-12-15 20:02 - 2016-12-09 04:32 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
    2016-12-15 20:02 - 2016-12-09 04:25 - 00376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
    2016-12-15 20:02 - 2016-11-11 05:22 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
    2016-12-15 20:02 - 2016-11-11 05:15 - 00198856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
    2016-12-15 20:02 - 2016-11-11 05:00 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
    2016-12-15 20:02 - 2016-11-11 04:56 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
    2016-12-15 20:02 - 2016-11-11 04:56 - 00163752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll
    2016-12-15 20:02 - 2016-11-11 04:27 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
    2016-12-15 20:02 - 2016-11-11 04:24 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
    2016-12-15 20:02 - 2016-11-11 04:21 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
    2016-12-15 20:02 - 2016-11-11 04:20 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupugc.exe
    2016-12-15 20:02 - 2016-11-11 04:18 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
    2016-12-15 20:02 - 2016-11-11 04:17 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
    2016-12-15 20:02 - 2016-11-11 04:15 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscinterop.dll
    2016-12-15 20:02 - 2016-11-11 04:15 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
    2016-12-15 20:02 - 2016-11-11 04:11 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2016-12-15 20:02 - 2016-11-11 04:11 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
    2016-12-15 20:02 - 2016-11-11 04:11 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpoext.dll
    2016-12-15 20:02 - 2016-11-11 04:04 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
    2016-12-15 20:02 - 2016-11-11 04:03 - 02669056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2016-12-15 20:02 - 2016-11-11 04:03 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
    2016-12-15 20:02 - 2016-11-11 02:42 - 00374448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
    2016-12-15 20:02 - 2016-11-11 02:27 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetCfgNotifyObjectHost.exe
    2016-12-15 20:02 - 2016-11-11 02:21 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
    2016-12-15 20:02 - 2016-11-11 02:20 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
    2016-12-15 20:02 - 2016-11-11 02:19 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
    2016-12-15 20:02 - 2016-11-11 02:19 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
    2016-12-15 20:02 - 2016-11-11 02:03 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2016-12-15 20:02 - 2016-11-11 02:03 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
    2016-12-15 18:26 - 2016-12-15 18:26 - 00313366 _____ C:\Users\Hinkle\Downloads\WindowsUpdateDiagnostic.diagcab
    2016-12-14 01:27 - 2016-12-14 01:27 - 04251160 _____ (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\Drivers\athw8x.sys
    2016-12-12 16:30 - 2016-12-12 16:30 - 02148563 _____ C:\Users\Hinkle\Downloads\08-09-2016.pdf
    2016-12-12 16:15 - 2016-12-12 16:15 - 03352104 _____ C:\Users\Hinkle\Downloads\December 2016 Lion Eyes.pdf
    2016-12-10 15:43 - 2016-12-10 15:43 - 00364436 _____ C:\Users\Hinkle\Downloads\eStmt_2016-11-15 (3).pdf
    2016-12-10 15:43 - 2016-12-10 15:43 - 00364436 _____ C:\Users\Hinkle\Downloads\eStmt_2016-11-15 (2).pdf
    2016-12-09 15:52 - 2016-12-09 15:52 - 00364436 _____ C:\Users\Hinkle\Downloads\eStmt_2016-11-15 (1).pdf
    2016-12-09 15:48 - 2016-12-09 15:48 - 00364436 _____ C:\Users\Hinkle\Desktop\eStmt_2016-11-15.pdf
    2016-12-09 15:47 - 2016-12-09 15:47 - 00364436 _____ C:\Users\Hinkle\Downloads\eStmt_2016-11-15.pdf
    2016-12-09 10:25 - 2016-12-09 10:25 - 00406708 _____ C:\Users\Hinkle\Downloads\EPSON002.PDF
    2016-12-08 15:51 - 2016-12-08 15:51 - 00287723 _____ C:\Users\Hinkle\Downloads\20161208095739632 (1).pdf
    2016-12-08 15:51 - 2016-12-08 15:51 - 00287723 _____ C:\Users\Hinkle\Desktop\KCG Crab Shack LLC.pdf
    2016-12-08 15:14 - 2016-12-08 15:14 - 00287723 _____ C:\Users\Hinkle\Downloads\20161208095739632.pdf
    2016-12-05 15:48 - 2016-12-15 18:36 - 00000000 ____D C:\Users\Hinkle\AppData\Local\ElevatedDiagnostics
    2016-12-02 16:37 - 2016-12-02 16:37 - 00021727 _____ C:\Users\Hinkle\Downloads\Address_Credit Inquiry Letter (1).pdf
    2016-12-02 16:35 - 2016-12-02 16:35 - 00021727 _____ C:\Users\Hinkle\Desktop\Address_Credit Inquiry Letter 1.pdf
    2016-12-02 16:33 - 2016-12-02 16:33 - 00021727 _____ C:\Users\Hinkle\Downloads\Address_Credit Inquiry Letter.pdf
    2016-11-21 15:57 - 2016-11-21 15:57 - 00244758 _____ C:\Users\Hinkle\Downloads\DisclosurePdf (1).zip
    2016-11-20 18:11 - 2016-11-20 18:11 - 00438413 _____ C:\Users\Hinkle\Downloads\SST Rental 30 days.pdf

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-12-18 14:07 - 2015-07-31 09:50 - 00000000 ____D C:\FRST
    2016-12-18 14:00 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
    2016-12-18 13:58 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF
    2016-12-18 13:56 - 2015-02-05 16:19 - 00000000 ____D C:\ProgramData\Kaspersky Lab
    2016-12-18 13:45 - 2016-09-15 11:57 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2016-12-18 13:45 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\bcastdvr
    2016-12-18 13:44 - 2016-09-15 11:29 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
    2016-12-18 13:44 - 2016-09-15 11:26 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
    2016-12-18 13:44 - 2016-07-16 01:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
    2016-12-18 13:44 - 2015-01-30 21:19 - 00000000 ____D C:\ProgramData\iolo
    2016-12-18 13:44 - 2014-10-13 21:04 - 02779381 _____ C:\WINDOWS\SysWOW64\rootpa.e2e
    2016-12-18 13:18 - 2015-07-31 08:55 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2016-12-18 11:53 - 2015-08-03 10:11 - 00000000 ____D C:\ProgramData\Foolish IT
    2016-12-18 11:24 - 2016-07-16 01:04 - 00008192 _____ C:\WINDOWS\system32\config\ELAM
    2016-12-18 11:07 - 2015-01-30 21:18 - 00000000 ____D C:\Program Files (x86)\iolo
    2016-12-18 11:07 - 2014-04-11 01:27 - 00002221 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.lnk
    2016-12-18 10:54 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
    2016-12-16 17:32 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
    2016-12-16 17:32 - 2016-02-16 11:59 - 00002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2016-12-16 17:32 - 2015-01-30 21:00 - 00002283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-12-16 17:24 - 2016-09-15 11:57 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
    2016-12-16 17:24 - 2016-09-15 11:57 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
    2016-12-16 09:00 - 2016-11-07 07:10 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Hinkle\Desktop\TDSSKiller.exe
    2016-12-15 22:34 - 2016-09-15 11:34 - 00000000 ____D C:\Users\Hinkle
    2016-12-15 21:36 - 2015-07-31 08:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2016-12-15 21:36 - 2015-07-31 08:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2016-12-15 21:32 - 2016-08-04 10:54 - 00000000 ____D C:\Users\Hinkle\Desktop\PBM 2016_2017
    2016-12-15 21:26 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
    2016-12-15 20:53 - 2015-01-28 14:25 - 00000000 __RHD C:\Users\Public\AccountPictures
    2016-12-15 20:52 - 2015-08-09 20:58 - 00997794 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2016-12-15 20:47 - 2016-09-15 11:26 - 00232224 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2016-12-15 20:44 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
    2016-12-15 20:44 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
    2016-12-15 20:44 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\oobe
    2016-12-15 20:44 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
    2016-12-15 20:44 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
    2016-12-15 20:44 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\system32\Dism
    2016-12-15 20:43 - 2016-07-16 06:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2016-12-15 20:43 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
    2016-12-15 20:43 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\servicing
    2016-12-15 20:23 - 2015-01-31 02:06 - 00000000 ____D C:\WINDOWS\system32\MRT
    2016-12-15 20:15 - 2015-01-31 02:06 - 135632432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2016-12-15 18:36 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\NDF
    2016-12-12 16:56 - 2015-02-05 15:01 - 00000000 ____D C:\Users\Hinkle\Documents\Bill Payments
    2016-12-11 18:56 - 2016-07-16 06:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2016-12-11 18:56 - 2016-07-16 06:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2016-12-09 15:57 - 2016-07-16 06:42 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
    2016-12-09 15:56 - 2016-06-22 13:49 - 00000000 ____D C:\Users\Hinkle\Desktop\Photos 2016
    2016-12-08 15:54 - 2015-01-28 14:28 - 00000000 ____D C:\Users\Hinkle\AppData\Local\Packages
    2016-12-05 15:50 - 2015-01-30 20:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2016-12-04 20:23 - 2015-09-21 15:44 - 00000000 ____D C:\Program Files (x86)\Veloxum
    2016-12-02 17:36 - 2015-02-05 15:01 - 00000000 ____D C:\Users\Hinkle\Documents\Barry
    2016-12-02 17:17 - 2015-08-23 15:24 - 00000000 ____D C:\Users\Hinkle\Desktop\PBM Golf 2016
    2016-12-02 16:16 - 2015-12-19 22:26 - 00237912 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klhk.sys
    2016-11-20 18:08 - 2016-07-16 06:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2016-11-20 18:06 - 2015-02-05 16:57 - 00000000 ____D C:\Program Files\Microsoft Office 15

    ==================== Files in the root of some directories =======

    2015-10-02 16:38 - 2015-10-02 16:38 - 0000057 _____ () C:\ProgramData\Ament.ini
    2016-09-15 11:29 - 2016-09-15 11:29 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

    Some files in TEMP:
    ====================
    C:\Users\Hinkle\AppData\Local\Temp\libeay32.dll
    C:\Users\Hinkle\AppData\Local\Temp\msvcr120.dll
    C:\Users\Hinkle\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2016-12-18 13:09

    ==================== End of FRST.txt ============================

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-12-2016
    Ran by Hinkle (18-12-2016 14:09:28)
    Running from C:\Users\Hinkle\Desktop
    Windows 10 Home Version 1607 (X64) (2016-09-15 17:18:00)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2715429996-97748672-1472004195-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-2715429996-97748672-1472004195-503 - Limited - Disabled)
    Guest (S-1-5-21-2715429996-97748672-1472004195-501 - Limited - Disabled)
    Hinkle (S-1-5-21-2715429996-97748672-1472004195-1001 - Administrator - Enabled) => C:\Users\Hinkle

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Kaspersky Total Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Kaspersky Total Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Kaspersky Total Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
    Amazon 1Button App (HKLM-x32\...\{FA378CD1-F32D-4610-9884-3902DF8AF826}) (Version: 2.3.8 - Amazon) <==== ATTENTION
    AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
    AMD Catalyst Install Manager (HKLM\...\{99213849-249E-7726-EBA7-ADFCA48E2246}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
    Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
    Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
    Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    Cut the Rope (x32 Version: 3.0.2.38 - WildTangent) Hidden
    CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3920.05 - CyberLink Corp.)
    ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
    HP Photosmart 6520 series Basic Device Software (HKLM\...\{1151BCF8-3246-4E34-9C17-22E66318C41C}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Photosmart 6520 series Help (HKLM-x32\...\{D3293275-1002-41F5-BC37-099B4251FF5B}) (Version: 28.0.0 - Hewlett Packard)
    HP Photosmart 6520 series Product Improvement Study (HKLM\...\{F144E07C-4019-4092-BE25-B57819C97D2F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Support Solutions Framework (HKLM-x32\...\{E35601C0-BA8E-4F32-919A-C7EF4CA81F67}) (Version: 11.51.0048 - Hewlett-Packard Company)
    HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
    iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
    Intel(R) Technology Access (HKLM-x32\...\{810dff4d-564d-47da-b8bc-a3729815aab7}) (Version: 1.9.1.1008 - Intel Corporation)
    Intel(R) Technology Access Software Asset Manager (x32 Version: 3.4.1942 - Intel Corporation) Hidden
    Intel(R) Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
    iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
    Kaspersky Total Security (HKLM-x32\...\InstallWIX_{F575F386-57EF-4943-B003-A13F13B05EEB}) (Version: 16.0.1.445 - Kaspersky Lab)
    Kaspersky Total Security (x32 Version: 16.0.1.445 - Kaspersky Lab) Hidden
    King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
    Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4875.1001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4875.1001 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4875.1001 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4875.1001 - Microsoft Corporation) Hidden
    Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
    PSP Application (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.370.102 - Realtek Semiconductor Corp.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7885 - Realtek Semiconductor Corp.)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.3 - Synaptics Incorporated)
    TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.18.0 - Toshiba Corporation)
    TOSHIBA Display Utility (HKLM\...\{484A4296-6F3D-4182-8CFA-D664F7DA34AA}) (Version: 1.1.17.0 - Toshiba Corporation)
    TOSHIBA Function Key (HKLM\...\{1844CFE2-EBA3-490A-8A5E-9BFC646342FD}) (Version: 1.1.5.6402 - Toshiba Corporation)
    TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.2.00.56006005 - Toshiba Corporation)
    TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0033 - Toshiba Corporation)
    TOSHIBA System Settings (HKLM-x32\...\{4D57ED72-6B01-40BD-9CA9-012B8FC09CEB}) (Version: 2.0.1.32003 - Toshiba Corporation)
    TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
    Unchecky v1.0.1 (HKLM-x32\...\Unchecky) (Version: 1.0.1 - RaMMicHaeL)
    Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
    WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
    WildTangent Games App (Toshiba Games) (x32 Version: 4.0.10.20 - WildTangent) Hidden
    WildTangent Games App (x32 Version: 4.1.1.8 - WildTangent) Hidden
    WinPatrol (HKLM-x32\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.6.2015.18 - Ruiware)
    WOT for Internet Explorer (HKLM\...\{373B90E1-A28C-434C-92B6-7281AFA6115A}) (Version: 15.6.9.0 - WOT Services Oy)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {07934540-0C41-415C-A24D-EFAEAF379A21} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {0875E229-501E-4DCF-839A-992F10BADFCE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {0EA8C91D-D035-4F00-B2BC-9C6E7569E284} - System32\Tasks\HPCustParticipation HP Photosmart 6520 series => C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
    Task: {1031AC3B-0CCD-4B1A-B572-EF5354B9B526} - System32\Tasks\HP AR Program Upload - fd128ea0f24845eabb57d17b25ecc561082f1f9359724bc6ae26b0fe0ba47e8a => C:\Program Files\HP\HP Photosmart 6520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
    Task: {1321C9C5-D715-46A5-8A2C-60934624A70C} - \WPD\SqmUpload_S-1-5-21-2715429996-97748672-1472004195-1001 -> No File <==== ATTENTION
    Task: {228F51BF-E38B-4F2B-8D94-E5C50DB70578} - System32\Tasks\HP AR Program Upload - 905af14bdf3a43a3b72d58d5fb6616a683b89ad5ed9140f2951af5f48d57cb67 => C:\Program Files\HP\HP Photosmart 6520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
    Task: {23029F9A-C9D8-446F-9D2B-9CC0AC4918A3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {23F18475-A323-4B8A-B28F-1FC83A34FD80} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {2BAA243B-23EB-4FBF-8EDC-524487D863E7} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-08-10] (Synaptics Incorporated)
    Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
    Task: {379BBDA5-0E52-4F64-83E4-8E43ADD1838D} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {40AE58AD-A987-468F-818C-E16F1FC4758A} - System32\Tasks\IntelTA-Upgrade-56460984-97c2-4bc7-a632-d776cf817f5d-Logon => C:\Program Files (x86)\Intel Corporation\Intel(R) Technology Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2016-08-12] (Intel Corporation)
    Task: {54E99870-7FCD-4505-BD37-E45D019736C6} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2015-09-04] (Intel Corporation)
    Task: {5BCCBE98-7713-4C86-93E6-53045AFD9257} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {7302B047-4ECC-4E20-B9F2-AC40816F99AF} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-10-04] (Microsoft Corporation)
    Task: {89814BDA-90B4-491E-B1CC-6DCDEAAF1B81} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
    Task: {98DB44C6-3597-4037-9F32-775E174115FA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-12-15] (Microsoft Corporation)
    Task: {9A0C8628-E228-4F25-A96B-7D89F2757D05} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-10-04] (Microsoft Corporation)
    Task: {9B04F447-F01E-4C4C-93CC-A96BD5465111} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
    Task: {9B8D610C-792D-4ECD-92B8-4C50D8C114E1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
    Task: {A697F0F6-0356-4061-8CA0-FFF840E433A2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {AA51CC48-54E0-4083-A5FE-31E82462096C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
    Task: {B3B0892B-775F-4334-AB31-88EF5F8D7145} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {BEDACF5B-4F3D-4BD7-8962-FB516F0B7225} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
    Task: {D4AB44BF-A871-447D-8BF9-52A3FFBB816B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {DFE4E667-80BF-43D8-8B62-0AFE273FB12D} - System32\Tasks\IntelTA-Upgrade-56460984-97c2-4bc7-a632-d776cf817f5d => C:\Program Files (x86)\Intel Corporation\Intel(R) Technology Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2016-08-12] (Intel Corporation)
    Task: {E8602AD6-9587-492C-B7C1-11D361C57FC4} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {E8A78500-1481-4EE5-BD6E-1386AFC1AF32} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {FD751183-35A6-4003-8788-A257B837A8D9} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ShortcutWithArgument: C:\Users\Hinkle\Documents\hinkle\My Documents\Desktop\Home.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_central
    ShortcutWithArgument: C:\Users\Hinkle\Documents\hinkle\My Documents\Desktop\Search.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_allsearch

    ==================== Loaded Modules (Whitelisted) ==============

    2015-12-17 18:38 - 2015-12-17 18:38 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-12-17 18:38 - 2015-12-17 18:38 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-04-23 00:48 - 2014-04-23 00:48 - 00140288 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
    2015-07-15 20:38 - 2015-07-15 20:38 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
    2015-02-05 16:57 - 2016-05-24 09:51 - 00116416 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2015-07-29 12:48 - 2015-07-29 12:48 - 00088064 _____ () C:\Program Files\Intel Corporation\Intel(R) Technology Access\libglog.dll
    2016-04-26 13:30 - 2016-04-26 13:30 - 00367824 _____ () C:\Program Files\Intel Corporation\Intel(R) Technology Access\JsonCpp.dll
    2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
    2016-12-15 20:04 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
    2016-12-15 20:04 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
    2016-12-15 20:04 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
    2016-09-17 14:49 - 2016-09-17 14:49 - 01864384 _____ () C:\Users\Hinkle\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
    2016-07-27 14:55 - 2016-05-24 11:43 - 08909504 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2016-09-17 04:30 - 2016-09-06 23:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
    2016-12-15 20:04 - 2016-12-09 04:41 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
    2016-11-12 20:17 - 2016-11-02 05:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2016-11-12 20:18 - 2016-11-02 05:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2016-11-12 20:18 - 2016-11-02 05:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
    2016-11-12 20:17 - 2016-11-02 05:15 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
    2016-11-12 20:17 - 2016-11-02 05:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2016-11-12 20:18 - 2016-11-02 05:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2016-12-15 21:30 - 2016-12-15 21:31 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
    2016-12-15 21:30 - 2016-12-15 21:31 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
    2016-12-15 21:30 - 2016-12-15 21:31 - 42130432 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkyWrap.dll
    2016-12-15 21:30 - 2016-12-15 21:31 - 02216448 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\roottools.dll
    2012-07-18 20:38 - 2012-07-18 20:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
    2015-07-15 20:38 - 2015-07-15 20:38 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
    2015-12-22 02:47 - 2015-12-22 02:47 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\kpcengine.2.3.dll
    2016-12-16 17:32 - 2016-12-08 02:29 - 01829208 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
    2016-12-16 17:32 - 2016-12-08 02:29 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll
    2016-12-12 15:52 - 2016-12-12 15:52 - 17833560 _____ () C:\Users\Hinkle\AppData\Local\Google\Chrome\User Data\PepperFlash\24.0.0.186\pepflashplayer.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 08:25 - 2016-12-18 13:45 - 00002406 ____A C:\WINDOWS\system32\Drivers\etc\hosts

    ‣†††㈱⸷⸰⸰‱†††潬慣桬獯൴
    à¨à¨â€£æ¹µæ¡£æ¥ç¥«æ‰Ÿæ¥æ¹©à¨â€£æ¡”ç¥â¥ç•²æ•¬â³æ•·æ•²æ„ æ‘¤æ‘¥æˆ â¹æ¡´â¥æ¹•æ¡£æ¥ç¥«ç€ æ½²ç‰§æµ¡æ¤ â®ç‰¯æ•¤â²æ½´æˆ æ½¬æ£æ„ ç™¤ç‰¥æ¥´æ¥³æ®çŒ æ™¯ç´ç‰¡â¥æ½ç•¤æ•¬àµ³ã€Šã€®ã€®ã€®ã€ ã€®ã€®ã€®âŒ æ˜ ç¡©æ˜ ç‰¯ç æ…²æ•£æ½²ç‘µâ¥æ¹¡â¤æ•®ç´æ…´â´æ¥¤ç³æ…¬â¹æ¹¡æµ¯æ±¡àµ¹ã€Šã€®ã€®ã€®ç æ…²æ£æ¹©â¹§ç¯æ¹¥æ…£æ‘®â¹¹æ½£â¹ã³æ„®æ…潺慮獷挮浯਍⸰⸰⸰‰æ•æ¥¤â¹¡ç¯æ¹¥æ…£æ‘®â¹¹æ½£àµã€Šã€®ã€®ã€®æŒ 湤漮数据湡祤挮浯਍⸰⸰⸰‰牴捡楫杮漮数据湡祤挮浯਍⸰⸰⸰‰灡⹩灯湥慣摮⹹潣àµã€Šã€®ã€®ã€®æ„ 楰爮捥浯æ•æ‘®æ‘¥ç³æŒ®æµ¯à¨â¸°â¸°â¸°â€°æ¹©ç‘³æ±¡æ•¬â¹²æ•¢ç‘´ç‰¥æ¹©ç‘³æ±¡æ•¬â¹²æ½£àµã€Šã€®ã€®ã€®æ¤ ç®æ…´æ±¬ç‰¥æ˜®æ±©æ‰¥æ±µæ‘¬æ¯æŒ®æµ¯à¨â¸°â¸°â¸°â€°ã¤ç¡¯æ¹´ç ±æˆ³æ¸æ¤·æŒ®æ½¬æ‘µç‰¦æ¹¯â¹´æ•®àµ´ã€Šã€®ã€®ã€®æ¤ æ¹®â¹¯æ¥¢ç‰³â¹¶æ½£àµã€Šã€®ã€®ã€®æ¸ 楳⹳楢牳⹶潣àµã€Šã€®ã€®ã€®æŒ 湤昮汩㉥敤æ³æ½´â¹°æ½£àµã€Šã€®ã€®ã€®æŒ 湤朮慯整獡捴捡⹨獵਍⸰⸰⸰‰摣⹮畧瑴獡慴摴⹫獵਍⸰⸰⸰‰摣⹮湩æ³æ¹©æ•æ¥¤â¹¡æ½£àµã€Šã€®ã€®ã€®æŒ 湤椮獮慴漮扩湵汤獥⸲潣àµã€Šã€®ã€®ã€®æŒ æ¹¤æ¤®ç®æ…´ç€®æ…¬æ‰¹ç¥²æ•´æŒ®æµ¯à¨â¸°â¸°â¸°â€°æ‘£â¹®æ±¬æ¯ç‘¥æ…¦ç‘³æ…£æ¡£ç”®àµ³ã€Šã€®ã€®ã€®æŒ æ¹¤æ´®æ¹¯æ¥´ç‰¥â¹¡æ½£àµã€Šã€®ã€®ã€®æŒ 湤洮摳湷摬挮浯਍⸰⸰⸰‰摣⹮ç¥æ°æ…¢æ£çµæŒ®æµ¯à¨â¸°â¸°â¸°â€°æ‘£â¹®ç°æ½¤æ¹·æ½¬æ‘¡æŒ®æµ¯à¨â¸°â¸°â¸°â€°æ‘£â¹®æ¥²æ•£ç‘¡æ…¥ç‘³æ…£æ¡£ç”®àµ³ã€Šã€®ã€®ã€®æŒ 湤献票灡瑯瑡⹯獵਍⸰⸰⸰‰摣⹮潳楬æ‰â¹¡æ½£àµã€Šã€®ã€®ã€®æŒ 湤琮瑵㑯捰挮浯਍⸰⸰⸰‰摣⹮灡牰畯摮戮穩਍⸰⸰⸰‰摣⹮楢獧数摥牰⹯潣àµã€Šã€®ã€®ã€®æŒ 湤戮獩摰挮浯਍⸰⸰⸰‰摣⹮楢牳⹶潣àµã€Šã€®ã€®ã€®æŒ 湤挮湤灤挮浯਍⸰⸰⸰‰摣⹮潤湷潬摡献敷瑥慰æ£â¹³æ½£àµã€Šã€®ã€®ã€®æŒ 湤搮摰睯汮慯⹤潣àµã€Šã€®ã€®ã€®æŒ 湤瘮獩慵扬敥渮瑥਍‣湵档捥祫敟摮਍

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2715429996-97748672-1472004195-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Hinkle\AppData\Local\Microsoft\Windows\Themes\TranscodedWallpaper
    DNS Servers: 192.168.0.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    MSCONFIG\Services: DSAO => 2

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => LPort=139
    FirewallRules: [{D09E2FA5-7B07-479C-8E76-17CB1330FD10}] => C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{C19555D5-4EFD-4B1B-90F7-0CADEABE6DA1}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{C2E8F6D4-3CA4-42A5-94A6-358D646EAB80}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{7D13B547-B5BD-4E9B-8FA5-22328928750F}] => C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{54FEF99E-B3AF-40A7-ABD9-E00C9D537D84}] => C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{56BA9BDD-831B-48DE-B955-23973A169CAE}] => C:\Users\Hinkle\AppData\Local\Chromium\Application\chrome.exe
    FirewallRules: [{309DD659-0315-4C44-B4E6-07463691AAF9}] => C:\Users\Hinkle\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
    FirewallRules: [{CA929A70-79BF-45C1-8326-ACF22760DE30}] => C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
    FirewallRules: [{53C9EC08-932C-4311-9796-330C94CF8677}] => C:\Program Files\HP\HP Photosmart 6520 series\Bin\DeviceSetup.exe
    FirewallRules: [{3B225986-3368-4941-BF2D-DCBF3B3FEE0E}] => C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicator.exe
    FirewallRules: [{3E38C699-1047-439F-BE8E-D6D9030BCCEE}] => C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicatorCom.exe
    FirewallRules: [{8F632A2D-0FC0-446F-99E4-29E2B6FA11F0}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Restore Points =========================

    15-12-2016 20:14:01 Windows Update

    ==================== Faulty Device Manager Devices =============

    Name:
    Description:
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (12/18/2016 01:59:24 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x8007001f, A device attached to the system is not functioning.
    .


    Operation:
    Executing Asynchronous Operation

    Context:
    Current State: DoSnapshotSet

    Error: (12/18/2016 01:57:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.
    .

    Error: (12/18/2016 01:49:24 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x8007001f, A device attached to the system is not functioning.
    .


    Operation:
    Executing Asynchronous Operation

    Context:
    Current State: DoSnapshotSet

    Error: (12/18/2016 01:46:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.
    .

    Error: (12/18/2016 01:40:27 PM) (Source: Perflib) (EventID: 1008) (User: )
    Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

    Error: (12/18/2016 12:14:04 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x8007001f, A device attached to the system is not functioning.
    .


    Operation:
    Executing Asynchronous Operation

    Context:
    Current State: DoSnapshotSet

    Error: (12/18/2016 12:11:06 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.
    .

    Error: (12/18/2016 12:03:00 PM) (Source: Application) (EventID: 0) (User: )
    Description: Event-ID 0

    Error: (12/18/2016 12:01:59 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x8007001f, A device attached to the system is not functioning.
    .


    Operation:
    Executing Asynchronous Operation

    Context:
    Current State: DoSnapshotSet

    Error: (12/18/2016 11:58:26 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.
    .


    System errors:
    =============
    Error: (12/18/2016 01:59:06 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
    Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

    Error: (12/18/2016 01:56:06 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
    and APPID
    {F72671A9-012C-4725-9D2F-2A4D32D65169}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (12/18/2016 01:49:57 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
    Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

    Error: (12/18/2016 01:46:56 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
    and APPID
    {F72671A9-012C-4725-9D2F-2A4D32D65169}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (12/18/2016 12:11:45 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
    Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

    Error: (12/18/2016 12:10:45 PM) (Source: DCOM) (EventID: 10010) (User: BRENDA)
    Description: The server {21F282D1-A881-49E1-9A3A-26E44E39B86C} did not register with DCOM within the required timeout.

    Error: (12/18/2016 12:08:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
    and APPID
    {F72671A9-012C-4725-9D2F-2A4D32D65169}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (12/18/2016 12:08:14 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Amazon 1Button App Service service to connect.

    Error: (12/18/2016 12:04:56 PM) (Source: DCOM) (EventID: 10016) (User: BRENDA)
    Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {C2F03A33-21F5-47FA-B4BB-156362A2F239}
    and APPID
    {316CDED5-E4AE-4B15-9113-7055D84DCC97}
    to the user Brenda\Hinkle SID (S-1-5-21-2715429996-97748672-1472004195-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

    Error: (12/18/2016 12:01:08 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
    Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.


    ==================== Memory info ===========================

    Processor: AMD A8-6410 APU with AMD Radeon R5 Graphics
    Percentage of memory in use: 42%
    Total physical RAM: 5081.23 MB
    Available physical RAM: 2945.61 MB
    Total Virtual: 5913.23 MB
    Available Virtual: 3498.3 MB

    ==================== Drives ================================

    Drive c: (TI10700500A) (Fixed) (Total:687.32 GB) (Free:643.05 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 698.6 GB) (Disk ID: 00000000)

    Partition: GPT.

    ==================== End of Addition.txt ============================
     
  2. Tony D

    Tony D Super-Moderator Super Moderators

    Joined:
    Sep 25, 2009
    Messages:
    3,070
    Location:
    SE Pennsylvania, USA
    Operating System:
    Windows XP Professional
    Adding - Kaspersky Total Security is installed on this machine.
    It reported that there is a rootkit. It’s in the Chrome extensions – those ending in background.js.
    I had Kaspersky remove it.
     
  3. starbuck

    starbuck Administrator - Malware Removal Specialist Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,483
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi Tony,

    Startup entries
    Is it necessary to have WinPatrol run at startup?
    Yes, it's a valid entry... but what is gained from it?

    This can be run manually, it doesn't need to run at startup.
    How often does it actually find updates?

    Possible Conflict
    Kaspersky Total Security is running... which includes a 2 way firewall.
    Has the firewall been activated?
    The reason I ask is that the report is showing:
    If the KTS firewall is active, the 2 will conflict.

    Report Cleanup
    Please download the attached fixlist.txt file (bottom of this post) and save it to the Desktop.
    NOTE.
    It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine.
    Running this on another machine may cause damage to your operating system


    Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait.

    2cf1672fdd2151dad6f349c704143429.png

    The tool will make a log on the Desktop (Fixlog.txt). Please post this in your next reply.

    Double Check for Adware
    Because MBAM found a lot of Adware, let's run another check:

    Please download RogueKiller Anti-malware (Free) onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on RogueKiller Anti-malware to install the tool.
      Vista/Windows 7/8/10 users right-click and select Run As Administrator.
    • Select Accept the User Agreement then continue to click Next then finally click Install
    • Click Finish
      .
    • When the program opens..... click Scan

      7b512b4714ad7388ba40bdf4658d8770.png

    • Click Start Scan

      fb8fcbeabfc4db8487b2fc1ec6c10afd.png

      c25dc32bd136372e90a3af791dfd642a.png

    • Double check anything found and tick to select items to be removed

      e5a9dca8a5ea08a2d3f5061db7b08355.png

    • Click Remove Selected
    • When the items have been removed.... Click Open Report >> Open TXT.
    • Copy and paste that report into your next reply.

    In your next reply, please submit:
    Fixlog.txt
    RogueKiller report

    also let me know if the KTS firewall was turned on.


    Thanks.
     

    Attached Files:

  4. Tony D

    Tony D Super-Moderator Super Moderators

    Joined:
    Sep 25, 2009
    Messages:
    3,070
    Location:
    SE Pennsylvania, USA
    Operating System:
    Windows XP Professional
    Thank you,

    I'm waiting for an ESET on-line scan to complete. It's about 80% and no threats founds so far.

    Yes, in the Kaspersky settings, I see the Kaspersky firewall is ON. The Windows Firewall Control Panel says the settings are being managed by Kaspersky Internet Security. Shouldn't that have turned off the Windows firewall? And Yes, I see that Windows Firewall is ON when I go to Windows Firewall Advanced Settings.

    Did I mention that the machine is slow to open applications like MS Word and Chrome?

    I'd like to finish the ESET scan before running the fixlist.txt. The ESET scan is not set to delete anything.
     
  5. starbuck

    starbuck Administrator - Malware Removal Specialist Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,483
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Some 3rd party firewalls will turn the Windows firewall off, but not all.
    That's why a check is always recommended.

    Just that some applications were slow to open.

    That's fine.
     
  6. Tony D

    Tony D Super-Moderator Super Moderators

    Joined:
    Sep 25, 2009
    Messages:
    3,070
    Location:
    SE Pennsylvania, USA
    Operating System:
    Windows XP Professional
    I typically install WinPatrol. It alerts the user of any changes to the startup. My thinking is that if WinPatrol pops up saying that there's a change in the startup, it gives the user a chance to Accept or Deny the change.

    Windows Firewall reports that it's ON and Kaspersky has controll of it. I'm unable to turn Windows Firewall OFF.

    Here's the logs.

    Fix result of Farbar Recovery Scan Tool (x64) Version: 17-12-2016
    Ran by Hinkle (18-12-2016 16:39:02) Run:2
    Running from C:\Users\Hinkle\Desktop
    Loaded Profiles: Hinkle (Available Profiles: Hinkle)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    HKLM-x32\...\Run: [] => [X]
    SearchScopes: HKLM -> {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL =
    SearchScopes: HKU\S-1-5-21-2715429996-97748672-1472004195-1001 -> {C894BFC2-6ADA-4422-BC2F-057A8C03777E} URL =
    2016-12-18 11:07 - 2016-12-18 13:44 - 00000000 ____D C:\Program Files (x86)\Amazon
    2016-12-18 11:07 - 2015-01-30 21:18 - 00000000 ____D C:\Program Files (x86)\iolo
    2016-12-18 11:07 - 2014-04-11 01:27 - 00002221 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.lnk
    C:\Users\Hinkle\AppData\Local\Temp\libeay32.dll
    C:\Users\Hinkle\AppData\Local\Temp\msvcr120.dll
    C:\Users\Hinkle\AppData\Local\Temp\sqlite3.dll
    Task: {07934540-0C41-415C-A24D-EFAEAF379A21} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {0875E229-501E-4DCF-839A-992F10BADFCE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {1321C9C5-D715-46A5-8A2C-60934624A70C} - \WPD\SqmUpload_S-1-5-21-2715429996-97748672-1472004195-1001 -> No File <==== ATTENTION
    Task: {23029F9A-C9D8-446F-9D2B-9CC0AC4918A3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {23F18475-A323-4B8A-B28F-1FC83A34FD80} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {379BBDA5-0E52-4F64-83E4-8E43ADD1838D} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {5BCCBE98-7713-4C86-93E6-53045AFD9257} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {A697F0F6-0356-4061-8CA0-FFF840E433A2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {B3B0892B-775F-4334-AB31-88EF5F8D7145} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {D4AB44BF-A871-447D-8BF9-52A3FFBB816B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {E8602AD6-9587-492C-B7C1-11D361C57FC4} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {E8A78500-1481-4EE5-BD6E-1386AFC1AF32} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    FirewallRules: [{56BA9BDD-831B-48DE-B955-23973A169CAE}] => C:\Users\Hinkle\AppData\Local\Chromium\Application\chrome.exe
    C:\Users\Hinkle\AppData\Local\Chromium
    CMD: ipconfig /flushdns
    Hosts:
    EmptyTemp:
    *****************

    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{c9ab6446-7efc-47fe-966c-dc54324eff9f}" => key removed successfully
    HKCR\CLSID\{c9ab6446-7efc-47fe-966c-dc54324eff9f} => key not found.
    "HKU\S-1-5-21-2715429996-97748672-1472004195-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C894BFC2-6ADA-4422-BC2F-057A8C03777E}" => key removed successfully
    HKCR\CLSID\{C894BFC2-6ADA-4422-BC2F-057A8C03777E} => key not found.
    C:\Program Files (x86)\Amazon => moved successfully
    C:\Program Files (x86)\iolo => moved successfully
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.lnk => moved successfully
    C:\Users\Hinkle\AppData\Local\Temp\libeay32.dll => moved successfully
    C:\Users\Hinkle\AppData\Local\Temp\msvcr120.dll => moved successfully
    C:\Users\Hinkle\AppData\Local\Temp\sqlite3.dll => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{07934540-0C41-415C-A24D-EFAEAF379A21}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{07934540-0C41-415C-A24D-EFAEAF379A21}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0875E229-501E-4DCF-839A-992F10BADFCE}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0875E229-501E-4DCF-839A-992F10BADFCE}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1321C9C5-D715-46A5-8A2C-60934624A70C}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1321C9C5-D715-46A5-8A2C-60934624A70C}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-2715429996-97748672-1472004195-1001" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{23029F9A-C9D8-446F-9D2B-9CC0AC4918A3}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23029F9A-C9D8-446F-9D2B-9CC0AC4918A3}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{23F18475-A323-4B8A-B28F-1FC83A34FD80}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23F18475-A323-4B8A-B28F-1FC83A34FD80}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{379BBDA5-0E52-4F64-83E4-8E43ADD1838D}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{379BBDA5-0E52-4F64-83E4-8E43ADD1838D}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5BCCBE98-7713-4C86-93E6-53045AFD9257}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5BCCBE98-7713-4C86-93E6-53045AFD9257}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A697F0F6-0356-4061-8CA0-FFF840E433A2}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A697F0F6-0356-4061-8CA0-FFF840E433A2}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B3B0892B-775F-4334-AB31-88EF5F8D7145}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B3B0892B-775F-4334-AB31-88EF5F8D7145}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D4AB44BF-A871-447D-8BF9-52A3FFBB816B}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D4AB44BF-A871-447D-8BF9-52A3FFBB816B}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E8602AD6-9587-492C-B7C1-11D361C57FC4}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8602AD6-9587-492C-B7C1-11D361C57FC4}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E8A78500-1481-4EE5-BD6E-1386AFC1AF32}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8A78500-1481-4EE5-BD6E-1386AFC1AF32}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{56BA9BDD-831B-48DE-B955-23973A169CAE} => value removed successfully
    C:\Users\Hinkle\AppData\Local\Chromium => moved successfully

    ========= ipconfig /flushdns =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========

    "C:\Windows\System32\Drivers\etc\hosts" => Could not move.
    Could not restore Hosts.

    =========== EmptyTemp: ==========

    BITS transfer queue => 0 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 58319077 B
    Java, Flash, Steam htmlcache => 1862 B
    Windows/system/drivers => 27794999 B
    Edge => 139778 B
    Chrome => 654204775 B
    Firefox => 0 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Default => 7680 B
    Users => 0 B
    ProgramData => 0 B
    Public => 0 B
    systemprofile => 0 B
    systemprofile32 => 0 B
    LocalService => 150916 B
    NetworkService => 0 B
    Hinkle => 61405741 B

    RecycleBin => 20039172 B
    EmptyTemp: => 784 MB temporary data Removed.

    ================================


    The system needed a reboot.

    ==== End of Fixlog 16:40:06 ====

    RogueKiller V12.8.5.0 (x64) [Dec 12 2016] (Free) by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/download/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 10 (10.0.14393) 64 bits version
    Started in : Normal mode
    User : Hinkle [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
    Mode : Delete -- Date : 12/18/2016 16:50:39 (Duration : 00:42:46)

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 7 ¤¤¤
    [PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://toshiba13.msn.com/?pc=TNJB -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2715429996-97748672-1472004195-1001\Software\Microsoft\Internet Explorer\Main | Start Page : https://mail.verizon.com/webmail/driver?nimlet=showmessages&view=emails -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2715429996-97748672-1472004195-1001\Software\Microsoft\Internet Explorer\Main | Start Page : https://mail.verizon.com/webmail/driver?nimlet=showmessages&view=emails -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
    [PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://toshiba13.msn.com/?pc=TNJB -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2715429996-97748672-1472004195-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://toshiba13.msn.com/?pc=TNJB -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2715429996-97748672-1472004195-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://toshiba13.msn.com/?pc=TNJB -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{cfb06467-c8e5-40e6-a518-359d131b3b3a} | DhcpNameServer : 12.127.16.68 216.57.128.2 12.127.17.77 216.57.130.1 12.127.16.77 ([-][United States][-][United States][-]) -> Replaced ()

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 8 ¤¤¤
    [PUP][File] C:\Users\Hinkle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dragons of Atlantis.lnk [LNK@] C:\Users\Hinkle\AppData\Local\Pokki\Engine\HostAppService.exe /OPEN"cfada041afdc4a11092a096cac66ab6a0945d92b" -> Deleted
    [PUP][File] C:\Users\Hinkle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Edgeworld.lnk [LNK@] C:\Users\Hinkle\AppData\Local\Pokki\Engine\HostAppService.exe /OPEN"2e9d53cc2b402b6e65aa9551308ca17a19c4721a" -> Deleted
    [PUP][File] C:\Users\Hinkle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FarmVille 2.lnk [LNK@] C:\Users\Hinkle\AppData\Local\Pokki\Engine\HostAppService.exe /OPEN"34e8f5c0c9e5744bf2cdb514283762dd0524776b" -> Deleted
    [PUP][File] C:\Users\Hinkle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Groupon.lnk [LNK@] C:\Users\Hinkle\AppData\Local\Pokki\Engine\HostAppService.exe /OPEN"893e2a8f4b240ed6d7def79e56791067c96f41be" -> Deleted
    [PUP][File] C:\Users\Hinkle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dragons of Atlantis.lnk [LNK@] C:\Users\Hinkle\AppData\Local\Pokki\Engine\HostAppService.exe /OPEN"cfada041afdc4a11092a096cac66ab6a0945d92b" -> Removed at reboot [2]
    [PUP][File] C:\Users\Hinkle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Edgeworld.lnk [LNK@] C:\Users\Hinkle\AppData\Local\Pokki\Engine\HostAppService.exe /OPEN"2e9d53cc2b402b6e65aa9551308ca17a19c4721a" -> Removed at reboot [2]
    [PUP][File] C:\Users\Hinkle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FarmVille 2.lnk [LNK@] C:\Users\Hinkle\AppData\Local\Pokki\Engine\HostAppService.exe /OPEN"34e8f5c0c9e5744bf2cdb514283762dd0524776b" -> Removed at reboot [2]
    [PUP][File] C:\Users\Hinkle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Groupon.lnk [LNK@] C:\Users\Hinkle\AppData\Local\Pokki\Engine\HostAppService.exe /OPEN"893e2a8f4b240ed6d7def79e56791067c96f41be" -> Removed at reboot [2]

    ¤¤¤ WMI : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

    ¤¤¤ Web browsers : 1 ¤¤¤
    [PUM.HomePage][Firefox:Config] 8ijiyumi.default : user_pref("browser.startup.homepage", "https://www.malwarebytes.org/restor...yD0DyDtAyDzz0CyD2QtN0A0LzutB&cr=380049710&ir="); -> Replaced (about:home)

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: TOSHIBA MQ01ABD075 +++++
    --- User ---
    [MBR] a84dd93b5b19931ceaddbccc47850486
    [BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
    Partition table:
    0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 1024 MB
    1 - [MAN-MOUNT] Basic data partition | Offset (sectors): 2099200 | Size: 100 MB
    2 - [MAN-MOUNT] Basic data partition | Offset (sectors): 2304000 | Size: 128 MB
    3 - Basic data partition | Offset (sectors): 2566144 | Size: 703820 MB
    4 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 1443991552 | Size: 830 MB
    5 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1445691392 | Size: 9500 MB
    User = LL1 ... OK
    User = LL2 ... OK


    The FRST log said
    Here is the hosts file
    # unchecky_begin
    # These rules were added by the Unchecky program in order to block advertising software modules
    0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
    0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
    0.0.0.0 media.opencandy.com
    0.0.0.0 cdn.opencandy.com
    0.0.0.0 tracking.opencandy.com
    0.0.0.0 api.opencandy.com
    0.0.0.0 api.recommendedsw.com
    0.0.0.0 installer.betterinstaller.com
    0.0.0.0 installer.filebulldog.com
    0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
    0.0.0.0 inno.bisrv.com
    0.0.0.0 nsis.bisrv.com
    0.0.0.0 cdn.file2desktop.com
    0.0.0.0 cdn.goateastcach.us
    0.0.0.0 cdn.guttastatdk.us
    0.0.0.0 cdn.inskinmedia.com
    0.0.0.0 cdn.insta.oibundles2.com
    0.0.0.0 cdn.insta.playbryte.com
    0.0.0.0 cdn.llogetfastcach.us
    0.0.0.0 cdn.montiera.com
    0.0.0.0 cdn.msdwnld.com
    0.0.0.0 cdn.mypcbackup.com
    0.0.0.0 cdn.ppdownload.com
    0.0.0.0 cdn.riceateastcach.us
    0.0.0.0 cdn.shyapotato.us
    0.0.0.0 cdn.solimba.com
    0.0.0.0 cdn.tuto4pc.com
    0.0.0.0 cdn.appround.biz
    0.0.0.0 cdn.bigspeedpro.com
    0.0.0.0 cdn.bispd.com
    0.0.0.0 cdn.bisrv.com
    0.0.0.0 cdn.cdndp.com
    0.0.0.0 cdn.download.sweetpacks.com
    0.0.0.0 cdn.dpdownload.com
    0.0.0.0 cdn.visualbee.net
    # unchecky_end
     
  7. starbuck

    starbuck Administrator - Malware Removal Specialist Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,483
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi Tony,

    This is one of the reasons that I hate these so called Total Security programs.
    They take control of everything.
    McAfee used to do this as well.
    With 2 firewalls running you can expect problems.... if KTS won't let you turn off the Windows Firewall, you have a bigger problem.

    With an ordinary AV installed I can see that this might help.
    But with all of this running........
    f5f9ba5517c36e9e5c5e45b5f85e0612.png
    It seems like overkill to me.... but that's just my opinion.

    It's either KTS or Unchecky that is protecting the Hosts file then.
    The reason I added that command was that I've never seen a Hosts file look like this:
     
  8. Tony D

    Tony D Super-Moderator Super Moderators

    Joined:
    Sep 25, 2009
    Messages:
    3,070
    Location:
    SE Pennsylvania, USA
    Operating System:
    Windows XP Professional
    Yikes!!

    What FRST sees in the hosts file is not what I see when I open it in NotePad. Wonder why that is.

    I didn't install the Kaspersky security. How does it rate these days? Looking at this instance where it hasn't turned off the Windows firewall, I assume it doesn't rank well.

    That said, do you think running two firewalls would cause something like MS Word to hang when starting? Actually MS Word seems to be opening faster now. So does Chrome. I think it might be good.

    Thanks again,
     
  9. starbuck

    starbuck Administrator - Malware Removal Specialist Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,483
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    With the version of Win10 that this system is running.... KTS doesn't fair very well.

    Kaspersky products have issues in Windows 10 Anniversary Update

    scroll down for KTS

    Have no idea, I've never seen that before.

    If the owner is intent on keeping KTS (i personally think that KAV is good enough ) then i suggest....
    Remove KTS and get back control.
    Then turn off the firewall.... then reinstall KTS.
     
  10. Tony D

    Tony D Super-Moderator Super Moderators

    Joined:
    Sep 25, 2009
    Messages:
    3,070
    Location:
    SE Pennsylvania, USA
    Operating System:
    Windows XP Professional
    What do you think about turning the Kaspersky firewall OFF and leaving the Windows firewall ON?
     
  11. starbuck

    starbuck Administrator - Malware Removal Specialist Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,483
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Definitely worth a try.
    To be honest the win10 firewall does a pretty good job.
     
  12. Tony D

    Tony D Super-Moderator Super Moderators

    Joined:
    Sep 25, 2009
    Messages:
    3,070
    Location:
    SE Pennsylvania, USA
    Operating System:
    Windows XP Professional
    Once I turned the Kapsersky firewall OFF, I was able to then turn the Windows firewall OFF also. Seems this is because with the Kaspersky firewall OFF, it no longer locked the user out of controlling the Windows firewall. Then I turned the Kaspersky firewall back on.

    Ran FRTS and it reported that both Kaspersky and Windows firewalls were Enabled.

    So I wondered why FRST is reporting the Windows FW is ON.
    Looking closer at the Windows Control Panel, it reports Windows Public Profile FW is ON, the Private Profile FW is OFF, the Domain Profile FW is ON.

    I turned off the Windows Public FW and now FRST is reporting the Windows FW is disabled and the Kaspersky FW is enabled.

    btw: the machine is running nicely.
     
    Last edited: Dec 19, 2016
  13. starbuck

    starbuck Administrator - Malware Removal Specialist Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,483
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    That's good :)

    Out of curiosity, did the Eset scan throw up anything?
     
  14. Tony D

    Tony D Super-Moderator Super Moderators

    Joined:
    Sep 25, 2009
    Messages:
    3,070
    Location:
    SE Pennsylvania, USA
    Operating System:
    Windows XP Professional
    The ESET scan reported it was clean.
     
  15. starbuck

    starbuck Administrator - Malware Removal Specialist Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,483
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    So are there any problems with the system now?
     
  16. Tony D

    Tony D Super-Moderator Super Moderators

    Joined:
    Sep 25, 2009
    Messages:
    3,070
    Location:
    SE Pennsylvania, USA
    Operating System:
    Windows XP Professional
    I don't think so. Seems good to me.

    You're the best!
     
  17. starbuck

    starbuck Administrator - Malware Removal Specialist Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,483
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Ok.
    Thanks Tony.
     

Share This Page