Starbuck

Hi Skyclad Then this is really confusing. The Desktop is always the preferred location for downloading our tools..... but not everyone follows our instructions properly. When I post the fix instructions I always copy the folder that FRST was run from.... from the report it self. This way there can be no problem with the fixlist being downloaded to the wrong folder. If you look at the 'header' on the reports, is clearly states: So FRST wasn't run from the Desktop. The report also bares this out: If you don't download to the Download folder.... how was FRST run from there? Have a look in the Download folder.... Click Start and then click on your user name..... A list of folders will come up. Double-click the downloads folder to open it.

Hi Skyclad, There's only a few orphan entries to remove. We may as well do that and cleanup some other bits. Ken's idea of trying another mouse sounds good, especially as there's nothing showing in the reports to suggest a problem. You can pick these up really cheap now. Please download the attached fixlist.txt file (bottom of this post) and save it to C:\Users\Mike\Downloads. NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait. http://img.photobucket.com/albums/v708/starbuck50/frstfix_zps7db0c905.png The tool will make a log in the Download folder (Fixlog.txt). Please post this in your next reply. Thanks fixlist.txt

Hi Skyclad, It's good to see you again. Just a couple of questions before we start... Is this a laptop or a desktop computer? Does this happen when just using browsers or does this happen when you're working offline? This may well not be caused through malware etc, but we'll take a look anyway. Note: There are both 32-bit and 64-bit versions of Farbar Recovery Scan Tool available. Please pick the version that matches your operating system's bit type. If you are unsure what you're system bit type is..... click Here for help. For x32 bit systems download Farbar Recovery Scan Tool and save it to your Desktop. For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop. Double-click the downloaded icon to run the tool. Vista/Windows 7/8/10 users right-click and select Run As Administrator http://img.photobucket.com/albums/v708/starbuck50/frsticon_zpsdc3cbdc3.png When the tool opens click Yes to disclaimer. http://img.photobucket.com/albums/v708/starbuck50/frstdis_zps7f598f12.png Make sure that Addition.txt is selected at the bottom Press Scan button. http://img.photobucket.com/albums/v708/starbuck50/newfrst_zpsa63ffa3d.png It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also. In your next reply, please submit: Both reports from Frst and answer the couple of questions at the beginning. Thanks.

I see no reason to stop using it. I still have a win 7 system which I still use a few times a week. As long as you have good security installed and use common sense when on the internet, you shouldn't have any problem.

Glad to hear that Bob. I wish you a very Prosperous New Year.

Hi Bob, Try the solution in Post#6 https://www.tenforums.com/general-support/38451-copy-paste-problem-windows-wont-do.html

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-12-2016 Ran by bob (26-12-2016 08:07:57) Running from C:\Users\bob\Downloads Windows 10 Pro Version 1607 (X64) (2016-11-07 15:48:15) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-962910320-1154512269-2272114608-500 - Administrator - Disabled) bob (S-1-5-21-962910320-1154512269-2272114608-1001 - Administrator - Enabled) => C:\Users\bob DefaultAccount (S-1-5-21-962910320-1154512269-2272114608-503 - Limited - Disabled) Guest (S-1-5-21-962910320-1154512269-2272114608-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-962910320-1154512269-2272114608-1004 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AV: ESET NOD32 Antivirus 10.0.369.0 (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70} AS: ESET NOD32 Antivirus 10.0.369.0 (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD} AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.5.78.7302 - BlueStack Systems, Inc.) Canon G.726 WMP-Decoder (HKLM-x32\...\Canon G.726 WMP-Decoder) (Version: 1.1.0.4 - ) Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 2.5.0.15 - ) Canon RAW Image Task for ZoomBrowser EX (HKLM-x32\...\RAW Image Task) (Version: 0.9.3.9 - ) Canon Utilities CameraWindow DC (HKLM-x32\...\CameraWindowDC) (Version: 7.0.0.15 - Canon Inc.) Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 6.4.0.5 - ) Canon Utilities MyCamera DC (HKLM-x32\...\MyCameraDC) (Version: 7.0.0.5 - ) Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.20.44 - ) Canon Utilities RemoteCapture DC (HKLM-x32\...\RemoteCaptureDC) (Version: 3.0.1.8 - ) Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.7.1.9 - ) Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.0.0.246 - ) Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.0.0.19 - ) CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform) ChromecastApp (HKU\S-1-5-21-962910320-1154512269-2272114608-1001\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1693.0 - Google Inc.) Dropbox (HKLM-x32\...\Dropbox) (Version: 16.4.30 - Dropbox, Inc.) Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden ESET NOD32 Antivirus (HKLM\...\{3E28A4F1-F5C8-46AD-862C-81EBA1536FA8}) (Version: 10.0.369.0 - ESET, spol. s r.o.) Google Photos Backup (HKU\S-1-5-21-962910320-1154512269-2272114608-1001\...\Google Photos Backup) (Version: 1.1.2.13 - Google, Inc.) Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.42 - Irfan Skiljan) Malwarebytes version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes) Microsoft OneDrive (HKU\S-1-5-21-962910320-1154512269-2272114608-1001\...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7553 - Realtek Semiconductor Corp.) Revo Uninstaller Pro 3.1.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.8 - VS Revo Group, Ltd.) RoboForm 7-9-25-5 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-25-5 - Siber Systems) Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-962910320-1154512269-2272114608-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\bob\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-962910320-1154512269-2272114608-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\bob\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {13BC1EFB-43A0-4DD7-B73D-15E77F774339} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-12-17] (Dropbox, Inc.) Task: {3FC013E0-1C6B-48C5-A8CF-EAF2C6BD2054} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-12-17] (Dropbox, Inc.) Task: {418001CE-F544-45C5-B7C3-61D396A3CB2C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-06] (Piriform Ltd) Task: {4535A12B-9D38-46FB-9B22-D040F471CE25} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation) Task: {6E35E5E4-6B6A-41F6-8F5A-1B4AB75336E4} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMJMMMNJGMKMKMPMHMCNLMOJMJIMCNLMLMIMJMCNNJLJMMPMCNNJMJGMKMOMNJMJMMNMMJLMKMJNJICMIMCNGMCNNMKMFMOMOMCNKMIMJMCNOMLMMMGMMMFMPMCNPMCNOMLMMMGMMMCNNMJNPICMOMFMEKMICNJJCKFMMMMMPMJNHICMEKMICNJJCKJNBJCMNJAJNJJNKJCMJNNICMJNDJCMKJBJJNMJCM (the data entry has 55 more characters). Task: {8CD67F38-64FF-4B79-8F8B-AA8B10C226E6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-17] (Google Inc.) Task: {8D1F8E01-295D-4D56-9704-67C6D03196E2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-962910320-1154512269-2272114608-1001Core => C:\Users\bob\AppData\Local\Google\Update\GoogleUpdate.exe [2016-11-09] (Google Inc.) Task: {9056FEE9-4ED3-475A-BE02-22AEA597B646} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation) Task: {91C1957F-6DE0-418A-AF86-C469EA5750DC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation) Task: {978CA28D-5E49-4EFF-B798-401F7F73C658} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-17] (Google Inc.) Task: {9E80CE57-6E2E-42B9-B0C2-1E086A88230C} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2016-12-17] (Siber Systems) Task: {C507B3DB-2880-498D-AF9B-F4DDD27B6DD3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-962910320-1154512269-2272114608-1001UA => C:\Users\bob\AppData\Local\Google\Update\GoogleUpdate.exe [2016-11-09] (Google Inc.) Task: {EFDBD7A4-28F5-4DCD-ADD6-1EB0B7DD2C32} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-07-16 11:42 - 2016-07-16 11:42 - 00231424 ____N () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-12-14 16:19 - 2016-12-09 10:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-11-07 15:41 - 2015-11-05 15:08 - 00116344 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2016-12-20 13:25 - 2016-12-14 12:55 - 02259232 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll 2016-12-20 13:25 - 2016-12-14 12:55 - 02247632 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2016-12-20 13:25 - 2016-12-14 12:55 - 02813904 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll 2016-12-14 16:19 - 2016-12-09 10:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll 2016-12-24 10:18 - 2016-12-24 10:18 - 01678560 _____ () C:\Users\bob\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\amd64\ClientTelemetry.dll 2016-09-15 06:14 - 2016-09-07 04:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2016-12-14 16:19 - 2016-12-09 09:41 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2016-11-09 08:52 - 2016-11-02 10:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-11-09 08:52 - 2016-11-02 10:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-11-09 08:52 - 2016-11-02 10:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2016-11-09 08:52 - 2016-11-02 10:15 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2016-11-09 08:52 - 2016-11-02 10:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-11-09 08:52 - 2016-11-02 10:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-01-06 16:41 - 2016-01-06 16:41 - 00062168 _____ () C:\Program Files\CCleaner\branding.dll 2016-12-17 07:29 - 2016-11-11 20:36 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd 2016-12-17 07:29 - 2016-11-11 20:36 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd 2016-12-17 07:29 - 2016-11-11 20:36 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd 2016-12-17 07:29 - 2016-12-21 18:26 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd 2016-12-17 07:29 - 2016-11-11 20:36 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd 2016-12-22 07:36 - 2016-12-21 18:26 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd 2016-12-17 07:29 - 2016-11-11 20:37 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd 2016-12-22 07:36 - 2016-12-21 18:26 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd 2016-12-22 07:36 - 2016-12-21 18:26 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd 2016-12-22 07:36 - 2016-11-11 20:36 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd 2016-12-22 07:36 - 2016-11-11 20:37 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd 2016-12-22 07:36 - 2016-11-11 20:36 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll 2016-12-17 07:29 - 2016-11-11 20:38 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd 2016-12-17 07:29 - 2016-12-21 18:26 - 00021312 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd 2016-12-22 07:36 - 2016-12-21 18:26 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd 2016-12-22 07:36 - 2016-12-21 18:26 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd 2016-12-22 07:36 - 2016-11-11 20:36 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll 2016-12-22 07:36 - 2016-11-11 20:38 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd 2016-12-17 07:29 - 2016-11-11 20:38 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd 2016-12-17 07:29 - 2016-11-11 20:39 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd 2016-12-17 07:29 - 2016-12-21 18:26 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd 2016-12-17 07:29 - 2016-11-11 20:38 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd 2016-12-17 07:29 - 2016-12-21 18:26 - 00025424 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd 2016-12-17 07:29 - 2016-11-11 20:38 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd 2016-12-17 07:29 - 2016-11-11 20:38 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd 2016-12-17 07:29 - 2016-11-11 20:38 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd 2016-12-17 07:29 - 2016-11-11 20:39 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd 2016-12-17 07:29 - 2016-11-11 20:39 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd 2016-12-17 07:29 - 2016-11-11 20:38 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd 2016-12-17 07:29 - 2016-11-11 20:39 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd 2016-12-22 07:36 - 2016-12-21 18:26 - 00246592 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd 2016-12-22 07:36 - 2016-12-21 18:26 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd 2016-12-17 07:29 - 2016-11-11 20:37 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd 2016-12-22 07:36 - 2016-12-21 18:26 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd 2016-12-17 07:29 - 2016-11-11 20:39 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd 2016-12-17 07:29 - 2016-12-21 18:26 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd 2016-12-17 07:29 - 2016-12-21 18:26 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd 2016-12-17 07:29 - 2016-12-21 18:26 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd 2016-12-17 07:29 - 2016-12-21 18:26 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd 2016-12-17 07:29 - 2016-11-11 20:39 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd 2016-12-17 07:29 - 2016-12-21 18:26 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd 2016-12-22 07:36 - 2016-12-21 18:26 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd 2016-12-22 07:36 - 2016-11-11 20:35 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll 2016-12-22 07:36 - 2016-12-21 18:26 - 00031568 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd 2016-12-22 07:36 - 2016-12-03 08:13 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll 2016-12-22 07:36 - 2016-12-21 18:26 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL 2016-12-22 07:36 - 2016-12-21 18:26 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd 2016-12-17 07:29 - 2016-11-11 20:37 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd 2016-12-22 07:36 - 2016-12-21 18:26 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd 2016-12-22 07:36 - 2016-12-21 18:26 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd 2016-12-22 07:36 - 2016-12-21 18:26 - 01972528 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd 2016-12-22 07:36 - 2016-12-21 18:26 - 00133424 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd 2016-12-22 07:36 - 2016-12-21 18:26 - 00224056 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd 2016-12-22 07:36 - 2016-12-21 18:26 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd 2016-12-17 07:29 - 2016-12-21 18:26 - 00020288 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32._winffi_user32.pyd 2016-12-22 07:36 - 2016-11-11 20:42 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll 2016-12-22 07:36 - 2016-11-11 20:42 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll 2016-12-22 07:36 - 2016-12-21 18:26 - 00042808 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd 2016-12-22 07:36 - 2016-12-21 18:26 - 00171320 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd 2016-12-22 07:36 - 2016-12-21 18:26 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd 2016-12-17 07:29 - 2016-11-11 20:39 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd 2016-12-17 07:29 - 2016-12-21 18:26 - 00037192 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd 2016-12-17 07:29 - 2016-12-21 18:26 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd 2016-12-22 07:36 - 2016-12-21 18:26 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2016-11-07 23:30 - 2016-11-07 23:29 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-962910320-1154512269-2272114608-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\bob\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{f9c428f2-1ec3-494f-979c-64cc56c75388}.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\Run: => "RTHDVCPL" HKU\S-1-5-21-962910320-1154512269-2272114608-1001\...\StartupApproved\StartupFolder: => "irista Uploader.lnk" HKU\S-1-5-21-962910320-1154512269-2272114608-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_6149B5599A0AC9AD69526D827CBAE268" HKU\S-1-5-21-962910320-1154512269-2272114608-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-962910320-1154512269-2272114608-1001\...\StartupApproved\Run: => "Google Photos Backup" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => LPort=139 FirewallRules: [{4369BE74-3F3D-4786-B04B-699E02EA5BAB}] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe ==================== Restore Points ========================= 17-12-2016 08:21:41 Revo Uninstaller Pro's restore point - Google Chrome 17-12-2016 10:05:27 Revo Uninstaller Pro's restore point - Google Chrome 17-12-2016 10:28:43 Revo Uninstaller Pro's restore point - Google Chrome 17-12-2016 11:00:26 Revo Uninstaller Pro's restore point - Google Chrome 17-12-2016 14:39:46 Revo Uninstaller Pro's restore point - Google Chrome 18-12-2016 07:58:13 Revo Uninstaller Pro's restore point - Google Chrome 18-12-2016 08:00:16 Revo Uninstaller Pro's restore point - Mozilla Firefox 50.1.0 (x86 en-GB) 19-12-2016 15:47:17 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 20-12-2016 08:12:06 Revo Uninstaller Pro's restore point - Google Chrome Canary 20-12-2016 15:51:51 Revo Uninstaller Pro's restore point - I:*jpg 23-12-2016 08:17:11 Revo Uninstaller Pro's restore point - Clone Files Checker 23-12-2016 08:40:27 Revo Uninstaller Pro's restore point - lastpass 23-12-2016 11:27:46 Revo Uninstaller Pro's restore point - Duplicate Cleaner Free 3.2.7 24-12-2016 10:13:50 Revo Uninstaller Pro's restore point - I:" ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (12/26/2016 07:42:36 AM) (Source: Software Protection Platform Service) (EventID: 1001) (User: ) Description: The Software Protection service failed to start. 0x80070005 10.0.14393.351 Error: (12/26/2016 07:42:35 AM) (Source: Software Protection Platform Service) (EventID: 1001) (User: ) Description: The Software Protection service failed to start. 0x80070005 10.0.14393.351 Error: (12/26/2016 07:42:04 AM) (Source: Software Protection Platform Service) (EventID: 1001) (User: ) Description: The Software Protection service failed to start. 0x80070005 10.0.14393.351 Error: (12/26/2016 07:42:04 AM) (Source: Software Protection Platform Service) (EventID: 1001) (User: ) Description: The Software Protection service failed to start. 0x80070005 10.0.14393.351 Error: (12/26/2016 07:41:43 AM) (Source: Software Protection Platform Service) (EventID: 1001) (User: ) Description: The Software Protection service failed to start. 0x80070005 10.0.14393.351 Error: (12/26/2016 07:41:43 AM) (Source: Software Protection Platform Service) (EventID: 1001) (User: ) Description: The Software Protection service failed to start. 0x80070005 10.0.14393.351 Error: (12/26/2016 07:41:03 AM) (Source: Software Protection Platform Service) (EventID: 1001) (User: ) Description: The Software Protection service failed to start. 0x80070005 10.0.14393.351 Error: (12/26/2016 07:41:02 AM) (Source: Software Protection Platform Service) (EventID: 1001) (User: ) Description: The Software Protection service failed to start. 0x80070005 10.0.14393.351 Error: (12/26/2016 07:40:42 AM) (Source: Software Protection Platform Service) (EventID: 1001) (User: ) Description: The Software Protection service failed to start. 0x80070005 10.0.14393.351 Error: (12/26/2016 07:40:41 AM) (Source: Software Protection Platform Service) (EventID: 1001) (User: ) Description: The Software Protection service failed to start. 0x80070005 10.0.14393.351 System errors: ============= Error: (12/26/2016 08:05:36 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-NHCG096) Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user DESKTOP-NHCG096\bob SID (S-1-5-21-962910320-1154512269-2272114608-1001) from address LocalHost (Using LRPC) running in the application container LastPass.LastPass_3.0.0.100_neutral__qq0fmhteeht3j SID (S-1-15-2-1641168231-887382460-1035746133-776720615-3034281571-3630535909-3113139955). This security permission can be modified using the Component Services administrative tool. Error: (12/26/2016 07:42:36 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Software Protection service terminated with the following error: Access is denied. Error: (12/26/2016 07:42:35 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Software Protection service terminated with the following error: Access is denied. Error: (12/26/2016 07:42:04 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Software Protection service terminated with the following error: Access is denied. Error: (12/26/2016 07:42:04 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Software Protection service terminated with the following error: Access is denied. Error: (12/26/2016 07:41:43 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Software Protection service terminated with the following error: Access is denied. Error: (12/26/2016 07:41:43 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Software Protection service terminated with the following error: Access is denied. Error: (12/26/2016 07:41:03 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Software Protection service terminated with the following error: Access is denied. Error: (12/26/2016 07:41:02 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Software Protection service terminated with the following error: Access is denied. Error: (12/26/2016 07:40:42 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Software Protection service terminated with the following error: Access is denied. CodeIntegrity: =================================== Date: 2016-12-26 07:38:35.936 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\eelam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-12-26 07:38:35.932 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\eelam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-12-26 07:38:35.927 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eelam\eelam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-12-26 07:38:35.921 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eelam\eelam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-12-26 07:35:17.061 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\eelam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-12-26 07:35:17.056 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\eelam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-12-26 07:35:17.052 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eelam\eelam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-12-26 07:35:17.003 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eelam\eelam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-12-26 07:21:36.368 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system. Date: 2016-12-26 07:21:36.332 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: AMD FX™-6300 Six-Core Processor Percentage of memory in use: 31% Total physical RAM: 8172.61 MB Available physical RAM: 5583.74 MB Total Virtual: 16364.61 MB Available Virtual: 13725.24 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:223.03 GB) (Free:127.88 GB) NTFS Drive e: (everything) (Fixed) (Total:930.51 GB) (Free:917.04 GB) NTFS Drive f: (BOOT) (Fixed) (Total:119.35 GB) (Free:51.03 GB) NTFS Drive g: (D:) (Fixed) (Total:113.53 GB) (Free:93.12 GB) NTFS Drive h: (SAMSUNG) (Fixed) (Total:1863.01 GB) (Free:1210.58 GB) NTFS Drive i: (black hdd) (Fixed) (Total:931.51 GB) (Free:2.46 GB) NTFS Drive j: (Tetra HDD) (Fixed) (Total:931.51 GB) (Free:266.32 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 9CAD2239) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=223 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=450 MB) - (Type=27) ======================================================== Disk: 1 (Size: 232.9 GB) (Disk ID: 85EE85EE) Partition 1: (Active) - (Size=119.3 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=113.5 GB) - (Type=OF Extended) ======================================================== Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 0E0722E0) Partition 1: (Not Active) - (Size=930.5 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=1 GB) - (Type=12) ======================================================== Disk: 3 (Size: 931.5 GB) (Disk ID: 0717E05F) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ======================================================== Disk: 4 (Size: 1863 GB) (Disk ID: 72483040) Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS) ======================================================== Disk: 5 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 7876AC00) Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=1029 KB) - (Type=0E) ==================== End of Addition.txt ============================

Reports from Bob: There is no sign of Scanguard in the reports...... Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-12-2016 Ran by bob (administrator) on DESKTOP-NHCG096 (26-12-2016 08:07:19) Running from C:\Users\bob\Downloads Loaded Profiles: bob (Available Profiles: bob) Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Edge) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (LastPass) C:\Program Files\WindowsApps\LastPass.LastPass_3.0.0.100_neutral__qq0fmhteeht3j\lpwinmetro.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe (Microsoft Corporation) C:\Windows\System32\browser_broker.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Farbar) C:\Users\bob\Downloads\FRST64 (1).exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8497368 2015-07-07] (Realtek Semiconductor) HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES/MALWAREBYTES/ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes) HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-07] (Microsoft Corporation) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25779624 2016-12-21] (Dropbox, Inc.) HKU\S-1-5-21-962910320-1154512269-2272114608-1001\...\Run: [Google Update] => C:\Users\bob\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-17] (Google Inc.) HKU\S-1-5-21-962910320-1154512269-2272114608-1001\...\Run: [Google Photos Backup] => C:\Users\bob\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3790936 2016-04-08] (Google, Inc) HKU\S-1-5-21-962910320-1154512269-2272114608-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd) HKU\S-1-5-21-962910320-1154512269-2272114608-1001\...\Run: [blueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe [1690248 2016-12-01] (BlueStack Systems, Inc.) HKU\S-1-5-21-962910320-1154512269-2272114608-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110376 2016-12-17] (Siber Systems) HKU\S-1-5-21-962910320-1154512269-2272114608-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> none ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{ef66ac54-98f2-4bfb-9442-39b7ee27cdcf}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-12-17] (Siber Systems Inc.) BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2016-12-17] (Siber Systems Inc.) Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-12-17] (Siber Systems Inc.) Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2016-12-17] (Siber Systems Inc.) Toolbar: HKU\S-1-5-21-962910320-1154512269-2272114608-1001 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-12-17] (Siber Systems Inc.) Edge: ====== Edge Extension: (AdBlock) -> EdgeExtension_BetaFishAdBlock_c1wakc4j0nefm => C:\Program Files\WindowsApps\BetaFish.AdBlock_1.8.1.0_neutral__c1wakc4j0nefm [2016-12-16] Edge Extension: (No Name) -> EdgeExtension_SiberSystemsIncRoboFormEdge_7kk3kr9e0p1np => C:\Program Files\WindowsApps\SiberSystemsInc.RoboFormEdge_1.1.2.0_neutral__7kk3kr9e0p1np [2016-12-23] Edge Extension: (__MSG_appName__) -> xxx_AmazoncomAmazonAssistant_343d40qqvtj1t => C:\Program Files\WindowsApps\Amazon.com.AmazonAssistant_10.1608.26.0_neutral__343d40qqvtj1t [2016-12-01] FireFox: ======== FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin HKU\S-1-5-21-962910320-1154512269-2272114608-1001: @tools.google.com/Google Update;version=3 -> C:\Users\bob\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin HKU\S-1-5-21-962910320-1154512269-2272114608-1001: @tools.google.com/Google Update;version=9 -> C:\Users\bob\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [486936 2016-12-01] (BlueStack Systems, Inc.) R2 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [470552 2016-12-01] (BlueStack Systems, Inc.) S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [511512 2016-12-01] (BlueStack Systems, Inc.) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-12-17] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-12-17] (Dropbox, Inc.) R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [42096 2016-12-21] (Dropbox, Inc.) R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2815520 2016-10-11] (ESET) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 BstHdDrv; C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [152672 2016-12-01] (BlueStack Systems) S3 BstkDrv; C:\Program Files (x86)\Bluestacks\BstkDrv.sys [270904 2016-11-08] (Bluestack System Inc. ) S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-01-21] (Disc Soft Ltd) S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-01-21] (Disc Soft Ltd) R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [232072 2016-10-07] (ESET) S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15488 2016-07-20] (ESET) R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [177792 2016-10-07] (ESET) R1 epfwwfpr; C:\WINDOWS\system32\DRIVERS\epfwwfpr.sys [67712 2016-10-07] (ESET) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2016-12-14] () R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176064 2016-12-20] (Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [102856 2016-12-26] (Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2016-12-26] (Malwarebytes) R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [250816 2016-12-26] (Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2016-12-26] (Malwarebytes) S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek ) S3 VUSBSTOR; C:\WINDOWS\System32\Drivers\vusbstor.sys [86064 2013-01-18] (VIA Technologies, Inc.) S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) S3 dbx; system32\DRIVERS\dbx.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-12-26 08:06 - 2016-12-26 08:06 - 02420736 _____ (Farbar) C:\Users\bob\Downloads\FRST64 (1).exe 2016-12-26 07:38 - 2016-12-26 07:38 - 550149394 _____ C:\WINDOWS\MEMORY.DMP 2016-12-26 07:38 - 2016-12-26 07:38 - 00460932 _____ C:\WINDOWS\Minidump\122616-13109-01.dmp 2016-12-24 10:18 - 2016-12-24 10:18 - 00003286 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2 2016-12-24 07:45 - 2016-12-24 07:46 - 00006334 _____ C:\Users\bob\Documents\cc_20161224_074458.reg 2016-12-23 11:16 - 2016-12-23 11:16 - 05429944 _____ (DigitalVolcano Software Ltd) C:\Users\bob\Downloads\DuplicateCleaner_setup.exe 2016-12-23 09:02 - 2016-12-23 09:02 - 00044987 _____ C:\Users\bob\Downloads\invoice_BV25998438.pdf 2016-12-23 07:36 - 2016-12-23 07:36 - 00000000 _____ C:\Users\bob\AppData\Local\{6C01E54C-D4FD-4618-8A1D-95F984F1E487} 2016-12-23 07:34 - 2016-12-23 07:34 - 00000000 _____ C:\Users\bob\AppData\Local\{38942BC9-8EF4-4DA6-9EF9-2EA2EAB966F0} 2016-12-22 10:29 - 2016-12-22 10:29 - 02955720 _____ (SORCIM Technologies ) C:\Users\bob\Downloads\cfc_setup (1).exe 2016-12-22 07:54 - 2016-12-22 07:54 - 00000000 ____D C:\Users\bob\AppData\Local\Sorcim_Technologies 2016-12-22 07:50 - 2016-12-22 07:50 - 02955720 _____ (SORCIM Technologies ) C:\Users\bob\Downloads\cfc_setup.exe 2016-12-22 07:36 - 2016-12-22 07:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2016-12-21 18:15 - 2016-12-21 18:15 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys 2016-12-21 18:15 - 2016-12-21 18:15 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys 2016-12-21 18:15 - 2016-12-21 18:15 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys 2016-12-21 16:24 - 2016-12-21 20:34 - 00000000 ____D C:\Users\bob\Downloads\searchmyfiles-x64 2016-12-21 16:23 - 2016-12-21 16:23 - 00138773 _____ C:\Users\bob\Downloads\searchmyfiles-x64.zip 2016-12-20 13:26 - 2016-12-26 07:38 - 00250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-12-20 13:26 - 2016-12-26 07:38 - 00102856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2016-12-20 13:26 - 2016-12-26 07:38 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2016-12-20 13:26 - 2016-12-26 07:38 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2016-12-20 13:26 - 2016-12-20 13:26 - 00176064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys 2016-12-20 13:25 - 2016-12-20 13:25 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-12-20 13:25 - 2016-12-20 13:25 - 00000000 ____D C:\Program Files\Malwarebytes 2016-12-20 13:25 - 2016-12-14 12:55 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys 2016-12-20 13:24 - 2016-12-20 13:24 - 54199488 _____ (Malwarebytes ) C:\Users\bob\Downloads\mb3-setup-consumer-3.0.5.1299.exe 2016-12-20 08:03 - 2016-12-20 08:03 - 01065376 _____ (Google Inc.) C:\Users\bob\Downloads\ChromeSetup (2).exe 2016-12-19 18:12 - 2016-12-19 18:12 - 00000000 ____D C:\Users\bob\AppData\Local\ESET 2016-12-19 15:59 - 2016-12-19 15:59 - 00000000 ____D C:\quardata 2016-12-19 15:47 - 2016-12-19 15:47 - 00000000 ____D C:\ProgramData\Package Cache 2016-12-19 15:21 - 2016-12-19 15:21 - 00014840 _____ C:\Users\bob\Documents\cc_20161219_152113.reg 2016-12-17 15:16 - 2016-12-17 15:22 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2016-12-17 15:16 - 2016-12-17 15:22 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2016-12-17 15:14 - 2016-12-17 15:15 - 52143696 _____ (Google Inc.) C:\Users\bob\Downloads\_Getintopc.com_ChromeStandaloneSetup64.exe 2016-12-17 13:17 - 2016-12-17 13:17 - 00243424 _____ C:\Users\bob\Downloads\Firefox Setup Stub 50.1.0.exe 2016-12-17 11:06 - 2016-12-17 11:06 - 01065376 _____ (Google Inc.) C:\Users\bob\Downloads\ChromeSetup (1).exe 2016-12-17 10:24 - 2016-12-17 10:24 - 31990184 _____ (Google Inc.) C:\Users\bob\Downloads\22.0.1229.0_22.0.1229.0_chrome_installer (1).exe 2016-12-17 10:22 - 2016-12-17 10:22 - 31990184 _____ (Google Inc.) C:\Users\bob\Downloads\22.0.1229.0_22.0.1229.0_chrome_installer.exe 2016-12-17 09:13 - 2016-12-17 09:13 - 01065376 _____ (Google Inc.) C:\Users\bob\Downloads\ChromeSetup.exe 2016-12-17 07:49 - 2016-12-17 07:50 - 00486640 _____ (Google Inc.) C:\Users\bob\Downloads\google-chrome-0-3-154-9-beta-ChromeSetup.exe 2016-12-17 07:45 - 2016-12-26 07:39 - 00000000 ___RD C:\Users\bob\Dropbox 2016-12-17 07:45 - 2016-12-19 15:11 - 00001299 _____ C:\Users\bob\Desktop\Dropbox.lnk 2016-12-17 07:29 - 2016-12-22 07:36 - 00000000 ____D C:\Program Files (x86)\Dropbox 2016-12-17 07:29 - 2016-12-17 08:08 - 00000934 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job 2016-12-17 07:29 - 2016-12-17 08:08 - 00000930 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job 2016-12-17 07:29 - 2016-12-17 07:45 - 00000000 ____D C:\Users\bob\AppData\Local\Dropbox 2016-12-17 07:29 - 2016-12-17 07:34 - 00003994 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA 2016-12-17 07:29 - 2016-12-17 07:34 - 00003762 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore 2016-12-17 07:29 - 2016-12-17 07:29 - 00688536 _____ (Dropbox, Inc.) C:\Users\bob\Downloads\DropboxInstaller.exe 2016-12-17 07:29 - 2016-12-17 07:29 - 00000000 ____D C:\Users\bob\AppData\Roaming\Dropbox 2016-12-17 07:29 - 2016-12-17 07:29 - 00000000 ____D C:\ProgramData\Dropbox 2016-12-16 10:30 - 2016-12-16 10:30 - 01157656 _____ (Oracle Corporation) C:\Users\bob\Downloads\JavaUninstallTool (1).exe 2016-12-16 10:29 - 2016-12-16 10:29 - 01157656 _____ (Oracle Corporation) C:\Users\bob\Downloads\JavaUninstallTool.exe 2016-12-16 09:57 - 2016-12-16 09:57 - 00000486 _____ C:\Users\bob\Documents\cc_20161216_095726.reg 2016-12-15 11:42 - 2016-12-15 11:42 - 00163372 _____ C:\Users\bob\Documents\cc_20161215_114208.reg 2016-12-15 10:49 - 2016-12-15 10:49 - 06614880 _____ (Piriform Ltd) C:\Users\bob\Downloads\ccsetup525_pro.exe 2016-12-14 16:19 - 2016-12-09 10:42 - 01637728 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2016-12-14 16:19 - 2016-12-09 10:42 - 00137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2016-12-14 16:19 - 2016-12-09 10:34 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2016-12-14 16:19 - 2016-12-09 10:34 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2016-12-14 16:19 - 2016-12-09 10:33 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2016-12-14 16:19 - 2016-12-09 10:33 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2016-12-14 16:19 - 2016-12-09 10:32 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2016-12-14 16:19 - 2016-12-09 10:30 - 00377184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys 2016-12-14 16:19 - 2016-12-09 10:29 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll 2016-12-14 16:19 - 2016-12-09 10:28 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll 2016-12-14 16:19 - 2016-12-09 10:27 - 00172528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll 2016-12-14 16:19 - 2016-12-09 10:20 - 02677544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll 2016-12-14 16:19 - 2016-12-09 10:20 - 02189664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2016-12-14 16:19 - 2016-12-09 10:20 - 01738560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2016-12-14 16:19 - 2016-12-09 10:20 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2016-12-14 16:19 - 2016-12-09 10:20 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2016-12-14 16:19 - 2016-12-09 10:19 - 01293152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll 2016-12-14 16:19 - 2016-12-09 10:19 - 00168424 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll 2016-12-14 16:19 - 2016-12-09 10:18 - 02913144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll 2016-12-14 16:19 - 2016-12-09 10:18 - 01267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll 2016-12-14 16:19 - 2016-12-09 10:18 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2016-12-14 16:19 - 2016-12-09 10:18 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2016-12-14 16:19 - 2016-12-09 10:18 - 00947552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi 2016-12-14 16:19 - 2016-12-09 10:18 - 00811872 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe 2016-12-14 16:19 - 2016-12-09 10:18 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2016-12-14 16:19 - 2016-12-09 10:15 - 08168000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2016-12-14 16:19 - 2016-12-09 10:15 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll 2016-12-14 16:19 - 2016-12-09 10:14 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll 2016-12-14 16:19 - 2016-12-09 10:14 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll 2016-12-14 16:19 - 2016-12-09 10:11 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll 2016-12-14 16:19 - 2016-12-09 10:10 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll 2016-12-14 16:19 - 2016-12-09 10:10 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2016-12-14 16:19 - 2016-12-09 10:09 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe 2016-12-14 16:19 - 2016-12-09 10:01 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll 2016-12-14 16:19 - 2016-12-09 10:01 - 01503544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2016-12-14 16:19 - 2016-12-09 10:01 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll 2016-12-14 16:19 - 2016-12-09 10:00 - 00106896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll 2016-12-14 16:19 - 2016-12-09 09:59 - 02166752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll 2016-12-14 16:19 - 2016-12-09 09:59 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll 2016-12-14 16:19 - 2016-12-09 09:57 - 06668040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2016-12-14 16:19 - 2016-12-09 09:57 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll 2016-12-14 16:19 - 2016-12-09 09:56 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll 2016-12-14 16:19 - 2016-12-09 09:52 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll 2016-12-14 16:19 - 2016-12-09 09:52 - 01415752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll 2016-12-14 16:19 - 2016-12-09 09:51 - 00117240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll 2016-12-14 16:19 - 2016-12-09 09:47 - 22563328 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2016-12-14 16:19 - 2016-12-09 09:45 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2016-12-14 16:19 - 2016-12-09 09:45 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll 2016-12-14 16:19 - 2016-12-09 09:42 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll 2016-12-14 16:19 - 2016-12-09 09:41 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll 2016-12-14 16:19 - 2016-12-09 09:41 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll 2016-12-14 16:19 - 2016-12-09 09:40 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys 2016-12-14 16:19 - 2016-12-09 09:38 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll 2016-12-14 16:19 - 2016-12-09 09:37 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll 2016-12-14 16:19 - 2016-12-09 09:37 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll 2016-12-14 16:19 - 2016-12-09 09:37 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll 2016-12-14 16:19 - 2016-12-09 09:36 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll 2016-12-14 16:19 - 2016-12-09 09:36 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll 2016-12-14 16:19 - 2016-12-09 09:36 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll 2016-12-14 16:19 - 2016-12-09 09:36 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll 2016-12-14 16:19 - 2016-12-09 09:36 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll 2016-12-14 16:19 - 2016-12-09 09:34 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll 2016-12-14 16:19 - 2016-12-09 09:34 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll 2016-12-14 16:19 - 2016-12-09 09:33 - 03777536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll 2016-12-14 16:19 - 2016-12-09 09:33 - 01589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll 2016-12-14 16:19 - 2016-12-09 09:32 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll 2016-12-14 16:19 - 2016-12-09 09:31 - 03689984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll 2016-12-14 16:19 - 2016-12-09 09:31 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll 2016-12-14 16:19 - 2016-12-09 09:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll 2016-12-14 16:19 - 2016-12-09 09:30 - 23677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2016-12-14 16:19 - 2016-12-09 09:30 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2016-12-14 16:19 - 2016-12-09 09:30 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll 2016-12-14 16:19 - 2016-12-09 09:29 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll 2016-12-14 16:19 - 2016-12-09 09:28 - 03306496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2016-12-14 16:19 - 2016-12-09 09:28 - 01004544 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll 2016-12-14 16:19 - 2016-12-09 09:27 - 19417088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2016-12-14 16:19 - 2016-12-09 09:27 - 13084160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2016-12-14 16:19 - 2016-12-09 09:27 - 05114368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll 2016-12-14 16:19 - 2016-12-09 09:27 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll 2016-12-14 16:19 - 2016-12-09 09:26 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2016-12-14 16:19 - 2016-12-09 09:26 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2016-12-14 16:19 - 2016-12-09 09:25 - 00376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll 2016-12-14 16:19 - 2016-12-09 09:24 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2016-12-14 16:19 - 2016-12-09 09:23 - 12177920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2016-12-14 16:19 - 2016-12-09 09:22 - 02820096 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll 2016-12-14 16:19 - 2016-12-09 09:22 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll 2016-12-14 16:19 - 2016-12-09 09:22 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2016-12-14 16:19 - 2016-12-09 09:21 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2016-12-14 16:19 - 2016-12-09 09:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2016-12-14 16:19 - 2016-12-09 09:21 - 01512960 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2016-12-14 16:19 - 2016-12-09 09:21 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll 2016-12-14 16:19 - 2016-12-09 09:20 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2016-12-14 16:19 - 2016-12-09 09:20 - 03198464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll 2016-12-14 16:19 - 2016-12-09 09:20 - 00730624 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll 2016-12-14 16:19 - 2016-12-09 09:20 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll 2016-12-14 16:19 - 2016-12-09 09:20 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe 2016-12-14 16:19 - 2016-12-09 09:19 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll 2016-12-14 16:19 - 2016-12-09 09:19 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll 2016-12-14 16:19 - 2016-12-09 09:19 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll 2016-12-14 16:19 - 2016-12-09 09:19 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll 2016-12-14 16:19 - 2016-12-09 09:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll 2016-12-14 16:19 - 2016-12-09 09:18 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2016-12-14 16:19 - 2016-12-09 09:18 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll 2016-12-14 16:19 - 2016-12-09 09:18 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll 2016-12-14 16:19 - 2016-12-09 09:17 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll 2016-12-14 16:19 - 2016-12-09 09:17 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll 2016-12-14 16:19 - 2016-12-09 09:16 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2016-12-14 16:19 - 2016-12-09 09:16 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll 2016-12-14 16:19 - 2016-12-09 09:16 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll 2016-12-14 16:19 - 2016-12-09 09:15 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll 2016-12-14 16:19 - 2016-12-09 09:15 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll 2016-12-14 16:19 - 2016-12-09 09:15 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll 2016-12-14 16:19 - 2016-12-09 08:54 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll 2016-12-14 16:19 - 2016-11-02 10:28 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll 2016-12-14 16:19 - 2016-11-02 10:25 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2016-12-14 16:19 - 2016-09-15 16:36 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll 2016-12-13 15:04 - 2016-12-13 15:04 - 00001785 _____ C:\Users\bob\Downloads\QA9781407070810 (2).acsm 2016-12-13 15:02 - 2016-12-13 15:02 - 00001785 _____ C:\Users\bob\Downloads\QA9781407070810 (1).acsm 2016-12-13 07:39 - 2016-12-13 07:39 - 00001785 _____ C:\Users\bob\Downloads\QA9781407070810.acsm 2016-12-10 07:57 - 2016-11-11 10:22 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2016-12-10 07:57 - 2016-11-11 10:15 - 00198856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll 2016-12-10 07:57 - 2016-11-11 10:15 - 00101216 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceReactivation.dll 2016-12-10 07:57 - 2016-11-11 10:14 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll 2016-12-10 07:57 - 2016-11-11 10:14 - 02186896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll 2016-12-10 07:57 - 2016-11-11 10:14 - 00603488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll 2016-12-10 07:57 - 2016-11-11 10:13 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2016-12-10 07:57 - 2016-11-11 10:13 - 01886344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2016-12-10 07:57 - 2016-11-11 10:13 - 00352096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys 2016-12-10 07:57 - 2016-11-11 10:12 - 00128352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys 2016-12-10 07:57 - 2016-11-11 10:08 - 00142176 _____ (Microsoft Corporation) C:\WINDOWS\system32\migisol.dll 2016-12-10 07:57 - 2016-11-11 10:03 - 01069720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll 2016-12-10 07:57 - 2016-11-11 10:03 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll 2016-12-10 07:57 - 2016-11-11 10:03 - 00266544 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll 2016-12-10 07:57 - 2016-11-11 10:02 - 02828376 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll 2016-12-10 07:57 - 2016-11-11 10:02 - 00360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe 2016-12-10 07:57 - 2016-11-11 10:01 - 07219672 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2016-12-10 07:57 - 2016-11-11 10:01 - 01859264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll 2016-12-10 07:57 - 2016-11-11 10:01 - 00637400 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll 2016-12-10 07:57 - 2016-11-11 10:00 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys 2016-12-10 07:57 - 2016-11-11 10:00 - 00223584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys 2016-12-10 07:57 - 2016-11-11 10:00 - 00219488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys 2016-12-10 07:57 - 2016-11-11 09:59 - 00433504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys 2016-12-10 07:57 - 2016-11-11 09:57 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2016-12-10 07:57 - 2016-11-11 09:57 - 04130432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2016-12-10 07:57 - 2016-11-11 09:57 - 01473048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll 2016-12-10 07:57 - 2016-11-11 09:56 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2016-12-10 07:57 - 2016-11-11 09:56 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll 2016-12-10 07:57 - 2016-11-11 09:56 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll 2016-12-10 07:57 - 2016-11-11 09:56 - 00424616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll 2016-12-10 07:57 - 2016-11-11 09:56 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll 2016-12-10 07:57 - 2016-11-11 09:56 - 00187520 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudStorageWizard.exe 2016-12-10 07:57 - 2016-11-11 09:56 - 00163752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll 2016-12-10 07:57 - 2016-11-11 09:56 - 00126568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfaudiocnv.dll 2016-12-10 07:57 - 2016-11-11 09:55 - 01600624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2016-12-10 07:57 - 2016-11-11 09:55 - 00882680 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll 2016-12-10 07:57 - 2016-11-11 09:55 - 00743224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll 2016-12-10 07:57 - 2016-11-11 09:54 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2016-12-10 07:57 - 2016-11-11 09:51 - 00454592 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe 2016-12-10 07:57 - 2016-11-11 09:31 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll 2016-12-10 07:57 - 2016-11-11 09:29 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll 2016-12-10 07:57 - 2016-11-11 09:28 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe 2016-12-10 07:57 - 2016-11-11 09:27 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpremove.exe 2016-12-10 07:57 - 2016-11-11 09:26 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys 2016-12-10 07:57 - 2016-11-11 09:26 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll 2016-12-10 07:57 - 2016-11-11 09:26 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReportingCSP.dll 2016-12-10 07:57 - 2016-11-11 09:26 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\modem.sys 2016-12-10 07:57 - 2016-11-11 09:26 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgentc.exe 2016-12-10 07:57 - 2016-11-11 09:25 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll 2016-12-10 07:57 - 2016-11-11 09:25 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll 2016-12-10 07:57 - 2016-11-11 09:25 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe 2016-12-10 07:57 - 2016-11-11 09:25 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll 2016-12-10 07:57 - 2016-11-11 09:25 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll 2016-12-10 07:57 - 2016-11-11 09:24 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll 2016-12-10 07:57 - 2016-11-11 09:24 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll 2016-12-10 07:57 - 2016-11-11 09:24 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll 2016-12-10 07:57 - 2016-11-11 09:24 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll 2016-12-10 07:57 - 2016-11-11 09:24 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll 2016-12-10 07:57 - 2016-11-11 09:24 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll 2016-12-10 07:57 - 2016-11-11 09:24 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll 2016-12-10 07:57 - 2016-11-11 09:23 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll 2016-12-10 07:57 - 2016-11-11 09:23 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll 2016-12-10 07:57 - 2016-11-11 09:23 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll 2016-12-10 07:57 - 2016-11-11 09:23 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\EAMProgressHandler.dll 2016-12-10 07:57 - 2016-11-11 09:22 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe 2016-12-10 07:57 - 2016-11-11 09:22 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\EDPCleanup.exe 2016-12-10 07:57 - 2016-11-11 09:21 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll 2016-12-10 07:57 - 2016-11-11 09:21 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll 2016-12-10 07:57 - 2016-11-11 09:21 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll 2016-12-10 07:57 - 2016-11-11 09:21 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll 2016-12-10 07:57 - 2016-11-11 09:20 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll 2016-12-10 07:57 - 2016-11-11 09:20 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll 2016-12-10 07:57 - 2016-11-11 09:20 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll 2016-12-10 07:57 - 2016-11-11 09:20 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll 2016-12-10 07:57 - 2016-11-11 09:20 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll 2016-12-10 07:57 - 2016-11-11 09:20 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll 2016-12-10 07:57 - 2016-11-11 09:20 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe 2016-12-10 07:57 - 2016-11-11 09:20 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll 2016-12-10 07:57 - 2016-11-11 09:20 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll 2016-12-10 07:57 - 2016-11-11 09:19 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2016-12-10 07:57 - 2016-11-11 09:19 - 00620544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe 2016-12-10 07:57 - 2016-11-11 09:19 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll 2016-12-10 07:57 - 2016-11-11 09:19 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll 2016-12-10 07:57 - 2016-11-11 09:19 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll 2016-12-10 07:57 - 2016-11-11 09:19 - 00388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll 2016-12-10 07:57 - 2016-11-11 09:19 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll 2016-12-10 07:57 - 2016-11-11 09:19 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2016-12-10 07:57 - 2016-11-11 09:19 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll 2016-12-10 07:57 - 2016-11-11 09:19 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll 2016-12-10 07:57 - 2016-11-11 09:18 - 17188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2016-12-10 07:57 - 2016-11-11 09:18 - 02084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll 2016-12-10 07:57 - 2016-11-11 09:18 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll 2016-12-10 07:57 - 2016-11-11 09:17 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl 2016-12-10 07:57 - 2016-11-11 09:17 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll 2016-12-10 07:57 - 2016-11-11 09:17 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvSysprep.dll 2016-12-10 07:57 - 2016-11-11 09:16 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll 2016-12-10 07:57 - 2016-11-11 09:16 - 01477632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll 2016-12-10 07:57 - 2016-11-11 09:16 - 00560128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll 2016-12-10 07:57 - 2016-11-11 09:16 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll 2016-12-10 07:57 - 2016-11-11 09:16 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll 2016-12-10 07:57 - 2016-11-11 09:16 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll 2016-12-10 07:57 - 2016-11-11 09:15 - 00282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys 2016-12-10 07:57 - 2016-11-11 09:15 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscinterop.dll 2016-12-10 07:57 - 2016-11-11 09:15 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe 2016-12-10 07:57 - 2016-11-11 09:14 - 07654400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll 2016-12-10 07:57 - 2016-11-11 09:14 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll 2016-12-10 07:57 - 2016-11-11 09:14 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys 2016-12-10 07:57 - 2016-11-11 09:14 - 00615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll 2016-12-10 07:57 - 2016-11-11 09:14 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppnp.dll 2016-12-10 07:57 - 2016-11-11 09:13 - 00396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll 2016-12-10 07:57 - 2016-11-11 09:13 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcuiu.dll 2016-12-10 07:57 - 2016-11-11 09:12 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcprx.dll 2016-12-10 07:57 - 2016-11-11 09:11 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2016-12-10 07:57 - 2016-11-11 09:11 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll 2016-12-10 07:57 - 2016-11-11 09:11 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2016-12-10 07:57 - 2016-11-11 09:09 - 01366016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll 2016-12-10 07:57 - 2016-11-11 09:09 - 00164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll 2016-12-10 07:57 - 2016-11-11 09:08 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll 2016-12-10 07:57 - 2016-11-11 09:07 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll 2016-12-10 07:57 - 2016-11-11 09:07 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll 2016-12-10 07:57 - 2016-11-11 09:07 - 01691136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe 2016-12-10 07:57 - 2016-11-11 09:07 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll 2016-12-10 07:57 - 2016-11-11 09:07 - 00779776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscui.dll 2016-12-10 07:57 - 2016-11-11 09:07 - 00347648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll 2016-12-10 07:57 - 2016-11-11 09:06 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll 2016-12-10 07:57 - 2016-11-11 09:06 - 00960000 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll 2016-12-10 07:57 - 2016-11-11 09:06 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll 2016-12-10 07:57 - 2016-11-11 09:05 - 04136448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll 2016-12-10 07:57 - 2016-11-11 09:05 - 02852864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll 2016-12-10 07:57 - 2016-11-11 09:05 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2016-12-10 07:57 - 2016-11-11 09:05 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe 2016-12-10 07:57 - 2016-11-11 09:04 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe 2016-12-10 07:57 - 2016-11-11 09:04 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll 2016-12-10 07:57 - 2016-11-11 09:04 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll 2016-12-10 07:57 - 2016-11-11 09:04 - 02317312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2016-12-10 07:57 - 2016-11-11 09:04 - 01709056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll 2016-12-10 07:57 - 2016-11-11 09:04 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll 2016-12-10 07:57 - 2016-11-11 09:04 - 01232384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll 2016-12-10 07:57 - 2016-11-11 09:04 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll 2016-12-10 07:57 - 2016-11-11 09:04 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll 2016-12-10 07:57 - 2016-11-11 09:04 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll 2016-12-10 07:57 - 2016-11-11 09:04 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll 2016-12-10 07:57 - 2016-11-11 09:03 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll 2016-12-10 07:57 - 2016-11-11 09:03 - 02669056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2016-12-10 07:57 - 2016-11-11 09:03 - 02287616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2016-12-10 07:57 - 2016-11-11 09:03 - 00905216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll 2016-12-10 07:57 - 2016-11-11 09:03 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll 2016-12-10 07:57 - 2016-11-11 09:03 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll 2016-12-10 07:57 - 2016-11-11 09:03 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2016-12-10 07:57 - 2016-11-11 09:03 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll 2016-12-10 07:57 - 2016-11-11 09:02 - 03542016 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll 2016-12-10 07:57 - 2016-11-11 09:02 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll 2016-12-10 07:57 - 2016-11-11 09:02 - 00936448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll 2016-12-10 07:57 - 2016-11-11 08:39 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2016-12-10 07:57 - 2016-11-11 08:00 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2016-12-10 07:57 - 2016-11-11 07:59 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2016-12-10 07:57 - 2016-11-11 07:54 - 00122208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\migisol.dll 2016-12-10 07:57 - 2016-11-11 07:49 - 00869848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll 2016-12-10 07:57 - 2016-11-11 07:49 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll 2016-12-10 07:57 - 2016-11-11 07:49 - 00248480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll 2016-12-10 07:57 - 2016-11-11 07:48 - 02277248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll 2016-12-10 07:57 - 2016-11-11 07:47 - 05722832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2016-12-10 07:57 - 2016-11-11 07:47 - 01430720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll 2016-12-10 07:57 - 2016-11-11 07:47 - 00527880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll 2016-12-10 07:57 - 2016-11-11 07:42 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 2016-12-10 07:57 - 2016-11-11 07:42 - 01123912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll 2016-12-10 07:57 - 2016-11-11 07:42 - 00952416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll 2016-12-10 07:57 - 2016-11-11 07:42 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll 2016-12-10 07:57 - 2016-11-11 07:42 - 00374448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll 2016-12-10 07:57 - 2016-11-11 07:42 - 00152416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTWorkQ.dll 2016-12-10 07:57 - 2016-11-11 07:42 - 00091936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfaudiocnv.dll 2016-12-10 07:57 - 2016-11-11 07:41 - 04311736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2016-12-10 07:57 - 2016-11-11 07:41 - 00157536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudStorageWizard.exe 2016-12-10 07:57 - 2016-11-11 07:38 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll 2016-12-10 07:57 - 2016-11-11 07:28 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll 2016-12-10 07:57 - 2016-11-11 07:27 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe 2016-12-10 07:57 - 2016-11-11 07:25 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll 2016-12-10 07:57 - 2016-11-11 07:25 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll 2016-12-10 07:57 - 2016-11-11 07:24 - 00519168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll 2016-12-10 07:57 - 2016-11-11 07:24 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll 2016-12-10 07:57 - 2016-11-11 07:24 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll 2016-12-10 07:57 - 2016-11-11 07:24 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll 2016-12-10 07:57 - 2016-11-11 07:23 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll 2016-12-10 07:57 - 2016-11-11 07:23 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll 2016-12-10 07:57 - 2016-11-11 07:22 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe 2016-12-10 07:57 - 2016-11-11 07:22 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll 2016-12-10 07:57 - 2016-11-11 07:21 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll 2016-12-10 07:57 - 2016-11-11 07:21 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe 2016-12-10 07:57 - 2016-11-11 07:21 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll 2016-12-10 07:57 - 2016-11-11 07:20 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll 2016-12-10 07:57 - 2016-11-11 07:20 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll 2016-12-10 07:57 - 2016-11-11 07:20 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe 2016-12-10 07:57 - 2016-11-11 07:19 - 13868544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2016-12-10 07:57 - 2016-11-11 07:19 - 01755136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll 2016-12-10 07:57 - 2016-11-11 07:19 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll 2016-12-10 07:57 - 2016-11-11 07:19 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll 2016-12-10 07:57 - 2016-11-11 07:19 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll 2016-12-10 07:57 - 2016-11-11 07:19 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll 2016-12-10 07:57 - 2016-11-11 07:18 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll 2016-12-10 07:57 - 2016-11-11 07:18 - 01336320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll 2016-12-10 07:57 - 2016-11-11 07:18 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll 2016-12-10 07:57 - 2016-11-11 07:18 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll 2016-12-10 07:57 - 2016-11-11 07:17 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll 2016-12-10 07:57 - 2016-11-11 07:17 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe 2016-12-10 07:57 - 2016-11-11 07:15 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2016-12-10 07:57 - 2016-11-11 07:15 - 01357824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll 2016-12-10 07:57 - 2016-11-11 07:15 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll 2016-12-10 07:57 - 2016-11-11 07:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll 2016-12-10 07:57 - 2016-11-11 07:15 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll 2016-12-10 07:57 - 2016-11-11 07:14 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll 2016-12-10 07:57 - 2016-11-11 07:13 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll 2016-12-10 07:57 - 2016-11-11 07:12 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcuiu.dll 2016-12-10 07:57 - 2016-11-11 07:10 - 06109184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll 2016-12-10 07:57 - 2016-11-11 07:10 - 00746496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcprx.dll 2016-12-10 07:57 - 2016-11-11 07:09 - 05380608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll 2016-12-10 07:57 - 2016-11-11 07:09 - 00545280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll 2016-12-10 07:57 - 2016-11-11 07:08 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xolehlp.dll 2016-12-10 07:57 - 2016-11-11 07:06 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe 2016-12-10 07:57 - 2016-11-11 07:06 - 02362880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll 2016-12-10 07:57 - 2016-11-11 07:06 - 02109952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll 2016-12-10 07:57 - 2016-11-11 07:06 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll 2016-12-10 07:57 - 2016-11-11 07:06 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll 2016-12-10 07:57 - 2016-11-11 07:06 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxclu.dll 2016-12-10 07:57 - 2016-11-11 07:05 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll 2016-12-10 07:57 - 2016-11-11 07:05 - 03370496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll 2016-12-10 07:57 - 2016-11-11 07:04 - 02682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll 2016-12-10 07:57 - 2016-11-11 07:04 - 01992704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2016-12-10 07:57 - 2016-11-11 07:04 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2016-12-10 07:57 - 2016-11-11 07:04 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll 2016-12-10 07:57 - 2016-11-11 07:04 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll 2016-12-10 07:57 - 2016-11-11 07:04 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll 2016-12-10 07:57 - 2016-11-11 07:03 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll 2016-12-10 07:57 - 2016-11-11 07:03 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2016-12-10 07:57 - 2016-11-11 07:03 - 01576448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll 2016-12-10 07:57 - 2016-11-11 07:03 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll 2016-12-10 07:57 - 2016-11-11 07:03 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll 2016-12-10 07:57 - 2016-11-11 07:03 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll 2016-12-10 07:57 - 2016-11-11 07:03 - 00565248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll 2016-12-10 07:57 - 2016-11-11 07:02 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll 2016-12-10 07:56 - 2016-11-11 09:28 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CbtBackgroundManagerPolicy.dll 2016-12-10 07:56 - 2016-11-11 09:27 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe 2016-12-10 07:56 - 2016-11-11 09:25 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll 2016-12-10 07:56 - 2016-11-11 09:25 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll 2016-12-10 07:56 - 2016-11-11 09:24 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll 2016-12-10 07:56 - 2016-11-11 09:22 - 00489472 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll 2016-12-10 07:56 - 2016-11-11 09:22 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll 2016-12-10 07:56 - 2016-11-11 09:21 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll 2016-12-10 07:56 - 2016-11-11 09:21 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll 2016-12-10 07:56 - 2016-11-11 09:20 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll 2016-12-10 07:56 - 2016-11-11 09:20 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll 2016-12-10 07:56 - 2016-11-11 09:20 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupugc.exe 2016-12-10 07:56 - 2016-11-11 09:13 - 07812096 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll 2016-12-10 07:56 - 2016-11-11 09:11 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpoext.dll 2016-12-10 07:56 - 2016-11-11 09:07 - 03441152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll 2016-12-10 07:56 - 2016-11-11 09:07 - 02953216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll 2016-12-10 07:56 - 2016-11-11 09:07 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll 2016-12-10 07:56 - 2016-11-11 09:05 - 01031680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll 2016-12-10 07:56 - 2016-11-11 09:03 - 00632320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll 2016-12-10 07:56 - 2016-11-11 08:01 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll 2016-12-10 07:56 - 2016-11-11 08:01 - 01969912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll 2016-12-10 07:56 - 2016-11-11 08:01 - 00167848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll 2016-12-10 07:56 - 2016-11-11 07:42 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2016-12-10 07:56 - 2016-11-11 07:27 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetCfgNotifyObjectHost.exe 2016-12-10 07:56 - 2016-11-11 07:26 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgentc.exe 2016-12-10 07:56 - 2016-11-11 07:19 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll 2016-12-10 07:56 - 2016-11-11 07:19 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupugc.exe 2016-12-10 07:56 - 2016-11-11 07:18 - 01196544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl 2016-12-10 07:56 - 2016-11-11 07:18 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscinterop.dll 2016-12-10 07:56 - 2016-11-11 07:16 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2016-12-09 10:48 - 2016-12-14 15:28 - 00000000 ____D C:\ProgramData\Screentime 2016-12-09 10:48 - 2016-12-09 10:48 - 00674280 _____ (ScreenTime Media) C:\WINDOWS\system32\3169437.scr 2016-12-09 10:47 - 2016-12-09 10:48 - 00000000 ____D C:\Users\bob\AppData\Local\Screentime 2016-12-09 10:47 - 2016-12-09 10:47 - 06461781 _____ (ScreenTime Media) C:\Users\bob\Downloads\homecoming_3169437.exe 2016-12-08 08:16 - 2016-12-08 08:16 - 00002117 _____ C:\Users\bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileHippo App Manager.lnk 2016-12-08 08:15 - 2016-12-08 08:15 - 02190552 _____ C:\Users\bob\Downloads\appmanagersetup_2.0_b4_292 (1).exe 2016-12-07 16:02 - 2016-12-07 16:01 - 00052780 _____ C:\Users\bob\Documents\IMG_0140-01.jpeg 2016-12-05 20:07 - 2016-12-21 18:15 - 00042096 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe 2016-12-04 15:14 - 2016-12-04 15:15 - 330796920 _____ (BlueStack Systems Inc.) C:\Users\bob\Downloads\BlueStacks2_native_6e0d254faf9ea238c6c0b4e0ccdb44f9 (1).exe 2016-12-04 14:58 - 2016-12-04 15:15 - 00000000 ____D C:\Users\bob\AppData\Local\Bluestacks 2016-12-04 14:58 - 2016-12-04 14:58 - 00001644 _____ C:\Users\Public\Desktop\BlueStacks.lnk 2016-12-04 14:58 - 2016-12-04 14:58 - 00001644 _____ C:\ProgramData\Microsoft\Windows\Start Menu\BlueStacks.lnk 2016-12-04 14:57 - 2016-12-04 14:58 - 00000000 ____D C:\Program Files (x86)\Bluestacks 2016-12-04 14:57 - 2016-12-01 15:48 - 00000000 ____D C:\ProgramData\Bluestacks 2016-12-04 14:56 - 2016-12-04 14:57 - 330796920 _____ (BlueStack Systems Inc.) C:\Users\bob\Downloads\BlueStacks2_native_6e0d254faf9ea238c6c0b4e0ccdb44f9.exe 2016-12-04 14:26 - 2016-12-04 14:27 - 330796920 _____ (BlueStack Systems Inc.) C:\Users\bob\Downloads\BlueStacks2_native_d9d0290d850fe8e7fdb0b1fc319e9a09.exe 2016-12-04 10:44 - 2016-12-04 10:44 - 00000837 _____ C:\Users\Public\Desktop\Speccy.lnk 2016-12-04 10:44 - 2016-12-04 10:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy 2016-12-04 10:44 - 2016-12-04 10:44 - 00000000 ____D C:\Program Files\Speccy 2016-12-04 10:43 - 2016-12-04 10:43 - 06293184 _____ (Piriform Ltd) C:\Users\bob\Downloads\spsetup130.exe 2016-12-02 14:43 - 2016-12-02 15:06 - 24645269 _____ C:\Users\bob\Downloads\Snapseed_1.6.0.apk 2016-12-01 15:12 - 2016-12-01 15:14 - 330943144 _____ (BlueStack Systems Inc.) C:\Users\bob\Downloads\BlueStacks2_native_32f85a92bc09e3d8117f5634336a3103.exe 2016-12-01 11:19 - 2016-12-01 11:19 - 00000063 _____ C:\Users\bob\Desktop\10 best things.txt 2016-12-01 09:52 - 2016-12-01 09:52 - 00243464 _____ C:\Users\bob\Downloads\Firefox Setup Stub 50.0.2 (1).exe 2016-12-01 09:50 - 2016-12-01 09:50 - 00243464 _____ C:\Users\bob\Downloads\Firefox Setup Stub 50.0.2.exe 2016-12-01 08:24 - 2016-12-01 08:24 - 00001783 _____ C:\Users\bob\Downloads\OpentheCageMurphy9781448170050 (2).acsm 2016-12-01 08:23 - 2016-12-01 08:23 - 00001783 _____ C:\Users\bob\Downloads\OpentheCageMurphy9781448170050 (1).acsm 2016-12-01 08:22 - 2016-12-01 08:22 - 00001783 _____ C:\Users\bob\Downloads\OpentheCageMurphy9781448170050.acsm 2016-11-30 16:24 - 2016-12-20 10:10 - 00000000 ____D C:\Users\bob\AppData\Local\Troubleshooter 2016-11-30 15:51 - 2016-11-30 15:52 - 330943144 _____ (BlueStack Systems Inc.) C:\Users\bob\Downloads\BlueStacks2_native_895b04e7b969f8a760ca803ee048afa1 (2).exe 2016-11-30 13:40 - 2016-11-30 13:42 - 330943144 _____ (BlueStack Systems Inc.) C:\Users\bob\Downloads\BlueStacks2_native_895b04e7b969f8a760ca803ee048afa1 (1).exe 2016-11-30 13:40 - 2016-11-23 13:37 - 00000570 _____ C:\Users\bob\AppData\Local\TroubleshooterConfig.json 2016-11-30 13:37 - 2016-11-30 13:38 - 330943144 _____ (BlueStack Systems Inc.) C:\Users\bob\Downloads\BlueStacks2_native_895b04e7b969f8a760ca803ee048afa1.exe 2016-11-30 08:18 - 2016-11-30 08:18 - 00000000 ____D C:\Users\bob\AppData\Local\ElevatedDiagnostics 2016-11-30 07:58 - 2016-11-30 07:58 - 00243520 _____ C:\Users\bob\Downloads\Firefox Setup Stub 50.0.1 (3).exe 2016-11-30 07:55 - 2016-11-30 07:55 - 00243520 _____ C:\Users\bob\Downloads\Firefox Setup Stub 50.0.1 (2).exe 2016-11-30 07:34 - 2016-11-30 07:34 - 00000000 ____D C:\Users\bob\Desktop\Old Firefox Data 2016-11-29 09:38 - 2016-11-29 09:38 - 00243520 _____ C:\Users\bob\Downloads\Firefox Setup Stub 50.0.1 (1).exe 2016-11-29 09:34 - 2016-12-18 07:30 - 00000000 ____D C:\Users\bob\AppData\LocalLow\Mozilla 2016-11-29 09:33 - 2016-12-18 08:01 - 00000000 ____D C:\Users\bob\AppData\Local\Mozilla 2016-11-29 09:33 - 2016-11-29 09:33 - 00243520 _____ C:\Users\bob\Downloads\Firefox Setup Stub 50.0.1.exe 2016-11-27 14:31 - 2016-11-27 14:31 - 00203928 _____ C:\Users\bob\Downloads\VideostreamNetworkRepair (2).exe 2016-11-27 14:29 - 2016-11-27 14:29 - 00203928 _____ C:\Users\bob\Downloads\VideostreamNetworkRepair (1).exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-12-26 08:07 - 2016-10-21 10:53 - 00014876 _____ C:\Users\bob\Downloads\FRST.txt 2016-12-26 08:07 - 2016-10-21 10:53 - 00000000 ____D C:\FRST 2016-12-26 07:56 - 2016-11-07 23:29 - 00000000 ____D C:\WINDOWS\INF 2016-12-26 07:43 - 2016-11-07 15:49 - 02108718 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-12-26 07:42 - 2016-11-09 14:01 - 00004162 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1159A946-D4F8-4A96-BB4A-0473EDAD75E9} 2016-12-26 07:38 - 2016-11-09 08:32 - 00000000 ____D C:\WINDOWS\Minidump 2016-12-26 07:38 - 2016-11-07 15:43 - 00000000 ____D C:\Users\bob 2016-12-26 07:38 - 2016-11-07 15:40 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-12-26 07:38 - 2016-11-07 15:40 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2016-12-26 07:34 - 2016-11-07 23:25 - 03670016 _____ C:\WINDOWS\system32\config\BBI 2016-12-26 07:21 - 2016-11-07 23:30 - 00000000 ____D C:\WINDOWS\LiveKernelReports 2016-12-25 07:30 - 2016-11-07 23:30 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-12-24 10:19 - 2016-01-21 21:58 - 00000000 ___RD C:\Users\bob\OneDrive 2016-12-24 10:18 - 2016-11-07 15:52 - 00002357 _____ C:\Users\bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-12-24 07:29 - 2016-11-07 23:30 - 00000000 ___HD C:\Program Files\WindowsApps 2016-12-21 15:29 - 2016-11-07 15:50 - 00000000 ____D C:\Users\bob\AppData\Local\Packages 2016-12-20 10:06 - 2016-11-11 15:44 - 00000000 ____D C:\ProgramData\BlueStacksSetup 2016-12-20 09:32 - 2016-11-07 23:25 - 00032768 _____ C:\WINDOWS\system32\config\ELAM 2016-12-20 08:14 - 2016-11-08 10:47 - 00000000 ____D C:\Users\bob\AppData\Local\Google 2016-12-20 08:09 - 2016-11-09 13:55 - 00001122 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk 2016-12-20 08:09 - 2016-11-09 13:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro 2016-12-19 15:17 - 2016-10-01 10:38 - 00000000 ___RD C:\Users\bob\Desktop\Image Transfer 2016-12-18 15:42 - 2016-11-17 14:55 - 00000000 ____D C:\Users\bob\Desktop\RIGHT 2016-12-18 08:01 - 2016-11-11 15:46 - 00000000 ____D C:\Users\bob\AppData\Roaming\Mozilla 2016-12-18 08:00 - 2016-11-08 10:47 - 00000000 ____D C:\Program Files (x86)\Google 2016-12-17 07:31 - 2016-11-07 15:50 - 00000000 ____D C:\Users\bob\AppData\Local\VirtualStore 2016-12-17 07:27 - 2016-11-08 07:40 - 00004218 _____ C:\WINDOWS\System32\Tasks\Open URL by RoboForm 2016-12-17 07:27 - 2016-11-08 07:40 - 00003588 _____ C:\WINDOWS\System32\Tasks\Run RoboForm TaskBar Icon 2016-12-17 07:26 - 2016-11-08 07:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm 2016-12-17 07:18 - 2016-11-09 17:18 - 00003672 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-962910320-1154512269-2272114608-1001UA 2016-12-17 07:18 - 2016-11-09 17:18 - 00003404 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-962910320-1154512269-2272114608-1001Core 2016-12-16 11:39 - 2016-11-07 23:30 - 00000000 ____D C:\WINDOWS\rescache 2016-12-16 09:52 - 2016-10-09 13:06 - 00000000 ___RD C:\Users\bob\Desktop\desk tidy 2016-12-16 08:53 - 2016-11-09 13:55 - 00040984 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys 2016-12-15 10:50 - 2016-11-19 15:20 - 00000000 ____D C:\Program Files\CCleaner 2016-12-15 10:49 - 2016-11-19 15:20 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk 2016-12-15 08:48 - 2016-11-07 15:40 - 00194192 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-12-15 08:47 - 2016-11-07 23:30 - 00000000 ____D C:\WINDOWS\ShellExperiences 2016-12-15 08:17 - 2016-11-07 23:25 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-12-15 08:14 - 2016-11-07 17:12 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-12-15 08:13 - 2016-11-07 17:12 - 135632432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-12-11 23:56 - 2016-11-07 23:31 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2016-12-11 23:56 - 2016-11-07 23:31 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2016-12-11 09:27 - 2016-11-17 11:04 - 00000000 ____D C:\Users\bob\Desktop\LEFT 2016-12-10 08:15 - 2016-01-21 21:57 - 00000000 __RHD C:\Users\Public\AccountPictures 2016-12-10 08:12 - 2016-11-07 23:30 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2016-12-10 08:12 - 2016-11-07 23:30 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe 2016-12-10 08:12 - 2016-11-07 23:30 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism 2016-12-10 08:12 - 2016-11-07 23:30 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2016-12-10 08:12 - 2016-11-07 23:30 - 00000000 ____D C:\WINDOWS\system32\Sysprep 2016-12-10 08:12 - 2016-11-07 23:30 - 00000000 ____D C:\WINDOWS\system32\oobe 2016-12-10 08:12 - 2016-11-07 23:30 - 00000000 ____D C:\WINDOWS\system32\Dism 2016-12-10 08:12 - 2016-11-07 23:30 - 00000000 ____D C:\WINDOWS\bcastdvr 2016-12-10 08:12 - 2016-11-07 23:25 - 00000000 ____D C:\WINDOWS\servicing 2016-12-10 07:53 - 2016-07-16 11:42 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll 2016-12-08 08:18 - 2016-01-29 17:12 - 00000000 ____D C:\Users\bob\Documents\My Filehippo Downloads 2016-12-04 14:58 - 2016-11-07 23:30 - 00000000 __RHD C:\Users\Public\Libraries 2016-11-29 08:14 - 2016-11-23 09:56 - 00002500 ____H C:\Users\bob\Desktop\ZbThumbnail.info ==================== Files in the root of some directories ======= 2016-11-20 15:19 - 2016-11-20 15:19 - 0005120 _____ () C:\Users\bob\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2016-11-30 13:40 - 2016-11-23 13:37 - 0000570 _____ () C:\Users\bob\AppData\Local\TroubleshooterConfig.json 2016-12-23 07:34 - 2016-12-23 07:34 - 0000000 _____ () C:\Users\bob\AppData\Local\{38942BC9-8EF4-4DA6-9EF9-2EA2EAB966F0} 2016-12-23 07:36 - 2016-12-23 07:36 - 0000000 _____ () C:\Users\bob\AppData\Local\{6C01E54C-D4FD-4618-8A1D-95F984F1E487} 2016-11-07 15:41 - 2016-11-07 15:41 - 0000000 ____H () C:\ProgramData\DP45977C.lfl ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-12-22 17:46 ==================== End of FRST.txt ============================

Hi Bob, Have a look in the uninstall list for: Scanguard PC Healthboost If there, uninstall both. Sometimes the Scanguard listing is hidden.... just to make it harder to remove. if this is the case... open File Explorer then click on the C drive .... there should be a Scanguard folder in either the Program Files folder or the Program Files (86) folder. Open the Scanguard folder and look for the uninstall file and click this. If none of these options works, we can do this manually: Note: There are both 32-bit and 64-bit versions of Farbar Recovery Scan Tool available. Please pick the version that matches your operating system's bit type. If you are unsure what you're system bit type is..... click Here for help. For x32 bit systems download Farbar Recovery Scan Tool and save it to your Desktop. For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop. Double-click the downloaded icon to run the tool. Vista/Windows 7/8/10 users right-click and select Run As Administrator http://img.photobucket.com/albums/v708/starbuck50/frsticon_zpsdc3cbdc3.png When the tool opens click Yes to disclaimer. http://img.photobucket.com/albums/v708/starbuck50/frstdis_zps7f598f12.png Make sure that Addition.txt is selected at the bottom Press Scan button. http://img.photobucket.com/albums/v708/starbuck50/newfrst_zpsa63ffa3d.png It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also. Thanks

Hi pitfall Ray has had similar problems with his Win updates on Win8. He found a solution that may or may not work for you. Take a look..... http://extremetech.support/threads/17457-Also-cant-fix-stuck-on-updates?p=114748&viewfull=1#post114748

Thanks for the update Ray. Your solution may well help some other members, so thanks for sharing. Thank you. I wish you and your family a great Xmas and a prosperous New Year as well.

Hi Ray, Yes the site is searchable. The search box should be at the top left of the screen. But to narrow down the search you would need to be specific about the search terms. Searching for 'Windows Updates' pulls up 20 pages of threads.

Sorry joddle I have no experience with these tablets. (I'm an android man :) ) Hopefully someone else will be able to help you.

Hi George Sorry to ask the obvious, but have you re-entered your router wifi details again after the factory reset?

Ken is correct in what he says. Just because IE is installed, it doesn't mean that you have to use it. Just set Chrome as your default browser and forget about IE.

Ok, ONY i understand.

Have to say that My WOT throws up a big warning if I click the link you posted JB.... so I've killed the link for member safety. I use Firefox and have uBlock Origin installed as an extension. uBlock Origin is NOT an "ad blocker" as such: it is a wide-spectrum blocker -- which happens to be able to function as a mere "ad blocker". The default behavior of uBlock Origin when newly installed is to block ads, trackers and malware sites. It blocks a lot of rubbish.... maybe this is why I don't get this page come up when I log in.

What do you mean by this? Hope you didn't run a registry cleaner/optimizer!!

Hi ONY Did JRT remove those files in the end?

No login problems here ... using FF

Hi pitfall To be honest, my Win8.1 system is exactly the same. I have one hell of a job trying to get the updates. I've tried allsorts, but nothing seems to improve it. By all means go through the steps in the link below .... hopefully something may work for you. Ultimate Guide: Fix Windows Update Errors in Window 8.1 and Windows 8 Makes you wonder if M$ are messing with this so that everyone will upgrade their systems.

:jaw: You might want to read these posts of mine Ray... What are PuP's (Adware) How to avoid potentially unwanted programs

Story of my life :)

Brazen desktop locker campaign uses social media info to make its threat more compelling to victims. A newly discovered form of ransomware scrapes the social media accounts and local files of victims in order to tailor a customised demand, and threatens court action if it isn't paid. Dubbed 'Ransoc' by cybersecurity researchers at Proofpoint due to its connection with social media including Facebook, LinkedIn, and Skype, this ransomware represents yet another evolution of the malicious software which has boomed during 2016. It isn't the first ransomware variant to use social engineering in an attempt to scare the victim into paying up, but Ransoc is unique in how it attempts to turn the users' files against them -- especially if illegally downloaded files are on the system. Perhaps because it focuses on exploiting this fear, Ransoc doesn't encrypt the victims' files in the same way as ransomware like Locky does, but rather makes its demands via the desktop or browser after infecting the system through malvertising traffic aimed at Internet Explorer on Windows and Safari on OS X. http://img.photobucket.com/albums/v708/starbuck50/new/Ransoc-browser-locker_zps1yawpglw.png Ransoc browser locker It might appear basic or dated compared to more sophisticated forms of ransomware -- desktop locking malware saw its heyday between 2012 and 2014 -- but Ransoc is built to search the victim's hard drive and social media accounts for data to use in its scheme. That data will then be used to tailor a ransom note featuring images from their Facebook and LinkedIn accounts disguised as a threat of legal action against the victim http://img.photobucket.com/albums/v708/starbuck50/new/Ransoc-desktop-locker_zpsrysnabkx.png Indeed, Proofpoint researchers discovered one variant of the penalty notice is only displayed when Ransoc suspects the victim has files containing illegal images or media files downloaded via torrents. In this case, Ransoc threatens the victim into paying a fine, or face the risk of any files being made public in a court case. Ultimately, Ransoc is preying on the victim's reputation rather than their files. Unlike the majority of ransomware schemes, which now demand payments in the untracable Bitcoin cryptocurrency, those behind Ransoc have opted to make victims pay with their credit card. http://img.photobucket.com/albums/v708/starbuck50/new/ransoc-6_zpsbyjovehd.png Ransoc demands a payment via credit card, not Bitcoin. To encourage payment, the actors behind Ransoc say they'll send the money back if the victim isn't caught again in 180 days -- but obviously the money never returns. How to remove the Ransoc desktop locker Ransoc checks every 100ms if the user has started applications such as Task Manager, RegEdit, and MSConfig, and kills the processes before the user can remove the ransom note from his screen. Users infected with Ransoc may be happy to hear that there's a way to remove the desktop locker and regain access to their PC. All they have to do is to reboot the PC in Safe Mode and find and remove a Windows Registry keys that allow the ransomware to start with every PC boot. The registry key is: The registry key value that Proofpoint saw in active Ransoc installs was a shortcut file named JavaErrorHandler.lnk. A victim can also look at the properties of this shortcut file to determine what malware executable it is pointing to. You can then use this information delete the executable associated with Ransoc. Source: http://www.zdnet.com/article/this-ransomware-uses-your-social-media-profiles-to-personalise-its-ransom-demand/ http://www.bleepingcomputer.com/news/security/ransoc-ransomware-extorts-users-who-accessed-questionable-content/

For those of you who've avoided upgrading to Windows 10 so far, Microsoft has offered some scary ransomware numbers to prove it's in your interests to do so. http://img.photobucket.com/albums/v708/starbuck50/microsoftransomware770x476_zpsngtuqkmo.png Microsoft's data shows Windows 10 devices have fewer ransomware encounters than Windows 7 devices. If you want to escape the clutches of ransomware, the best thing you can do is install the Windows 10 Anniversary Update, according to Microsoft. Microsoft says there's been a 400 percent rise in ransomware encounters affecting Windows since 2015, but older versions of Windows are more exposed to it and more prone to actual infection after an encounter. Microsoft says it has "made Windows 10 Anniversary Update the most secure Windows ever". Devices on Windows 10 are 58 percent less likely to run into ransomware than Windows 7, Microsoft argues in a new white paper detailing in-built defenses against the extortion-ware. Ransomware arrives either through email or the browser, both of which Microsoft has battened down in Windows 10. In July, Microsoft counted 58 million attempts to use email to infect customers with ransomware, while its SmartScreen Filter blocks on average 200,000 automated attacks over the web from so-called exploit kits that deliver ransomware, according to Microsoft. Better overall security has been one of Microsoft's main arguments for users to upgrade to Windows 10, but the company highlights a number of additional security improvements unique to the Anniversary Update. Microsoft hopes better protection from ransomware motivates Windows 7 users to upgrade even though it now costs $120 to do so, after its free update period expired in August. Edge on the Anniversary Update works to prevent exploits from downloading and running malware, such as ransomware, on the device, Microsoft says. In other words, if hackers find the first zero-day exploit for Edge, it will still be difficult to run malware on the compromised device. Edge now also places Adobe's frequently-targeted Flash Player in an application container to shield attacks on it from having an effect on the browser itself. Microsoft has in addition added new protections for the Windows kernel to prevent attacks on Edge reaching the core of Windows. "In the Windows 10 Anniversary Update, we limited the ways in which system calls can be used by Microsoft Edge, which increases the likelihood that a successful Microsoft Edge exploit will not escape the browser's sandbox and harm the rest of the system, including your important data," Microsoft notes. Windows Defender has also been upgraded over the past six months, in particular in blocking and analyzing malicious attachments. According to Microsoft, it's reduced Windows Defender's miss rate "considerably" and so improved its ability to protect inboxes. Microsoft doesn't quantify how much it's improved, but Windows Defender hasn't always performed well in tests by antivirus testing firm AV-Test. Russian antivirus firm Kaspersky drew attention to Windows Defender results in a complaint to Russia's competition authority over Microsoft allegedly giving preference to Windows Defender over superior rival security products. Microsoft says Windows Defender is now faster at responding to previously unseen malware and that it doesn't need a definition for each piece of malware to react. This capability was enabled with a feature called Block at First Sight, introduced with the Windows 10 Anniversary Update. "By improving these behavioral heuristics, we more effectively protect against ransomware, blocking 15 percent of ransomware threats detected in July 2016 this way. The remaining 85 percent were blocked using traditional signatures and cloud-based protection," Microsoft says. Source: http://www.zdnet.com/article/microsoft-windows-7-is-way-more-exposed-to-ransomware-than-windows-10/