Slow boot and browsing - help requested

**Bdole** · 2016-08-18, 14:05

Hello,

Thanks in advance for all help provided. I've already reduced my Startup programs from 17 to 2, but am still having speed issues. FarBar and aswMBR Logs follow.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-08-2016
Ran by Joel (administrator) on DELL-XPS410 (17-08-2016 18:17:11)
Running from C:\Users\Joel\Desktop
Loaded Profiles: Joel & (Available Profiles: Joel)
Platform: Microsoft Windows 10 Pro Version 1511 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Two Pilots) C:\Windows\VPDAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files\D-Link\DWA-566\ANIWConnService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(The Neat Company) C:\Program Files\Neat\exec\NeatStartupService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7Debug\mdm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Highresolution Enterprises) C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
Failed to access process -> GenieTimelineService.exe
() C:\Program Files\NETGEAR\ReadySHARE Vault\GenieTimeLineAgent.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Hewlett-Packard) C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Google Inc.) C:\Users\Joel\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Joel\AppData\Local\Google\Update\GoogleUpdate.exe
(© 2015 Microsoft Corporation) C:\Users\Joel\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(brother) C:\Program Files\Brownie\BrStsWnd.exe
(Highresolution Enterprises) C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWelcome.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDRootAlyzer.exe
(Microsoft Corporation) C:\Windows\SystemApps\InsiderHub_cw5n1h2txyewy\PilotshubApp.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Genie9) C:\Program Files\NETGEAR\ReadySHARE Vault\GenieTimelineService.exe
Failed to access process -> GenieTimelineService.exe
(Microsoft Corporation) C:\Windows\System32\WerFault.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\wermgr.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-07-05] (Apple Inc.)
HKLM\...\Run: [BingDesktop] => C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe [2369728 2014-07-15] (Microsoft Corp.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [Brdefprn] => C:\Program Files\Brother\BRHL2070\Brdefprn.exe [45056 2009-07-08] ()
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [QuickTime Plugin Install] => C:\Program Files\QuickTime\Plugins\DeleteMe1.exe [86016 2015-09-03] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [164152 2016-07-26] (Apple Inc.)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap.dll,ShadowPlayOnSystemStart
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-763783208-265182315-1340191871-1001\...\Run: [B70C978E0D8686DFA1B56EEE8DDD560C8E84B941._service_run] => C:\Users\Joel\AppData\Local\Google\Chrome\Application\chrome.exe [961352 2016-08-02] (Google Inc.)
HKU\S-1-5-21-763783208-265182315-1340191871-1001\...\Run: [GoogleChromeAutoLaunch_0F9F0B6353EE033798AF90928A2DFDFC] => C:\Users\Joel\AppData\Local\Google\Chrome\Application\chrome.exe [961352 2016-08-02] (Google Inc.)
HKU\S-1-5-21-763783208-265182315-1340191871-1001\...\Run: [Google Update] => C:\Users\Joel\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-02] (Google Inc.)
HKU\S-1-5-21-763783208-265182315-1340191871-1001\...\Run: [BingSvc] => C:\Users\Joel\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-23] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-763783208-265182315-1340191871-1001\...\Run: [NETGEARGenie] => C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe [603392 2015-08-26] (NETGEAR Inc.)
HKU\S-1-5-21-763783208-265182315-1340191871-1001\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-07-08] (Apple Inc.)
HKU\S-1-5-21-763783208-265182315-1340191871-1001\...\RunOnce: [BrStsWnd.exe] => C:\Program Files\Brownie\BrStsWnd.exe [3618104 2009-08-19] (brother)
HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [B70C978E0D8686DFA1B56EEE8DDD560C8E84B941._service_run] => C:\Users\Joel\AppData\Local\Google\Chrome\Application\chrome.exe [961352 2016-08-02] (Google Inc.)
HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_0F9F0B6353EE033798AF90928A2DFDFC] => C:\Users\Joel\AppData\Local\Google\Chrome\Application\chrome.exe [961352 2016-08-02] (Google Inc.)
HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\Joel\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-02] (Google Inc.)
HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [BingSvc] => C:\Users\Joel\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-23] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [NETGEARGenie] => C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe [603392 2015-08-26] (NETGEAR Inc.)
HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-07-08] (Apple Inc.)
HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [BrStsWnd.exe] => C:\Program Files\Brownie\BrStsWnd.exe [3618104 2009-08-19] (brother)
ShellIconOverlayIdentifiers: [0GenieTimeLine-BackedUp] -> {88A8B1ED-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2013-08-29] ()
ShellIconOverlayIdentifiers: [0GenieTimeLine-Excluded] -> {B77E8651-93B1-40CD-8ECF-6F33DAC805A0} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2013-08-29] ()
ShellIconOverlayIdentifiers: [0GenieTimeLine-Folder] -> {CEAF16CE-C11C-4081-BE29-DDE7F45A59DB} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2013-08-29] ()
ShellIconOverlayIdentifiers: [0GenieTimeLine-NotBackedUp] -> {88A8B1EE-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2013-08-29] ()
ShellIconOverlayIdentifiers: [0GenieTimeLine-Pending ] -> {88A8B1EF-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2013-08-29] ()
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-763783208-265182315-1340191871-1001] => http=127.0.0.1:16110;https=127.0.0.1:16110
AutoConfigURL: [S-1-5-21-763783208-265182315-1340191871-1001] => http=127.0.0.1:16110;https=127.0.0.1:16110
ProxyServer: [S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => http=127.0.0.1:16110;https=127.0.0.1:16110
AutoConfigURL: [S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => http=127.0.0.1:16110;https=127.0.0.1:16110
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1e100f08-e298-4017-a21d-d06662f7b294}: [NameServer] 4.2.2.3,4.2.2.4,192.168.1.1
Tcpip\..\Interfaces\{1e100f08-e298-4017-a21d-d06662f7b294}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8454cb08-e1f0-4bb3-b611-a780048fe593}: [NameServer] 216.146.36.36,216.146.35.35,
Tcpip\..\Interfaces\{8454cb08-e1f0-4bb3-b611-a780048fe593}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-763783208-265182315-1340191871-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-763783208-265182315-1340191871-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-763783208-265182315-1340191871-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.routerlogin.net/start.htm
HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.routerlogin.net/start.htm
SearchScopes: HKU\S-1-5-21-763783208-265182315-1340191871-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SL5EDF&PC=SL5E&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SL5EDF&PC=SL5E&q={searchTerms}&src=IE-SearchBox
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-07-21] (Oracle Corporation)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-23] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-21] (Oracle Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-23] (Adobe Systems Incorporated)
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\55brkx20.default-1457192566689
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-21] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-01-29] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-01-29] (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-763783208-265182315-1340191871-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin HKU\S-1-5-21-763783208-265182315-1340191871-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin HKU\S-1-5-21-763783208-265182315-1340191871-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101710.dll [2012-08-06] (Amazon.com, Inc.)
FF Plugin HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101710.dll [2012-08-06] (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\CCMSDK.dll [2011-04-25] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\cgpcfg.dll [2011-04-25] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\CgpCore.dll [2011-04-25] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\confmgr.dll [2011-04-25] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ctxlogging.dll [2011-04-25] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ctxmui.dll [2011-04-25] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\icafile.dll [2011-04-25] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\icalogon.dll [2011-04-25] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npicaN.dll [2011-04-25] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll [2011-04-25] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\TcpPServ.dll [2011-04-25] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Joel\AppData\Roaming\mozilla\plugins\npatgpc.dll [2016-01-28] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Joel\AppData\Roaming\mozilla\plugins\NPShipRush_FedEx.dll [2013-08-03] (Z-Firm LLC)
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2016-07-17] [not signed]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-07-17] [not signed]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2016-07-17] [not signed]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2016-07-26]

Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Joel\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.376\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\Joel\AppData\Local\Google\Chrome\Application\52.0.2743.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Users\Joel\AppData\Local\Google\Chrome\Application\52.0.2743.116\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Joel\AppData\Local\Google\Chrome\Application\52.0.2743.116\pdf.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll => No File
CHR Plugin: (ShipRush FedEx) - C:\Users\Joel\AppData\Roaming\Mozilla\plugins\NPShipRush_FedEx.dll (Z-Firm LLC)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll => No File
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101710.dll (Amazon.com, Inc.)
CHR Plugin: (Java Deployment Toolkit 7.0.450.18) - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll => No File
CHR Plugin: (Java(TM) Platform SE 7 U45) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\Joel\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll => No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll => No File
CHR Profile: C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Add to Amazon Wish List) - C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2016-06-06]
CHR Extension: (Google Search) - C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (WMP FOR CHROME) - C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjgndfecgdkbhdpdmklohmbjodjnpna [2013-10-04]
CHR Extension: (iCloud Bookmarks) - C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2015-08-04]
CHR Extension: (Cisco WebEx Extension) - C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2016-01-28]
CHR Extension: (iCloud Dashboard) - C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgojgddhfhekopdpkocobommepgdeffb [2016-08-01]
CHR Extension: (Read Mode) - C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nagcaahojecfeopbghgihcabgiepploa [2016-03-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-06]
CHR Extension: (Gmail) - C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-17]
StartMenuInternet: Google Chrome.GOZWLDCQ54RPST2O2TC7RIUU3I - C:\Users\Joel\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Agent; C:\Windows\VPDAgent.exe [192512 2014-05-20] (Two Pilots) [File not signed]
S2 BingDesktopUpdate; C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe [173248 2014-07-15] (Microsoft Corp.)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [1958648 2016-03-10] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [185080 2016-03-10] (Dell Inc.)
R2 D_Link_DWA-566_WPS; C:\Program Files\D-Link\DWA-566\ANIWConnService.exe [53248 2010-07-12] () [File not signed]
S2 EventService; C:\Program Files\MR APP\MRAPP.Event.Service.exe [34304 2015-07-06] (Digital Market Research Apps Pty Ltd) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2014-01-15] (Macrovision Europe Ltd.) [File not signed]
R2 GenieTimelineService; C:\Program Files\NETGEAR\ReadySHARE Vault\GenieTimelineService.exe [314944 2014-06-18] (Genie9)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [930240 2016-06-14] (NVIDIA Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 Neat Startup Service; C:\Program Files\Neat\exec\NeatStartupService.exe [25600 2015-01-16] (The Neat Company) [File not signed]
S3 NETGEARGenieDaemon; C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe [195840 2015-08-26] (NETGEAR)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2904000 2016-06-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2016704 2016-06-14] (NVIDIA Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1750712 2015-06-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2102496 2015-06-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [224712 2015-07-24] (Safer-Networking Ltd.)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31928 2016-04-22] (Dell Inc.)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5448976 2015-04-17] (TeamViewer GmbH)
S2 TransferService; C:\Program Files\MR APP\MRAPP.Transfer.Service.exe [32256 2015-07-06] (Digital Market Research Apps Pty Ltd) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [280376 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23264 2016-07-30] (Microsoft Corporation)
R2 XMouseButton Launcher; C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe [73216 2011-08-29] (Highresolution Enterprises) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 anodlwf; C:\WINDOWS\System32\DRIVERS\anodlwf.sys [12800 2010-05-29] () [File not signed]
R3 athr; C:\WINDOWS\system32\DRIVERS\athr.sys [3208496 2015-05-19] (Qualcomm Atheros Communications, Inc.)
R3 ATIAVPCI; C:\WINDOWS\system32\DRIVERS\atinavrr.sys [813696 2008-05-15] (ATI Technologies Inc.)
S3 AtiDCM; C:\dell\drivers\R154877_TV_Tuner\Bin\atidcmxx.sys [20480 2007-04-12] (ATI Technologies Inc.) [File not signed]
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver32Dcsa.sys [29400 2016-01-05] (Dell Computer Corporation)
R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [22192 2016-01-05] (Dell Computer Corporation)
R3 e1express; C:\WINDOWS\system32\DRIVERS\e1e6232.sys [219352 2009-06-05] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [170200 2016-08-16] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [53120 2016-03-10] (Malwarebytes Corporation)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35088 2016-04-08] (CACE Technologies, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26048 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad32v.sys [50744 2016-04-14] (NVIDIA Corporation)
S3 torguardtap0901; C:\WINDOWS\System32\DRIVERS\torguardtap0901.sys [34464 2015-11-10] (The OpenVPN Project)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [37400 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [246104 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [98648 2015-10-30] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [163328 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-17 18:17 - 2016-08-17 18:17 - 05198336 _____ (AVAST Software) C:\Users\Joel\Desktop\aswMBR.exe
2016-08-17 18:17 - 2016-08-17 18:17 - 00034315 _____ C:\Users\Joel\Desktop\FRST.txt
2016-08-17 18:15 - 2016-08-17 18:17 - 00000000 ____D C:\FRST
2016-08-17 18:14 - 2016-08-17 18:14 - 01744896 _____ (Farbar) C:\Users\Joel\Desktop\FRST.exe
2016-08-15 07:22 - 2016-08-15 07:22 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-DELL-XPS410-Windows-10-Pro-(32-bit).dat
2016-08-15 07:22 - 2016-08-15 07:22 - 00000000 ____D C:\RegBackup
2016-08-15 07:21 - 2016-08-15 07:22 - 00017367 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
2016-08-15 07:21 - 2016-08-15 07:21 - 00002254 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2016-08-15 07:21 - 2016-08-15 07:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-08-15 07:21 - 2016-08-15 07:21 - 00000000 ____D C:\Program Files\Tweaking.com
2016-08-15 07:20 - 2016-08-15 07:21 - 05575304 _____ (Tweaking.com) C:\Users\Joel\Desktop\tweaking.com_registry_backup_setup.exe
2016-08-14 13:00 - 2016-08-14 13:00 - 00000000 ____D C:\Users\Joel\Documents\ProcAlyzer Dumps
2016-08-14 12:50 - 2016-08-14 12:50 - 00000000 ___HD C:\OneDriveTemp
2016-08-13 14:05 - 2016-08-13 14:06 - 01703936 _____ C:\WINDOWS\system32\USBForumTrace.etl
2016-08-13 09:43 - 2016-08-13 09:43 - 00000542 _____ C:\Users\Joel\Downloads\PerformanceDiagnostic.diagcab
2016-08-13 09:34 - 2016-08-13 09:34 - 07475752 _____ C:\Users\Joel\Downloads\SCUDownloader.exe
2016-08-13 09:34 - 2016-08-13 09:34 - 00074703 _____ C:\WINDOWS\system32\mfc45.dat
2016-08-13 09:34 - 2016-08-13 09:34 - 00001206 _____ C:\Users\Joel\Desktop\System Checkup.lnk
2016-08-13 09:34 - 2016-08-13 09:34 - 00000000 ____D C:\ProgramData\iolo
2016-08-13 09:34 - 2016-08-13 09:34 - 00000000 ____D C:\Program Files\iolo
2016-08-13 08:44 - 2016-08-13 08:44 - 00000000 __HDC C:\ProgramData\{05EE3202-A879-4F9D-895C-AC535855E0A9}
2016-08-13 08:42 - 2016-08-13 08:42 - 00000000 ____D C:\ProgramData\SupportAssistAgent
2016-08-13 08:39 - 2016-08-13 08:39 - 00000000 ____D C:\Users\Joel\AppData\LocalLow\PCDr
2016-08-13 08:38 - 2016-08-13 08:38 - 00000000 ____D C:\ProgramData\PCDr
2016-08-13 08:38 - 2016-08-13 08:38 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows
2016-08-13 08:38 - 2016-08-13 08:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2016-08-13 08:38 - 2016-08-13 08:38 - 00000000 ____D C:\Program Files\Dell Support Center
2016-08-13 08:37 - 2016-08-13 08:42 - 00000000 ____D C:\Program Files\Dell
2016-08-13 08:36 - 2016-08-13 08:41 - 00000000 ____D C:\Users\Joel\AppData\Roaming\PCDr
2016-08-13 08:14 - 2016-08-13 08:36 - 00000000 ____D C:\Users\Joel\AppData\Local\Deployment
2016-08-13 08:14 - 2016-08-13 08:14 - 00000000 ____D C:\Users\Joel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2016-08-11 18:50 - 2016-06-14 16:01 - 01377800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap.dll
2016-08-11 18:50 - 2016-06-14 16:01 - 01316184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge.dll
2016-08-11 18:50 - 2016-06-14 16:01 - 00091568 _____ C:\WINDOWS\system32\NvRtmpStreamer32.dll
2016-08-11 18:35 - 2016-08-11 18:37 - 44984120 _____ (NVIDIA Corporation) C:\Users\Joel\Downloads\GeForce_Experience_v2.11.4.0 (1).exe
2016-08-10 20:55 - 2016-08-03 01:52 - 05793632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-08-10 20:55 - 2016-08-03 01:52 - 00083808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-08-10 20:55 - 2016-08-03 01:43 - 00023776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-08-10 20:55 - 2016-08-03 01:33 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-08-10 20:55 - 2016-08-03 01:32 - 00413024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-08-10 20:55 - 2016-08-03 01:31 - 02921368 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-10 20:55 - 2016-08-03 01:31 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-08-10 20:55 - 2016-08-03 01:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-08-10 20:55 - 2016-08-03 01:30 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-08-10 20:55 - 2016-08-03 01:30 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-08-10 20:55 - 2016-08-03 01:29 - 01337680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-08-10 20:55 - 2016-08-03 01:29 - 00633192 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-08-10 20:55 - 2016-08-03 01:28 - 00505136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-10 20:55 - 2016-08-03 01:28 - 00139616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-10 20:55 - 2016-08-03 01:21 - 01712992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-10 20:55 - 2016-08-03 01:21 - 00483680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-10 20:55 - 2016-08-03 01:21 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-08-10 20:55 - 2016-08-03 01:18 - 00346464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-08-10 20:55 - 2016-08-03 00:58 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-08-10 20:55 - 2016-08-03 00:57 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-08-10 20:55 - 2016-08-03 00:48 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2016-08-10 20:55 - 2016-08-03 00:47 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-08-10 20:55 - 2016-08-03 00:44 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-08-10 20:55 - 2016-08-03 00:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-08-10 20:55 - 2016-08-03 00:44 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-08-10 20:55 - 2016-08-03 00:43 - 00180736 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-10 20:55 - 2016-08-03 00:41 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-08-10 20:55 - 2016-08-03 00:40 - 00164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-08-10 20:55 - 2016-08-03 00:40 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-08-10 20:55 - 2016-08-03 00:39 - 00173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2016-08-10 20:55 - 2016-08-03 00:37 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-08-10 20:55 - 2016-08-03 00:37 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-08-10 20:55 - 2016-08-03 00:35 - 00396288 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-08-10 20:55 - 2016-08-03 00:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-08-10 20:55 - 2016-08-03 00:35 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2016-08-10 20:55 - 2016-08-03 00:34 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-08-10 20:55 - 2016-08-03 00:34 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-08-10 20:55 - 2016-08-03 00:33 - 01152512 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-10 20:55 - 2016-08-03 00:33 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-08-10 20:55 - 2016-08-03 00:32 - 12585984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-08-10 20:55 - 2016-08-03 00:32 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-10 20:55 - 2016-08-03 00:32 - 00951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-08-10 20:55 - 2016-08-03 00:32 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-08-10 20:55 - 2016-08-03 00:32 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-08-10 20:55 - 2016-08-03 00:31 - 06743040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-08-10 20:55 - 2016-08-03 00:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-08-10 20:55 - 2016-08-03 00:27 - 02973696 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-10 20:55 - 2016-08-03 00:27 - 01903104 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-08-10 20:55 - 2016-08-03 00:25 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-08-10 20:55 - 2016-08-03 00:25 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2016-08-10 20:55 - 2016-08-03 00:24 - 01735680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-08-10 20:55 - 2016-08-03 00:23 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-08-10 20:55 - 2016-08-03 00:22 - 02501120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-08-10 20:55 - 2016-08-03 00:22 - 01900544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-08-10 20:55 - 2016-08-03 00:22 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-10 20:55 - 2016-08-03 00:22 - 01086976 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-10 20:55 - 2016-08-03 00:19 - 02180096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-08-10 20:54 - 2016-08-03 02:27 - 01303744 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-08-10 20:54 - 2016-08-03 02:27 - 00081088 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-10 20:54 - 2016-08-03 02:27 - 00045760 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-08-10 20:54 - 2016-08-03 01:52 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2016-08-10 20:54 - 2016-08-03 01:34 - 00501592 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-08-10 20:54 - 2016-08-03 01:34 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-08-10 20:54 - 2016-08-03 01:32 - 00260448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-08-10 20:54 - 2016-08-03 00:48 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-08-10 20:54 - 2016-08-03 00:44 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-08-10 20:54 - 2016-08-03 00:43 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2016-08-10 20:54 - 2016-08-03 00:42 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-08-10 20:54 - 2016-08-03 00:40 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-08-10 20:54 - 2016-08-03 00:39 - 19351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-10 20:54 - 2016-08-03 00:39 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-08-10 20:54 - 2016-08-03 00:37 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-08-10 20:54 - 2016-08-03 00:33 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-08-10 20:54 - 2016-08-03 00:33 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-08-10 20:54 - 2016-08-03 00:33 - 01223168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-08-10 20:54 - 2016-08-03 00:32 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-08-10 20:54 - 2016-08-03 00:29 - 12133376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-08-10 20:54 - 2016-08-03 00:28 - 03663360 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-08-10 20:54 - 2016-08-03 00:23 - 05660672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-08-10 20:54 - 2016-08-03 00:21 - 01708032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-08-10 20:54 - 2016-08-03 00:20 - 03483648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-08-02 11:44 - 2016-08-16 17:48 - 00000000 ____D C:\Users\Joel\AppData\Local\CrashDumps
2016-08-02 10:21 - 2016-08-02 10:21 - 00002152 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2016-08-02 10:20 - 2016-01-29 04:45 - 00614848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvStreaming.exe
2016-08-02 10:17 - 2016-08-02 10:42 - 44984120 _____ (NVIDIA Corporation) C:\Users\Joel\Downloads\GeForce_Experience_v2.11.4.0.exe
2016-08-02 10:16 - 2016-01-29 08:04 - 24207296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv32.dll
2016-08-02 10:16 - 2016-01-29 08:04 - 15302712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2016-08-02 10:16 - 2016-01-29 08:04 - 11272240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2016-08-02 10:16 - 2016-01-29 08:04 - 11209192 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2016-08-02 10:16 - 2016-01-29 08:04 - 03994560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2016-08-02 10:16 - 2016-01-29 08:04 - 01060400 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco3234195.dll
2016-08-02 10:16 - 2016-01-29 08:04 - 00917048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR.dll
2016-08-02 10:16 - 2016-01-29 08:04 - 00912248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco3234195.dll
2016-08-02 10:16 - 2016-01-29 08:04 - 00878648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC.dll
2016-08-02 09:40 - 2016-08-02 09:45 - 227389736 _____ (NVIDIA Corporation) C:\Users\Joel\Downloads\341.95-desktop-win10-32bit-international.exe
2016-08-02 08:45 - 2016-08-02 08:45 - 00583882 _____ C:\Users\Joel\Downloads\Statement_Jul 2016.pdf
2016-08-01 16:54 - 2016-08-01 16:54 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2016-08-01 16:11 - 2016-08-01 16:11 - 00001822 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-08-01 16:11 - 2016-08-01 16:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-08-01 16:10 - 2016-08-01 16:11 - 00000000 ____D C:\Program Files\iTunes
2016-08-01 16:10 - 2016-08-01 16:10 - 00000000 ____D C:\Program Files\iPod
2016-08-01 15:54 - 2016-08-01 15:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2016-07-30 13:12 - 2016-07-30 13:12 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-07-30 11:56 - 2016-07-30 08:50 - 00000000 ___DC C:\WINDOWS\Panther
2016-07-30 11:52 - 2016-07-30 11:52 - 00000000 ____D C:\Windows.old
2016-07-30 11:51 - 2016-07-30 11:51 - 00000000 ____D C:\Program Files\CMAK
2016-07-30 11:50 - 2016-07-30 11:50 - 28083144 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsRaw.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 09919488 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 06529024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 06471168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2016-07-30 11:50 - 2016-07-30 11:50 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 05598832 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2016-07-30 11:50 - 2016-07-30 11:50 - 05240960 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 04413440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 04404736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 04268880 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-07-30 11:50 - 2016-07-30 11:50 - 03695104 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 03555840 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2016-07-30 11:50 - 2016-07-30 11:50 - 03459584 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 03196928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 02885680 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 02880512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 02798080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 02771968 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 02722816 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 02680320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 02679808 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 02604032 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 02578432 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 02519552 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 02217984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 02195632 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 02186864 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 02155008 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 02062336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 02000896 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 01987072 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 01984000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 01976832 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 01866104 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 01862008 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 01861984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-07-30 11:50 - 2016-07-30 11:50 - 01820512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-07-30 11:50 - 2016-07-30 11:50 - 01800704 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 01764864 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 01746944 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 01635840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 01626112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 01588224 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 01561392 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 01541792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 01536600 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 01522160 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 01508352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmsipc.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 01497088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2016-07-30 11:50 - 2016-07-30 11:50 - 01484800 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs3D.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 01448960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.3D.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 01448960 _____ (Microsoft Corporation) C:\WINDOWS\system32\dui70.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 01445888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 01401856 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 01396592 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 01355336 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 01349640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 01334680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 01300016 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2016-07-30 11:50 - 2016-07-30 11:50 - 01273720 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 01228800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 01226752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcnwiz.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 01193984 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 01185280 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 01166848 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 01117184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 01106944 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 01083656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Taskmgr.exe
2016-07-30 11:50 - 2016-07-30 11:50 - 01075200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 01072128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 01063936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Editing.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 01051584 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-07-30 11:50 - 2016-07-30 11:50 - 01035776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplicationFrame.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 01028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 01020096 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00995296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2016-07-30 11:50 - 2016-07-30 11:50 - 00986976 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00980480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winipcsecproc.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00927080 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-07-30 11:50 - 2016-07-30 11:50 - 00925576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00925184 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00922456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2016-07-30 11:50 - 2016-07-30 11:50 - 00898048 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2016-07-30 11:50 - 2016-07-30 11:50 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00879616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebcamUi.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00875992 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-07-30 11:50 - 2016-07-30 11:50 - 00856928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-07-30 11:50 - 2016-07-30 11:50 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00836760 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00835072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00826368 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00813056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00792328 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00783872 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00782336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbe.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00777728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00771424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-07-30 11:50 - 2016-07-30 11:50 - 00771120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-07-30 11:50 - 2016-07-30 11:50 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00760320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2016-07-30 11:50 - 2016-07-30 11:50 - 00757192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00748032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00742400 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-07-30 11:50 - 2016-07-30 11:50 - 00740352 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00738816 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2016-07-30 11:50 - 2016-07-30 11:50 - 00737792 _____ (Microsoft Corporation) C:\WINDOWS\system32\pmcsnap.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00727752 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00709176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00705024 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00683008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00682496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00649728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00647680 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00645632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.Search.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00639488 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00614912 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00614400 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00613120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00612352 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-07-30 11:50 - 2016-07-30 11:50 - 00601600 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00581632 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpprefcl.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00578048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiaaut.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserLanguagesCpl.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00569752 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00554496 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2016-07-30 11:50 - 2016-07-30 11:50 - 00550240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2016-07-30 11:50 - 2016-07-30 11:50 - 00546456 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-07-30 11:50 - 2016-07-30 11:50 - 00545432 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00542720 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe
2016-07-30 11:50 - 2016-07-30 11:50 - 00541184 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2016-07-30 11:50 - 2016-07-30 11:50 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00535080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00527872 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00521152 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00513368 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00511320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00510880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00502784 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00499712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2016-07-30 11:50 - 2016-07-30 11:50 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-07-30 11:50 - 2016-07-30 11:50 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mbsmsapi.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00487936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00485888 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00484864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00484544 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00482816 _____ (Microsoft Corporation) C:\WINDOWS\system32\duser.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00476864 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00465408 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00453632 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00453472 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00451928 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00445952 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00442368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00442368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00439296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00430432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-07-30 11:50 - 2016-07-30 11:50 - 00424448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2016-07-30 11:50 - 2016-07-30 11:50 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Desktop.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00413696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WLanConn.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00413184 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00405504 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00403920 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMRServer.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\StikyNot.exe
2016-07-30 11:50 - 2016-07-30 11:50 - 00395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00388384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ws2_32.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00373248 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00354656 _____ (Microsoft Corporation) C:\WINDOWS\system32\halmacpi.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00354656 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00350208 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdechangepin.exe
2016-07-30 11:50 - 2016-07-30 11:50 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2016-07-30 11:50 - 2016-07-30 11:50 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-07-30 11:50 - 2016-07-30 11:50 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\winipcfile.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00317280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mswsock.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00316256 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00310112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-07-30 11:50 - 2016-07-30 11:50 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00309248 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPSECSVC.DLL
2016-07-30 11:50 - 2016-07-30 11:50 - 00307712 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00306832 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00305296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-07-30 11:50 - 2016-07-30 11:50 - 00297072 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-07-30 11:50 - 2016-07-30 11:50 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00293888 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3ui.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\system32\polstore.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00290304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WmpDui.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00287072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2016-07-30 11:50 - 2016-07-30 11:50 - 00284160 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2016-07-30 11:50 - 2016-07-30 11:50 - 00282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\msieftp.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00278368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-07-30 11:50 - 2016-07-30 11:50 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmicmiplugin.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2016-07-30 11:50 - 2016-07-30 11:50 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00266944 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00260096 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00248320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.OneCore.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00248320 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2016-07-30 11:50 - 2016-07-30 11:50 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskeng.exe
2016-07-30 11:50 - 2016-07-30 11:50 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsExt.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00228704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-07-30 11:50 - 2016-07-30 11:50 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00227008 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-07-30 11:50 - 2016-07-30 11:50 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2016-07-30 11:50 - 2016-07-30 11:50 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\licensingdiag.exe
2016-07-30 11:50 - 2016-07-30 11:50 - 00205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\oemlicense.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00203104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-07-30 11:50 - 2016-07-30 11:50 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00192704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2016-07-30 11:50 - 2016-07-30 11:50 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhengine.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00188256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\schtasks.exe
2016-07-30 11:50 - 2016-07-30 11:50 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2016-07-30 11:50 - 2016-07-30 11:50 - 00183904 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Maps.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00173920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2016-07-30 11:50 - 2016-07-30 11:50 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00162816 _____ C:\WINDOWS\system32\MTF.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msorcl32.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrokerLib.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-07-30 11:50 - 2016-07-30 11:50 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\GnssAdapter.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\LegacyNetUXHost.exe
2016-07-30 11:50 - 2016-07-30 11:50 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimCfg.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00153952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-07-30 11:50 - 2016-07-30 11:50 - 00153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSSync.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.exe
2016-07-30 11:50 - 2016-07-30 11:50 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimAuth.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Privacy.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityCommon.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2016-07-30 11:50 - 2016-07-30 11:50 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2016-07-30 11:50 - 2016-07-30 11:50 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-07-30 11:50 - 2016-07-30 11:50 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-07-30 11:50 - 2016-07-30 11:50 - 00111608 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2016-07-30 11:50 - 2016-07-30 11:50 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Ndu.sys
2016-07-30 11:50 - 2016-07-30 11:50 - 00104800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufxsynopsys.sys
2016-07-30 11:50 - 2016-07-30 11:50 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00103424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00103424 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00097096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00096096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-07-30 11:50 - 2016-07-30 11:50 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\olepro32.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-07-30 11:50 - 2016-07-30 11:50 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys
2016-07-30 11:50 - 2016-07-30 11:50 - 00077664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdport.sys
2016-07-30 11:50 - 2016-07-30 11:50 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\filecrypt.sys
2016-07-30 11:50 - 2016-07-30 11:50 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00073872 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00070144 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-07-30 11:50 - 2016-07-30 11:50 - 00069744 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00064584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Clipc.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptsvc.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00063008 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2016-07-30 11:50 - 2016-07-30 11:50 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\WPDShServiceObj.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\LegacyNetUX.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappprxy.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\FwRemoteSvr.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00049504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwminit.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpreference.exe
2016-07-30 11:50 - 2016-07-30 11:50 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-07-30 11:50 - 2016-07-30 11:50 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2016-07-30 11:50 - 2016-07-30 11:50 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpscript.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00037376 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Speech.Pal.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00032040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
2016-07-30 11:50 - 2016-07-30 11:50 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ByteCodeGenerator.exe
2016-07-30 11:50 - 2016-07-30 11:50 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsdchngr.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsdport.sys
2016-07-30 11:50 - 2016-07-30 11:50 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2016-07-30 11:50 - 2016-07-30 11:50 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2016-07-30 11:50 - 2016-07-30 11:50 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-07-30 11:50 - 2016-07-30 11:50 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxp.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacchooks.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00002186 _____ C:\WINDOWS\system32\AppxProvisioning.xml
2016-07-30 11:42 - 2016-07-30 11:42 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-07-30 11:32 - 2016-07-30 11:32 - 00000000 ____D C:\WINDOWS\system32\msmq
2016-07-30 11:32 - 2016-07-30 11:32 - 00000000 ____D C:\WINDOWS\system32\BestPractices
2016-07-30 11:32 - 2016-07-30 11:32 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-07-30 11:32 - 2016-07-30 11:32 - 00000000 ____D C:\inetpub
2016-07-30 11:32 - 2016-07-30 08:22 - 00000000 ____D C:\Program Files\MSBuild
2016-07-30 11:31 - 2015-10-23 21:47 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2016-07-30 11:31 - 2015-10-23 21:47 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2016-07-30 11:31 - 2015-10-23 21:47 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2016-07-30 10:38 - 2016-07-30 10:38 - 00000000 ____D C:\Users\Joel\AppData\Local\PeerDistRepub
2016-07-30 09:12 - 2016-07-30 09:12 - 00000000 ____D C:\Users\Joel\AppData\Local\Comms
2016-07-30 09:11 - 2016-07-30 09:14 - 00000000 ____D C:\Users\Joel\AppData\Local\MicrosoftEdge
2016-07-30 08:57 - 2016-08-14 12:50 - 00000000 ___RD C:\Users\Joel\OneDrive
2016-07-30 08:57 - 2016-08-01 16:33 - 00002401 _____ C:\Users\Joel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-07-30 08:54 - 2016-07-30 08:54 - 00000000 ____D C:\Users\Joel\AppData\Local\Publishers
2016-07-30 08:54 - 2016-07-30 08:54 - 00000000 ____D C:\Users\Joel\AppData\Local\ActiveSync
2016-07-30 08:51 - 2016-07-30 09:39 - 00000000 ____D C:\Users\Joel\AppData\Local\Packages
2016-07-30 08:51 - 2016-07-30 08:51 - 00000000 ____D C:\Users\Joel\AppData\Local\TileDataLayer
2016-07-30 08:50 - 2016-07-30 08:50 - 00000020 ___SH C:\Users\Joel\ntuser.ini
2016-07-30 08:44 - 2016-07-30 08:44 - 00000000 _SHDL C:\Users\Default\My Documents
2016-07-30 08:44 - 2016-07-30 08:44 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2016-07-30 08:44 - 2016-07-30 08:44 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2016-07-30 08:44 - 2016-07-30 08:44 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2016-07-30 08:44 - 2016-07-30 08:44 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2016-07-30 08:44 - 2016-07-30 08:44 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2016-07-30 08:44 - 2016-07-30 08:44 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2016-07-30 08:41 - 2016-07-30 08:41 - 00021316 _____ C:\WINDOWS\system32\emptyregdb.dat
2016-07-30 08:20 - 2016-07-30 08:20 - 00001544 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-07-30 08:20 - 2016-07-30 08:20 - 00000000 ____D C:\Users\Default\AppData\Roaming\Media Center Programs
2016-07-30 08:20 - 2016-07-30 08:20 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2016-07-30 08:20 - 2016-07-30 08:20 - 00000000 ____D C:\Users\Default\AppData\Roaming\Genie9
2016-07-30 08:20 - 2016-07-30 08:20 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2016-07-30 08:20 - 2016-07-30 08:20 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Media Center Programs
2016-07-30 08:20 - 2016-07-30 08:20 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2016-07-30 08:20 - 2016-07-30 08:20 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Genie9
2016-07-30 08:20 - 2016-07-30 08:20 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2016-07-30 08:11 - 2016-07-30 08:11 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2016-07-30 08:08 - 2016-07-30 08:57 - 00000000 ____D C:\Users\Joel
2016-07-30 08:08 - 2016-07-30 08:08 - 00000000 _SHDL C:\Users\Joel\My Documents
2016-07-30 08:08 - 2016-07-30 08:08 - 00000000 _SHDL C:\Users\Joel\Documents\My Videos
2016-07-30 08:08 - 2016-07-30 08:08 - 00000000 _SHDL C:\Users\Joel\Documents\My Pictures
2016-07-30 08:08 - 2016-07-30 08:08 - 00000000 _SHDL C:\Users\Joel\Documents\My Music
2016-07-30 08:03 - 2016-08-13 10:29 - 00988244 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-07-30 08:00 - 2016-08-13 10:24 - 00000000 ____D C:\ProgramData\NVIDIA
2016-07-30 08:00 - 2016-01-29 06:14 - 04397624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2016-07-30 08:00 - 2016-01-29 06:14 - 03068864 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc.dll
2016-07-30 08:00 - 2016-01-29 06:14 - 02563128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2016-07-30 08:00 - 2016-01-29 06:14 - 00678968 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2016-07-30 08:00 - 2016-01-29 06:14 - 00381888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2016-07-30 08:00 - 2016-01-29 06:14 - 00070200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2016-07-30 08:00 - 2016-01-28 12:18 - 06150607 _____ C:\WINDOWS\system32\nvcoproc.bin
2016-07-30 07:59 - 2016-08-13 12:14 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-07-30 07:59 - 2016-08-11 18:50 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-07-30 07:11 - 2016-07-30 08:43 - 00010449 _____ C:\WINDOWS\diagerr.xml
2016-07-30 07:11 - 2016-07-30 08:43 - 00009528 _____ C:\WINDOWS\diagwrn.xml
2016-07-22 00:00 - 2016-07-22 00:00 - 00000000 ____D C:\Program Files\Common Files\Java

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-17 08:17 - 2015-10-30 01:48 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-08-17 07:52 - 2015-01-31 23:38 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-17 07:44 - 2011-04-11 02:25 - 00000635 _____ C:\WINDOWS\Brownie.ini
2016-08-16 08:44 - 2012-09-29 17:20 - 00000904 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-763783208-265182315-1340191871-1001UA.job
2016-08-16 08:29 - 2012-07-15 00:22 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-08-16 08:28 - 2015-10-30 01:48 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-16 08:22 - 2014-07-02 08:22 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-08-15 01:44 - 2012-09-29 17:20 - 00000852 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-763783208-265182315-1340191871-1001Core.job
2016-08-14 21:52 - 2015-01-31 23:38 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-14 12:56 - 2013-11-14 09:41 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2016-08-14 08:36 - 2015-02-04 20:50 - 00007989 _____ C:\WINDOWS\BRRBCOM.INI
2016-08-13 10:29 - 2015-10-30 01:47 - 00000000 ____D C:\WINDOWS\INF
2016-08-13 10:24 - 2016-04-27 00:32 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-13 10:23 - 2015-10-30 01:13 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-08-13 09:43 - 2011-04-11 19:43 - 00000000 ____D C:\Users\Joel\AppData\Local\ElevatedDiagnostics
2016-08-13 09:15 - 2013-05-21 08:52 - 00000000 ____D C:\temp
2016-08-13 08:48 - 2011-09-07 21:54 - 00000000 ____D C:\Users\Joel\AppData\Roaming\NVIDIA
2016-08-12 04:09 - 2015-10-30 01:48 - 00000000 ____D C:\WINDOWS\rescache
2016-08-12 03:32 - 2016-04-27 00:21 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-12 03:32 - 2015-10-30 01:48 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-12 03:32 - 2015-10-30 01:48 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-08-11 21:21 - 2013-07-29 21:59 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-11 20:59 - 2011-04-10 21:42 - 144884648 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-11 20:53 - 2015-10-30 01:39 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-11 20:52 - 2015-10-30 01:48 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-08-11 18:50 - 2014-06-22 16:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-08-10 21:08 - 2012-09-29 17:21 - 00002489 _____ C:\Users\Joel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-09 07:18 - 2015-11-23 19:37 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-08-09 07:10 - 2014-06-22 16:26 - 00000000 ____D C:\Users\Joel\AppData\Local\NVIDIA
2016-08-02 11:36 - 2014-06-22 16:49 - 00000000 ____D C:\Users\Joel\AppData\Local\NVIDIA Corporation
2016-08-01 17:10 - 2014-02-03 00:38 - 00000000 ____D C:\Users\Joel\AppData\Local\03AA6AD3-6C96-490A-89A2-EA77D698220C.aplzod
2016-08-01 16:33 - 2015-02-04 20:50 - 00000140 _____ C:\WINDOWS\BROMJ450DW.INI
2016-08-01 16:29 - 2016-04-07 08:23 - 00000648 __RSH C:\ProgramData\ntuser.pol
2016-08-01 16:10 - 2014-01-31 11:04 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-08-01 15:26 - 2015-10-30 01:48 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2016-07-31 08:23 - 2015-10-30 01:48 - 00000000 ____D C:\WINDOWS\AppCompat
2016-07-30 11:56 - 2015-10-30 01:48 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-07-30 11:51 - 2015-10-30 01:48 - 00015703 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-07-30 11:51 - 2015-10-30 01:48 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2016-07-30 11:51 - 2015-10-30 01:48 - 00000000 ___RD C:\WINDOWS\PrintDialog
2016-07-30 11:51 - 2015-10-30 01:48 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2016-07-30 11:51 - 2015-10-30 01:48 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-07-30 11:51 - 2015-10-30 01:48 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-07-30 11:51 - 2015-10-30 01:48 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-07-30 11:51 - 2015-10-30 01:48 - 00000000 ____D C:\WINDOWS\Provisioning
2016-07-30 11:51 - 2015-10-30 01:48 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-07-30 11:51 - 2015-10-30 01:48 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-07-30 11:51 - 2015-10-30 01:48 - 00000000 ____D C:\Program Files\Windows Defender
2016-07-30 11:32 - 2015-10-30 01:48 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2016-07-30 11:31 - 2015-10-30 01:45 - 01014272 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll
2016-07-30 11:31 - 2015-10-30 01:45 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsnap.dll
2016-07-30 11:31 - 2015-10-30 01:45 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqutil.dll
2016-07-30 11:31 - 2015-10-30 01:45 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.dll
2016-07-30 11:31 - 2015-10-30 01:45 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2016-07-30 11:31 - 2015-10-30 01:45 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqrt.dll
2016-07-30 11:31 - 2015-10-30 01:45 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys
2016-07-30 11:31 - 2015-10-30 01:45 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqlogmgr.dll
2016-07-30 11:31 - 2015-10-30 01:45 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.tlb
2016-07-30 11:31 - 2015-10-30 01:45 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa30.tlb
2016-07-30 11:31 - 2015-10-30 01:45 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa20.tlb
2016-07-30 11:31 - 2015-10-30 01:45 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2016-07-30 11:31 - 2015-10-30 01:45 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqbkup.exe
2016-07-30 11:31 - 2015-10-30 01:45 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa10.tlb
2016-07-30 11:31 - 2015-10-30 01:45 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2016-07-30 11:31 - 2015-10-30 01:45 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
2016-07-30 11:31 - 2015-10-30 01:45 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2016-07-30 11:31 - 2015-10-30 01:45 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcertui.dll
2016-07-30 11:31 - 2015-10-30 01:45 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2016-07-30 11:31 - 2015-10-30 01:45 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2016-07-30 11:31 - 2015-10-30 01:45 - 00009096 _____ C:\WINDOWS\system32\msmqtrc.mof
2016-07-30 08:51 - 2016-04-27 00:38 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-07-30 08:43 - 2015-10-30 01:48 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-07-30 08:43 - 2015-10-30 01:48 - 00000000 ____D C:\WINDOWS\Registration
2016-07-30 08:42 - 2009-07-13 22:37 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2016-07-30 08:41 - 2015-10-30 01:48 - 00000000 __RSD C:\WINDOWS\Media
2016-07-30 08:41 - 2015-10-30 01:48 - 00000000 __RHD C:\Users\Public\Libraries
2016-07-30 08:24 - 2016-04-27 00:28 - 00443760 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-07-30 08:22 - 2016-04-29 22:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
2016-07-30 08:22 - 2016-04-27 00:21 - 00000000 ____D C:\WINDOWS\ShellNew
2016-07-30 08:22 - 2016-04-08 21:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR
2016-07-30 08:22 - 2016-02-28 15:54 - 00000000 ____D C:\Users\Joel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Photos Backup
2016-07-30 08:22 - 2016-01-16 10:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-07-30 08:22 - 2015-10-30 01:13 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-07-30 08:22 - 2015-09-20 12:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-07-30 08:22 - 2015-06-07 20:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
2016-07-30 08:22 - 2015-02-17 09:49 - 00000000 ____D C:\Users\Joel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AT&T Connect
2016-07-30 08:22 - 2015-02-15 23:21 - 00000000 ____D C:\Users\Joel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2016-07-30 08:22 - 2015-01-31 23:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro
2016-07-30 08:22 - 2014-12-27 22:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neat
2016-07-30 08:22 - 2014-09-10 22:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-07-30 08:22 - 2014-08-17 23:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2016-07-30 08:22 - 2014-07-02 08:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-07-30 08:22 - 2014-02-11 18:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
2016-07-30 08:22 - 2014-02-11 09:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player Classic - Home Cinema
2016-07-30 08:22 - 2014-02-11 09:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free RAR Extract Frog
2016-07-30 08:22 - 2014-02-10 21:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow
2016-07-30 08:22 - 2014-02-03 19:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-07-30 08:22 - 2014-01-06 21:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3 Rocket
2016-07-30 08:22 - 2014-01-05 13:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digital Rewards Downloader
2016-07-30 08:22 - 2013-08-03 12:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShipRush
2016-07-30 08:22 - 2013-05-06 19:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MWSnap
2016-07-30 08:22 - 2012-11-02 08:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2016-07-30 08:22 - 2012-11-02 08:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2016-07-30 08:22 - 2012-05-12 00:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bing Desktop
2016-07-30 08:22 - 2012-04-29 01:08 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2016-07-30 08:22 - 2012-04-29 01:08 - 00000000 ____D C:\WINDOWS\en
2016-07-30 08:22 - 2011-10-24 00:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hewlett-Packard Company
2016-07-30 08:22 - 2011-05-28 10:11 - 00000000 ____D C:\Users\Joel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2016-07-30 08:22 - 2011-04-23 12:24 - 00000000 ____D C:\WINDOWS\WindowsMobile
2016-07-30 08:22 - 2011-04-23 12:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-07-30 08:22 - 2011-04-13 00:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-07-30 08:22 - 2011-04-11 19:51 - 00000000 ____D C:\Users\Joel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP
2016-07-30 08:22 - 2011-04-11 02:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother HL-2070N
2016-07-30 08:22 - 2011-04-11 01:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\X-Win32 2010
2016-07-30 08:22 - 2011-04-11 00:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Media Vault Pro
2016-07-30 08:22 - 2009-07-14 03:49 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-07-30 08:20 - 2009-07-13 22:37 - 00000000 ____D C:\Users\Default.migrated
2016-07-30 08:14 - 2015-10-30 01:48 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-07-30 08:14 - 2015-10-30 01:48 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-07-30 08:14 - 2015-10-30 01:48 - 00000000 ____D C:\WINDOWS\system32\IME
2016-07-30 08:14 - 2011-04-10 22:51 - 00000000 ____D C:\WINDOWS\system32\SPReview
2016-07-30 08:14 - 2011-04-10 22:50 - 00000000 ____D C:\WINDOWS\system32\EventProviders
2016-07-30 08:12 - 2015-10-30 01:48 - 00000000 ____D C:\WINDOWS\System
2016-07-30 08:12 - 2015-10-30 01:48 - 00000000 ____D C:\WINDOWS\schemas
2016-07-30 08:12 - 2015-10-30 01:48 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-07-30 08:12 - 2015-10-30 01:48 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-07-30 08:12 - 2015-10-30 01:48 - 00000000 ____D C:\WINDOWS\Help
2016-07-30 08:12 - 2012-11-19 19:21 - 00000000 ____D C:\WINDOWS\system32\Adobe
2016-07-30 08:12 - 2011-09-07 17:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MATLAB
2016-07-30 08:12 - 2011-04-18 21:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serif Applications
2016-07-30 08:12 - 2011-04-11 01:49 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2016-07-30 08:11 - 2015-10-30 01:48 - 00000000 __SHD C:\Program Files\Windows Sidebar
2016-07-30 08:11 - 2015-10-30 01:48 - 00000000 ____D C:\Program Files\Common Files\System
2016-07-30 08:11 - 2015-10-30 01:48 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-07-30 08:11 - 2015-01-17 15:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\D-Link
2016-07-30 08:11 - 2014-02-12 19:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ford Motor Company
2016-07-30 08:11 - 2011-11-07 20:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Highresolution Enterprises
2016-07-30 08:11 - 2011-04-28 15:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
2016-07-30 08:11 - 2011-04-11 00:21 - 00000000 ____D C:\Program Files\Microsoft Games
2016-07-30 08:11 - 2009-07-14 00:52 - 00000000 ____D C:\Program Files\DVD Maker
2016-07-30 08:10 - 2009-07-13 22:37 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-07-30 08:09 - 2011-04-11 02:05 - 00000000 ____D C:\Users\Joel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SanDisk
2016-07-30 08:09 - 2011-04-11 01:38 - 00000000 ____D C:\Users\Joel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\X-Win32 2010
2016-07-30 08:02 - 2015-10-30 01:13 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-07-30 07:15 - 2009-07-14 00:34 - 00016928 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-30 07:15 - 2009-07-14 00:34 - 00016928 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-30 07:12 - 2016-04-27 01:52 - 00000000 ___HD C:\$WINDOWS.~BT
2016-07-27 15:25 - 2011-04-10 19:36 - 00406184 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-07-22 00:01 - 2011-05-02 13:58 - 00000000 ____D C:\Program Files\Java
2016-07-21 23:59 - 2016-02-18 19:26 - 00000000 ____D C:\Users\Joel\.oracle_jre_usage
2016-07-21 23:58 - 2014-09-10 22:38 - 00095808 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2016-07-21 23:16 - 2016-07-17 17:23 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-07-21 23:16 - 2012-05-04 13:55 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

==================== Files in the root of some directories =======

2015-12-04 20:39 - 2015-12-04 20:39 - 6420480 _____ () C:\Program Files\GUT25EC.tmp
2016-05-10 22:23 - 2016-05-10 22:23 - 6748160 _____ () C:\Program Files\GUTA226.tmp
2014-02-19 00:53 - 2014-02-19 00:53 - 0000000 _____ () C:\Users\Joel\AppData\Roaming\SharedSettings.ccs
2014-03-13 07:16 - 2014-03-13 07:16 - 0005911 _____ () C:\Users\Joel\AppData\Local\afnurowf
2014-03-13 06:50 - 2014-03-13 06:50 - 0005911 _____ () C:\Users\Joel\AppData\Local\eroxaqce
2014-02-21 21:14 - 2014-02-21 21:14 - 0085381 _____ () C:\Users\Joel\AppData\Local\kuxhtvlr.exe
2014-02-19 00:54 - 2014-02-19 00:54 - 0068161 _____ () C:\Users\Joel\AppData\Local\mrrbgjam
2014-03-13 12:16 - 2014-03-13 12:16 - 0005911 _____ () C:\Users\Joel\AppData\Local\mwnulxxm
2011-04-11 01:39 - 2011-04-30 17:05 - 0000600 _____ () C:\Users\Joel\AppData\Local\PUTTY.RND
2014-03-13 08:34 - 2014-03-13 08:34 - 0068465 _____ () C:\Users\Joel\AppData\Local\sgeeabxe
2014-02-19 00:55 - 2014-02-19 00:55 - 0012326 _____ () C:\Users\Joel\AppData\Local\tnmpsrkm
2014-03-13 08:47 - 2014-03-13 08:47 - 0005911 _____ () C:\Users\Joel\AppData\Local\vfjhsqtm

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

ATTENTION: ==> Could not access BCD.

LastRegBack: 2016-08-14 08:42

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-08-2016
Ran by Joel (17-08-2016 18:19:32)
Running from C:\Users\Joel\Desktop
Microsoft Windows 10 Pro Version 1511 (X86) (2016-07-30 12:50:47)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-763783208-265182315-1340191871-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-763783208-265182315-1340191871-503 - Limited - Disabled)
Guest (S-1-5-21-763783208-265182315-1340191871-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-763783208-265182315-1340191871-1002 - Limited - Enabled)
Joel (S-1-5-21-763783208-265182315-1340191871-1001 - Administrator - Enabled) => C:\Users\Joel

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{01E0A80A-97FD-4FC2-B75D-C754396CD255}\InprocServer32 -> C:\Users\Joel\AppData\Local\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Joel\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.25.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.27.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{156B30E4-2D3D-4257-A340-9BDD2E972E2E}\InprocServer32 -> C:\Users\Joel\AppData\Local\ATT Connect\Participant\Video2ActiveXWnd.OCX ()
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{2115F58A-CE09-47CC-A0B1-A8A2EC0C5423}\InprocServer32 -> C:\Users\Joel\AppData\Local\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{32E26FD9-F435-4A20-A561-35D4B987CFDC}\InprocServer32 -> C:\ProgramData\WebEx\WebEx\12_1524\atucfobj.dll (Cisco WebEx LLC)
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.23.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101710.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{48A60FE8-C446-4371-95EB-258B14DCC5AC}\InprocServer32 -> C:\Users\Joel\AppData\Local\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.30.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.31.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{5A31DC2C-BC50-4F71-93B8-2EC648404AF3}\InprocServer32 -> C:\Users\Joel\AppData\Local\ATT Connect\Participant\Video2ActiveXWnd.OCX ()
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.29.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{7949C823-54C6-40F0-8D85-2348247E6820}\InprocServer32 -> C:\Users\Joel\AppData\Local\ATT Connect\Utilities\IWMaterials.OCX (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{795B06EA-58E8-482C-AF11-A7E4E34DA16F}\InprocServer32 -> C:\Users\Joel\AppData\Local\ATT Connect\Participant\InstallDetect8557.OCX (Interwise)
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{7A162288-DE78-473C-A6BA-23FF17F768E9}\InprocServer32 -> C:\Users\Joel\AppData\Local\ATT Connect\Participant\AxWebInstaller8750.ocx (Interwise)
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{88BE9158-3A40-4907-B2F0-7E72496A9596}\InprocServer32 -> C:\Users\Joel\AppData\Local\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{8A3C5585-D1ED-4EC0-B3C4-94998094E5BB}\InprocServer32 -> C:\Users\Joel\AppData\Local\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{8CC82228-2200-4D22-9859-B762582F6D31}\InprocServer32 -> C:\Users\Joel\AppData\Local\ATT Connect\Participant\InstallDetect8557.OCX (Interwise)
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.21.165\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.26.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.29.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{CC9F903E-1C4B-4596-B410-982107EC4899}\InprocServer32 -> C:\Users\Joel\AppData\Local\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.25.11\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{DE471660-5535-47A8-949A-9DA95A72951F}\InprocServer32 -> C:\Users\Joel\AppData\Local\ATT Connect\Utilities\IWMaterials.OCX (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{E169D2B5-9411-47B9-A473-345A3FB57090}\InprocServer32 -> C:\Users\Joel\AppData\Local\ATT Connect\Participant\AxWebInstaller8750.ocx (Interwise)
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.31.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.22.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{F4A2332C-B453-4424-A142-AB9C51BAE2AF}\InprocServer32 -> C:\Users\Joel\AppData\Local\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{F8ACB9F2-2A7D-4261-AA37-A39448C23CAE}\InprocServer32 -> C:\Users\Joel\AppData\Local\ATT Connect\Participant\dsoframer.ocx (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.24.7\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{01E0A80A-97FD-4FC2-B75D-C754396CD255}\InprocServer32 -> C:\Users\Joel\AppData\Local\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Joel\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.25.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.27.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{156B30E4-2D3D-4257-A340-9BDD2E972E2E}\InprocServer32 -> C:\Users\Joel\AppData\Local\ATT Connect\Participant\Video2ActiveXWnd.OCX ()
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{2115F58A-CE09-47CC-A0B1-A8A2EC0C5423}\InprocServer32 -> C:\Users\Joel\AppData\Local\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{32E26FD9-F435-4A20-A561-35D4B987CFDC}\InprocServer32 -> C:\ProgramData\WebEx\WebEx\12_1524\atucfobj.dll (Cisco WebEx LLC)
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.23.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101710.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{48A60FE8-C446-4371-95EB-258B14DCC5AC}\InprocServer32 -> C:\Users\Joel\AppData\Local\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.30.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.31.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{5A31DC2C-BC50-4F71-93B8-2EC648404AF3}\InprocServer32 -> C:\Users\Joel\AppData\Local\ATT Connect\Participant\Video2ActiveXWnd.OCX ()
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.29.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{7949C823-54C6-40F0-8D85-2348247E6820}\InprocServer32 -> C:\Users\Joel\AppData\Local\ATT Connect\Utilities\IWMaterials.OCX (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{795B06EA-58E8-482C-AF11-A7E4E34DA16F}\InprocServer32 -> C:\Users\Joel\AppData\Local\ATT Connect\Participant\InstallDetect8557.OCX (Interwise)
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{7A162288-DE78-473C-A6BA-23FF17F768E9}\InprocServer32 -> C:\Users\Joel\AppData\Local\ATT Connect\Participant\AxWebInstaller8750.ocx (Interwise)
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{88BE9158-3A40-4907-B2F0-7E72496A9596}\InprocServer32 -> C:\Users\Joel\AppData\Local\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{8A3C5585-D1ED-4EC0-B3C4-94998094E5BB}\InprocServer32 -> C:\Users\Joel\AppData\Local\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{8CC82228-2200-4D22-9859-B762582F6D31}\InprocServer32 -> C:\Users\Joel\AppData\Local\ATT Connect\Participant\InstallDetect8557.OCX (Interwise)
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.21.165\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.26.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.29.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{CC9F903E-1C4B-4596-B410-982107EC4899}\InprocServer32 -> C:\Users\Joel\AppData\Local\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.25.11\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{DE471660-5535-47A8-949A-9DA95A72951F}\InprocServer32 -> C:\Users\Joel\AppData\Local\ATT Connect\Utilities\IWMaterials.OCX (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{E169D2B5-9411-47B9-A473-345A3FB57090}\InprocServer32 -> C:\Users\Joel\AppData\Local\ATT Connect\Participant\AxWebInstaller8750.ocx (Interwise)
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.31.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.22.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{F4A2332C-B453-4424-A142-AB9C51BAE2AF}\InprocServer32 -> C:\Users\Joel\AppData\Local\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{F8ACB9F2-2A7D-4261-AA37-A39448C23CAE}\InprocServer32 -> C:\Users\Joel\AppData\Local\ATT Connect\Participant\dsoframer.ocx (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.24.7\psuser.dll => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00DBB1CA-534E-4D58-B001-F3A418013E80} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0468D750-162F-4CE7-955C-AB39F8E19F1E} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {0E111119-23FF-4CC1-9BE3-218B6AEF5A3A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {11ADE20F-3871-4168-9A3E-CFBF36141350} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2016-08-02] (PC-Doctor, Inc.)
Task: {12B51F8E-2C61-4A17-BEDB-4A8EFE1036B5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {148D8AE8-42E0-42B2-A8A3-827E9FDD9DCD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [2015-06-16] (Safer-Networking Ltd.)
Task: {164A72BB-52EE-4D0F-ADC0-B44C1B3C49C8} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {187E6A5F-5395-407C-926F-CF1ABDDA8085} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {1908E14C-9879-4157-B6F4-CFF312BE09D2} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {21E7C475-7014-4163-B881-5488D07B73B4} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {23CB8F68-E0A3-4D54-9499-8A98001F0C7F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {2948931E-7850-480E-AD4D-2AA0674140EB} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2E592460-F389-45EA-8135-7F484A5A8B70} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {336E0E33-461A-4A62-B282-DEDA31D77F99} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {3835C75A-A464-4070-8A8A-317D2FB1A3EA} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {383A903F-82A6-4904-BA4D-99BC6EA83314} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {43123F67-3064-4DAA-A79F-5034B6F14004} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4EF6D392-EECE-425B-89A4-B1B29EC2E522} - System32\Tasks\{F279DBD8-A893-4F9B-8305-20FE05D880F3} => pcalua.exe -a "C:\Program Files\Virtual Dub\auxsetup.exe" -d "C:\Program Files\Virtual Dub"
Task: {545C5DBD-B744-4B6A-83C2-A3C4CEB04A37} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-763783208-265182315-1340191871-1001UA => C:\Users\Joel\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {57CB6437-BB86-41FA-80CC-2D07CB86B0F5} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {5A814989-8CC7-4196-B801-8192092F53D6} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {6A124A80-D8A0-4A5C-85F8-D7ABC1F6E7C3} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {756DE0A9-3ADB-4ACD-AE1D-165E1BFA3DE3} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {760893E8-5B57-4BE8-9927-0154FA09A060} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {811EB3A1-BF26-45B6-A795-2F19E269A317} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {89CAAF56-7A9B-4B34-BFF6-E0020C8C9CDD} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {8A86AC66-A65F-4BE6-AB7A-19E0241BE6D8} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-04-22] (Dell Inc.)
Task: {8AECECD5-7E09-4D9F-B783-147EDC3C4C91} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-17] (Adobe Systems Incorporated)
Task: {9130AE2B-8BB9-4979-B3D0-675E035813E2} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9967F2D2-77B9-4446-8B50-6817ACB037FC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {9E50469D-3E35-4877-A0E8-F789A51EF52C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {9F3C31C4-FC4D-4C49-A95E-958104640266} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A26D7BA3-7EC8-4B4B-BC02-CDE9435BD733} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A61AFAB8-7770-4C55-9485-67F2E90F013D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-763783208-265182315-1340191871-1001Core => C:\Users\Joel\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {A95F8C46-F9F4-411A-97D7-7D54FD8543D5} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {AF124E66-1AA4-4667-96DB-1406591D7F5F} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {B2EE9B7E-7FCE-47FF-9210-9302F24ABADF} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {BD546E9E-C8F3-459A-8125-A2F4E7053B3F} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {BF198548-FDF6-4C99-BC32-620A94D746EF} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C02F39EC-4846-4B76-AA37-D48F263A4223} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {C57D477C-DF97-48E0-AE2B-F5E974B62DE4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {C5A8CE60-FBAF-4A01-BE2B-B9B88A162CEB} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {C6A706CC-E9DF-4258-907C-F1874F83FAEC} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {C6E44076-63F1-4033-94E8-6B5DD2AE5C2B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {C7220F49-DDB2-41BE-8479-3A17D9BF457B} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D006ED15-8B39-4CF5-9012-7365DD00B69C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {D667F510-6491-4965-97AC-151D310F8031} - System32\Tasks\{647FC108-C1F5-4DBF-83C3-E48F01BC69E6} => pcalua.exe -a "C:\Program Files\StarNet\X-Win32 2010\xwin32.exe" -d "C:\Program Files\StarNet\X-Win32 2010"
Task: {DAF89331-2885-4D44-814F-7A46C6E10BF4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {DBB29E67-2F1C-42FD-8693-45EA32D3E09B} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {DE8453CD-C1CD-44D1-B52B-A364857FE8BD} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E28A5E16-0C46-430A-8D68-1DA8F41F8A43} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {E632DE41-73D8-4327-BB06-BF2E8F4B0A24} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {E7A25411-9180-47CC-9DC6-A0096C0CE6BB} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {F069C3C9-079A-4D33-9E21-DEFC29254585} - System32\Tasks\iolo System Checkup => C:\ProgramData\iolo\scustask.lnk [Argument = /toaster]
Task: {F4284CB7-5635-405C-BF61-F30C2AB0A243} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {FD839721-64F9-40F3-A86F-10C8D73E208A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-763783208-265182315-1340191871-1001Core.job => C:\Users\Joel\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-763783208-265182315-1340191871-1001UA.job => C:\Users\Joel\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Joel\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.com

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 01:44 - 2015-10-30 01:44 - 00022528 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2014-12-27 22:50 - 2014-05-20 15:01 - 00048640 _____ () C:\WINDOWS\System32\sdtnpm.dll
2014-12-27 22:50 - 2014-05-20 15:01 - 00048640 _____ () C:\WINDOWS\System32\sdtnpm.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00080184 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00080184 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-07-05 15:23 - 2016-07-05 15:23 - 01041208 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-01-17 15:14 - 2010-07-12 15:39 - 00053248 _____ () C:\Program Files\D-Link\DWA-566\ANIWConnService.exe
2015-01-17 15:14 - 2010-07-12 15:39 - 00053248 _____ () C:\Program Files\D-Link\DWA-566\ANIWConnService.exe
2015-09-20 12:29 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-09-20 12:29 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-09-20 12:29 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2015-09-20 12:29 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2016-08-02 10:52 - 2016-06-14 16:03 - 00310720 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-08-02 10:52 - 2016-06-14 16:03 - 00220608 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-08-02 10:52 - 2016-06-14 16:03 - 00900032 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-08-02 10:52 - 2016-06-14 16:03 - 03037120 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-08-02 10:52 - 2016-06-14 16:03 - 02122688 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-08-02 10:52 - 2016-06-14 16:03 - 01608128 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-08-02 10:52 - 2016-06-14 16:03 - 01502656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-08-02 10:52 - 2016-06-14 16:03 - 00167872 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2015-10-30 01:44 - 2015-10-30 01:44 - 00149504 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 01862008 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00471552 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00471552 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-30 09:31 - 2016-07-30 09:32 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-07-30 09:31 - 2016-07-30 09:32 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-07-30 09:31 - 2016-07-30 09:32 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-07-30 09:31 - 2016-07-30 09:32 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 01862008 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 01862008 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-08-01 16:33 - 2016-08-01 16:33 - 00679624 _____ () C:\Users\Joel\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
2016-08-01 16:33 - 2016-08-01 16:33 - 00679624 _____ () C:\Users\Joel\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
2016-04-08 21:14 - 2013-08-29 03:09 - 00158208 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl
2016-04-08 21:14 - 2013-08-01 05:36 - 00038400 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSLogging.gtl
2016-04-08 21:14 - 2013-08-29 03:09 - 00173568 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\Settings.gtl
2016-04-08 21:14 - 2013-08-01 05:36 - 00080384 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSEncryption.gtl
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-04-08 21:14 - 2013-08-29 03:09 - 00605696 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSBackupManager.gtl
2016-04-08 21:14 - 2013-08-29 03:09 - 00605696 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSBackupManager.gtl
2016-04-08 21:14 - 2013-08-29 03:09 - 00397824 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSIndexDB.gtl
2016-04-08 21:14 - 2013-08-29 03:09 - 00397824 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSIndexDB.gtl
2016-04-08 21:14 - 2012-02-02 05:16 - 00923136 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\sqlite3.gtl
2016-04-08 21:14 - 2012-02-02 05:16 - 00923136 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\sqlite3.gtl
2016-04-08 21:14 - 2013-02-03 07:40 - 00010752 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\RWLock.gtl
2016-04-08 21:14 - 2013-02-03 07:40 - 00010752 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\RWLock.gtl
2016-04-08 21:14 - 2013-08-29 03:09 - 00303104 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSWatcher4.gtl
2016-04-08 21:14 - 2013-08-29 03:09 - 00303104 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSWatcher4.gtl
2016-04-08 21:14 - 2013-08-29 03:09 - 00282624 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\OnlineHandler.gtl
2016-04-08 21:14 - 2013-08-29 03:09 - 00282624 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\OnlineHandler.gtl
2016-04-08 21:14 - 2013-08-29 03:09 - 00045056 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSLogManager.gtl
2016-04-08 21:14 - 2013-08-29 03:09 - 00045056 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSLogManager.gtl
2016-04-08 21:14 - 2013-08-29 03:09 - 00071168 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\QueueManager.gtl
2016-04-08 21:14 - 2013-08-29 03:09 - 00071168 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\QueueManager.gtl
2016-04-08 21:14 - 2013-02-03 07:40 - 00009728 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\VSSEngine_Proxy.gtl
2016-04-08 21:14 - 2013-02-03 07:40 - 00009728 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\VSSEngine_Proxy.gtl
2016-04-08 21:14 - 2013-08-01 05:36 - 00043008 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSLibrariesManager.gtl
2013-02-03 05:21 - 2013-02-03 05:21 - 00038912 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\pcre.dll
2016-04-08 21:14 - 2013-08-01 05:36 - 00043008 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSLibrariesManager.gtl
2013-02-03 05:21 - 2013-02-03 05:21 - 00090112 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\pcrebase.dll
2013-02-03 05:21 - 2013-02-03 05:21 - 00090112 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\pcrebase.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2016-04-27 00:11 - 2016-04-27 00:11 - 00070656 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00316416 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2014-06-18 04:46 - 2014-06-18 04:46 - 01420864 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GenieTimelineAgent.exe
2013-08-29 03:09 - 2013-08-29 03:09 - 00059392 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\XBalloonMsgDll.dll
2013-08-29 03:09 - 2013-08-29 03:09 - 00071168 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\QueueManager.dll
2013-08-29 03:09 - 2013-08-29 03:09 - 00173568 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\Settings.dll
2013-08-29 03:09 - 2013-08-29 03:09 - 00397824 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSIndexDB.dll
2013-08-01 05:36 - 2013-08-01 05:36 - 00038400 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSLogging.dll
2013-08-01 05:36 - 2013-08-01 05:36 - 00043008 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSLibrariesManager.dll
2013-08-01 05:36 - 2013-08-01 05:36 - 00043008 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSLibrariesManager.dll
2013-08-29 03:09 - 2013-08-29 03:09 - 00282624 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\OnlineHandler.dll
2012-02-02 05:16 - 2012-02-02 05:16 - 00923136 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\sqlite3.dll
2013-08-01 05:36 - 2013-08-01 05:36 - 00080384 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSEncryption.dll
2013-02-03 07:40 - 2013-02-03 07:40 - 00010752 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\RWLock.dll
2013-08-01 05:36 - 2013-08-01 05:36 - 00072704 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSCurl.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 05340160 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00696832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 02366976 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 02656768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-07-30 11:50 - 2016-07-30 11:50 - 00414720 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.NodeWinrtWrap.dll
2015-10-30 01:45 - 2016-04-27 00:20 - 00031232 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\winrt-projections\bin\Winrt_Projections.node
2015-10-30 01:45 - 2016-04-27 00:20 - 00528896 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http\bin\NodeRT_Windows_Web_Http.node
2015-10-30 01:45 - 2016-04-27 00:20 - 00528896 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http\bin\NodeRT_Windows_Web_Http.node
2015-10-30 01:45 - 2016-04-27 00:20 - 00663552 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.headers\bin\NodeRT_Windows_Web_Http_Headers.node
2015-10-30 01:45 - 2016-04-27 00:20 - 00152064 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.filters\bin\NodeRT_Windows_Web_Http_Filters.node
2015-10-30 01:45 - 2016-04-27 00:20 - 00663552 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.headers\bin\NodeRT_Windows_Web_Http_Headers.node
2015-10-30 01:45 - 2016-04-27 00:20 - 00383488 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.storage.streams\bin\NodeRT_Windows_Storage_Streams.node
2015-10-30 01:45 - 2016-04-27 00:20 - 00274432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.foundation\bin\NodeRT_Windows_Foundation.node
2015-10-30 01:45 - 2016-04-27 00:20 - 00132608 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\nodert-buffer-utils\bin\NodeRT_Buffer_Utils.node
2015-10-30 01:45 - 2016-04-27 00:20 - 00072192 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.security.cryptography\bin\NodeRT_Windows_Security_Cryptography.node
2015-10-30 01:45 - 2016-04-27 00:20 - 00151040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.cortana.pal\bin\NodeRT_Windows_Cortana_PAL.node
2016-07-30 08:00 - 2016-01-29 06:14 - 00121792 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2016-08-02 10:52 - 2016-06-14 16:03 - 00018880 _____ () C:\Program Files\NVIDIA Corporation\Update Core\detoured.dll
2016-07-05 15:23 - 2016-07-05 15:23 - 00244536 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll
2013-08-29 03:09 - 2013-08-29 03:09 - 00605696 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSBackupManager.dll
2013-08-29 03:09 - 2013-08-29 03:09 - 00303104 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSWatcher4.dll
2013-08-29 03:09 - 2013-08-29 03:09 - 00045056 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSLogManager.dll
2013-02-03 07:40 - 2013-02-03 07:40 - 00009728 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\VSSEngine_Proxy.dll
2016-08-02 10:52 - 2016-06-14 16:03 - 00031680 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-08-02 10:52 - 2016-06-14 16:03 - 00749504 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2016-08-02 10:52 - 2016-06-14 16:03 - 00015808 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\icudt53.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:054203E4 [278]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:04 - 2009-06-10 17:39 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-763783208-265182315-1340191871-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Joel\AppData\Local\Microsoft\BingDesktop\en-US\Apps\Wallpaper_5386c77076d04cf9a8b5d619b4cba48e\VersionIndependent\images\59174.jpg
HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Joel\AppData\Local\Microsoft\BingDesktop\en-US\Apps\Wallpaper_5386c77076d04cf9a8b5d619b4cba48e\VersionIndependent\images\59174.jpg
DNS Servers: 4.2.2.3 - 4.2.2.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GoPro Importer.lnk => C:\Windows\pss\GoPro Importer.lnk.CommonStartup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup
MSCONFIG\startupreg: D-Link D-Link DWA-566 => C:\Program Files\D-Link\DWA-566\AirNCFG.exe
MSCONFIG\startupreg: Google Photos Backup => "C:\Users\Joel\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe" /autostart
MSCONFIG\startupreg: HPMVTray => "C:\Program Files\Hewlett-Packard\HP Media Vault Pro\HPMVTray.exe"
MSCONFIG\startupreg: iCloudServices => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: SDTray => "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Joel\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: Windows Mobile Device Center => C:\Windows\WindowsMobile\wmdc.exe
HKLM\...\StartupApproved\Run: => "APSDaemon"
HKLM\...\StartupApproved\Run: => "QuickTime Plugin Install"
HKLM\...\StartupApproved\Run: => "HP Software Update"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run: => "BCSSync"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKU\S-1-5-21-763783208-265182315-1340191871-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_0F9F0B6353EE033798AF90928A2DFDFC"
HKU\S-1-5-21-763783208-265182315-1340191871-1001\...\StartupApproved\Run: => "B70C978E0D8686DFA1B56EEE8DDD560C8E84B941._service_run"
HKU\S-1-5-21-763783208-265182315-1340191871-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-763783208-265182315-1340191871-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-763783208-265182315-1340191871-1001\...\StartupApproved\Run: => "BingSvc"
HKU\S-1-5-21-763783208-265182315-1340191871-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-763783208-265182315-1340191871-1001\...\StartupApproved\Run: => "NETGEARGenie"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-32bit] => (Allow) LPort=808
FirewallRules: [{0465EE08-2B9D-4C90-94EA-665CEEBA3C66}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2752F901-80AF-49EA-A0D0-A3D14349BF5D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [UDP Query User{EB8F5E17-2256-4462-A803-410C783170DE}C:\program files\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files\netgear genie\bin\netgeargenie.exe
FirewallRules: [TCP Query User{2C283E8F-7E7F-4D8A-8EDF-C1B4F3B14B9F}C:\program files\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files\netgear genie\bin\netgeargenie.exe
FirewallRules: [{82554509-6626-4F04-914A-C89DA5884A01}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{AAC73833-111D-46A9-84D1-7B3590A4F074}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{5F2C213B-02C4-49B7-95A6-A0CB1330DACE}C:\users\joel\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\joel\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{BB2F3E9C-4689-437F-90F5-10FF8F0E7DC3}C:\users\joel\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\joel\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{77A38AFA-17E0-4F9F-A5F3-353974E5ADC9}C:\users\joel\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\joel\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{FEAB1BDF-5191-4866-8189-A1D435548FB4}C:\users\joel\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\joel\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{6D236048-93EF-4051-A4A7-E12D024D6C47}C:\users\joel\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\joel\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{6E4186F5-CC51-44BA-BE9A-112D40BADA99}C:\users\joel\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\joel\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [{E5FAC8A7-40E4-471D-946A-DD148D149F34}] => (Allow) C:\Program Files\MR APP\MRAPP.Event.Service.exe
FirewallRules: [{90708CC9-99ED-4C01-BAA1-266A3CA1D4CD}] => (Allow) C:\Program Files\MR APP\MRAPP.Transfer.Service.exe
FirewallRules: [{A43DE462-75AE-4E13-AF08-7054714E511C}] => (Allow) C:\Program Files\MR APP\MRAPP.UI.exe
FirewallRules: [{72210C89-E4BB-4956-BCF9-69F7750DCBF6}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{6AFE9CD2-087A-4BA3-864D-CA486566F212}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{5BE45B95-E615-4C08-A814-7507900E14C9}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{A52269A1-B985-4A62-AA8B-6C13D439D2DB}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{0E24C7BE-4A17-4D49-A550-EA71003CC698}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{4BD0BB2F-A107-463C-8545-3898B0828B87}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{70EA02EA-C4BC-438E-97EB-AC5BD58167B7}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{2BA1473A-77D1-40CF-984C-771ACF4661F9}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{F8B66636-72CF-4DE4-B174-DC6EE8619142}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [UDP Query User{29DB5A53-AC33-4A2B-8DC3-68F7E473A10A}C:\program files\spybot - search & destroy 2\sdupdate.exe] => (Allow) C:\program files\spybot - search & destroy 2\sdupdate.exe
FirewallRules: [TCP Query User{53418EA9-CDFD-4ACE-9C28-2B29A2114EA8}C:\program files\spybot - search & destroy 2\sdupdate.exe] => (Allow) C:\program files\spybot - search & destroy 2\sdupdate.exe
FirewallRules: [UDP Query User{3FF07F8B-EECB-4300-9BBF-63F82BCE9F45}C:\program files\z-firm llc\shiprush v10\shiprush.exe] => (Allow) C:\program files\z-firm llc\shiprush v10\shiprush.exe
FirewallRules: [TCP Query User{DD496246-1635-44CA-870A-0ADF1291BBD7}C:\program files\z-firm llc\shiprush v10\shiprush.exe] => (Allow) C:\program files\z-firm llc\shiprush v10\shiprush.exe
FirewallRules: [{7492D7CA-4BE3-4497-B2FE-FF2AEB19B4C2}] => (Allow) C:\Program Files\Windows Live\Mesh\MOE.exe
FirewallRules: [{09BD3020-C302-4949-90BD-C9EFA548847D}] => (Allow) LPort=1900
FirewallRules: [{54F7D11D-0A8B-43B5-B924-9C01E224A849}] => (Allow) LPort=2869
FirewallRules: [{591C7B2F-0473-4807-9330-07A49077B39F}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [UDP Query User{E566EF48-39C9-45D9-8A46-7051F3420816}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{74817B63-868B-4599-82C5-3A135889104E}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [{42590424-D8AB-4905-97BD-C8C64E9DE3E6}] => (Allow) LPort=26675
FirewallRules: [{0BF472A9-4630-416D-9532-83FDD8695885}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{7C6CF7EB-F37A-46C4-849F-B3208A504346}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [UDP Query User{3CB89BF9-FEEA-422C-B8CE-4B132E7B7F51}C:\program files\hewlett-packard\hp media vault pro\nasselector.exe] => (Allow) C:\program files\hewlett-packard\hp media vault pro\nasselector.exe
FirewallRules: [TCP Query User{EED81577-9D2D-48FA-804D-196408C5C0C2}C:\program files\hewlett-packard\hp media vault pro\nasselector.exe] => (Allow) C:\program files\hewlett-packard\hp media vault pro\nasselector.exe
FirewallRules: [UDP Query User{CC83DA11-AEAB-4396-AF18-B101F7AC75DD}C:\program files\hewlett-packard\hp media vault pro\hpmvtray.exe] => (Block) C:\program files\hewlett-packard\hp media vault pro\hpmvtray.exe
FirewallRules: [TCP Query User{852B3A7B-7DD2-4C6C-B2D2-AB42FB8F0E9C}C:\program files\hewlett-packard\hp media vault pro\hpmvtray.exe] => (Block) C:\program files\hewlett-packard\hp media vault pro\hpmvtray.exe
FirewallRules: [UDP Query User{4AD85381-65C6-4576-A4FA-81047429A5C3}C:\program files\starnet\x-win32 2010\xwin32.exe] => (Allow) C:\program files\starnet\x-win32 2010\xwin32.exe
FirewallRules: [TCP Query User{565C7800-6673-445E-9A9D-D2438C40CCAE}C:\program files\starnet\x-win32 2010\xwin32.exe] => (Allow) C:\program files\starnet\x-win32 2010\xwin32.exe
FirewallRules: [UDP Query User{DA862371-D71A-465C-B25A-E01200D56790}C:\program files\starnet\x-win32 2010\esd.exe] => (Allow) C:\program files\starnet\x-win32 2010\esd.exe
FirewallRules: [TCP Query User{C3BD86E6-947E-4925-A4B7-9D8A9158CE78}C:\program files\starnet\x-win32 2010\esd.exe] => (Allow) C:\program files\starnet\x-win32 2010\esd.exe
FirewallRules: [UDP Query User{273A6E48-A292-4B30-A3A2-C361F3F09EE8}C:\program files\hewlett-packard\hp media vault pro\hpmvtray.exe] => (Allow) C:\program files\hewlett-packard\hp media vault pro\hpmvtray.exe
FirewallRules: [TCP Query User{146A1D7E-7054-4A36-8DA8-C1716C13E02B}C:\program files\hewlett-packard\hp media vault pro\hpmvtray.exe] => (Allow) C:\program files\hewlett-packard\hp media vault pro\hpmvtray.exe
FirewallRules: [{6EF0D530-9284-477C-AF3B-AF5EE4960BD7}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{104EA034-8DF2-4AB2-8B54-3C33828056D2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{A5644947-32A2-4A05-B911-446CD91427A7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{31E79B29-5258-46F6-A4D5-139EC695DC96}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{6DC1AA39-85C7-4B88-BDAA-B66EAC0B96E3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{360FA39F-EC29-425C-B7F4-C05954775791}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{25D3D6B8-720E-4CF7-A87C-0F37B3633380}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{8706DA32-68B4-4C91-B1A1-F976DBC7B518}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\HP Media Vault Pro\NASCfg.exe] => Enabled:HP Media Vault Configuration
DomainProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\HP Media Vault Pro\NASDriveMapper.exe] => Enabled:HP Media Vault DriveMapper
DomainProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\HP Media Vault Pro\HPMVTray.exe] => Enabled:HP Media Vault Monitor
DomainProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\HP Media Vault Pro\NASSelector.exe] => Enabled:HP Media Vault Selector
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\HP Media Vault Pro\NASDriveMapper.exe] => Enabled:HP Media Vault DriveMapper
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\HP Media Vault Pro\NASCfg.exe] => Enabled:HP Media Vault Configuration
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\HP Media Vault Pro\HPMVTray.exe] => Enabled:HP Media Vault Monitor
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\HP Media Vault Pro\NASSelector.exe] => Enabled:HP Media Vault Selector
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

15-08-2016 07:28:06 pre SpyBot Rootkit removal, post USB Host removal

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (08/17/2016 06:06:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GenieTimelineService.exe, version: 4.0.3.300, time stamp: 0x521dbb61
Faulting module name: ntdll.dll, version: 10.0.10586.306, time stamp: 0x571af2dc
Exception code: 0xc0000005
Fault offset: 0x00026889
Faulting process id: 0xeb4
Faulting application start time: 0xGenieTimelineService.exe0
Faulting application path: GenieTimelineService.exe1
Faulting module path: GenieTimelineService.exe2
Report Id: GenieTimelineService.exe3
Faulting package full name: GenieTimelineService.exe4
Faulting package-relative application ID: GenieTimelineService.exe5

Error: (08/16/2016 05:48:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.10586.0, time stamp: 0x5632d899
Faulting module name: combase.dll, version: 10.0.10586.103, time stamp: 0x56a84cbb
Exception code: 0xc000027b
Fault offset: 0x00166fb1
Faulting process id: 0x22d4
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5

Error: (08/16/2016 05:44:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NvStreamUserAgent.exe, version: 7.1.2084.9592, time stamp: 0x57605b0b
Faulting module name: ntdll.dll, version: 10.0.10586.306, time stamp: 0x571af2dc
Exception code: 0xc0000005
Fault offset: 0x0004aeb3
Faulting process id: 0x3454
Faulting application start time: 0xNvStreamUserAgent.exe0
Faulting application path: NvStreamUserAgent.exe1
Faulting module path: NvStreamUserAgent.exe2
Report Id: NvStreamUserAgent.exe3
Faulting package full name: NvStreamUserAgent.exe4
Faulting package-relative application ID: NvStreamUserAgent.exe5

Error: (08/16/2016 05:43:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GenieTimelineService.exe, version: 4.0.3.300, time stamp: 0x521dbb61
Faulting module name: ntdll.dll, version: 10.0.10586.306, time stamp: 0x571af2dc
Exception code: 0xc0000005
Fault offset: 0x00026889
Faulting process id: 0x34a4
Faulting application start time: 0xGenieTimelineService.exe0
Faulting application path: GenieTimelineService.exe1
Faulting module path: GenieTimelineService.exe2
Report Id: GenieTimelineService.exe3
Faulting package full name: GenieTimelineService.exe4
Faulting package-relative application ID: GenieTimelineService.exe5

Error: (08/16/2016 08:21:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NvStreamUserAgent.exe, version: 7.1.2084.9592, time stamp: 0x57605b0b
Faulting module name: ntdll.dll, version: 10.0.10586.306, time stamp: 0x571af2dc
Exception code: 0xc0000005
Fault offset: 0x0004aeb3
Faulting process id: 0x274
Faulting application start time: 0xNvStreamUserAgent.exe0
Faulting application path: NvStreamUserAgent.exe1
Faulting module path: NvStreamUserAgent.exe2
Report Id: NvStreamUserAgent.exe3
Faulting package full name: NvStreamUserAgent.exe4
Faulting package-relative application ID: NvStreamUserAgent.exe5

Error: (08/16/2016 08:20:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GenieTimelineService.exe, version: 4.0.3.300, time stamp: 0x521dbb61
Faulting module name: ntdll.dll, version: 10.0.10586.306, time stamp: 0x571af2dc
Exception code: 0xc0000005
Fault offset: 0x00026889
Faulting process id: 0x428
Faulting application start time: 0xGenieTimelineService.exe0
Faulting application path: GenieTimelineService.exe1
Faulting module path: GenieTimelineService.exe2
Report Id: GenieTimelineService.exe3
Faulting package full name: GenieTimelineService.exe4
Faulting package-relative application ID: GenieTimelineService.exe5

Error: (08/15/2016 07:42:03 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.

Error: (08/15/2016 07:29:33 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.

Error: (08/15/2016 07:29:33 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.

Error: (08/15/2016 07:29:32 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.

System errors:
=============
Error: (08/17/2016 06:09:48 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the GenieTimelineService service.

Error: (08/17/2016 06:09:18 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the GenieTimelineService service.

Error: (08/17/2016 06:08:48 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the GenieTimelineService service.

Error: (08/17/2016 06:08:18 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the GenieTimelineService service.

Error: (08/17/2016 06:07:48 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the GenieTimelineService service.

Error: (08/17/2016 06:07:18 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the GenieTimelineService service.

Error: (08/17/2016 06:06:48 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the GenieTimelineService service.

Error: (08/17/2016 06:06:18 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the GenieTimelineService service.

Error: (08/17/2016 08:07:18 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Genie Timeline Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (08/17/2016 07:46:13 AM) (Source: Service Control Manager) (EventID: 7046) (User: )
Description: The following service has repeatedly stopped responding to service control requests: Genie Timeline Service

Contact the service vendor or the system administrator about whether to disable this service until the problem is identified.

You may have to restart the computer in safe mode before you can disable the service.

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 CPU 6420 @ 2.13GHz
Percentage of memory in use: 75%
Total physical RAM: 3069.92 MB
Available physical RAM: 748.61 MB
Total Virtual: 6141.92 MB
Available Virtual: 2383.67 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:287.93 GB) (Free:21.07 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:5.87 GB) NTFS
Drive e: (APBelt_QMP_2008) (CDROM) (Total:4.2 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 80000000)
Partition 1: (Not Active) - (Size=63 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=287.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2016-08-17 18:19:34
-----------------------------
18:19:34.415 OS Version: Windows 6.2.9200
18:19:34.415 Number of processors: 2 586 0xF06
18:19:34.431 ComputerName: DELL-XPS410 UserName: Joel
18:20:28.063 Initialize success
18:20:28.232 VM: initialized successfully
18:20:28.232 VM: Intel CPU BiosDisabled
18:27:02.949 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000021
18:27:02.965 Disk 0 Vendor: WDC_WD3200AAKS-75SBA0 12.01B01 Size: 305245MB BusType: 8
18:27:03.767 Disk 0 MBR read successfully
18:27:03.767 Disk 0 MBR scan
18:27:03.767 Disk 0 Windows 7 default MBR code
18:27:03.798 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 62 MB offset 63
18:27:03.820 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 129024
18:27:03.867 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 21100544
18:27:03.920 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 294841 MB offset 21305344
18:27:03.952 Disk 0 scanning sectors +625139712
18:27:04.368 Disk 0 scanning C:\WINDOWS\system32\drivers
18:28:14.151 Service scanning
18:29:02.999 Modules scanning
18:29:03.005 Disk 0 trace - called modules:
18:29:03.068 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys halmacpi.dll iaStorAV.sys
18:29:03.068 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8afd39c0]
18:29:03.083 3 CLASSPNP.SYS[82c24f25] -> nt!IofCallDriver -> \Device\00000021[0x8a3e9030]
18:29:03.083 Disk 0 statistics 105409/0/0 @ 0.76 MB/s
18:29:03.083 Scan finished successfully
18:34:52.778 Disk 0 MBR has been saved successfully to "C:\Users\Joel\Desktop\MBR.dat"
18:34:52.847 The log file has been saved successfully to "C:\Users\Joel\Desktop\aswMBR.txt"

**Juliet** · 2016-08-18, 22:56

For the time being can you please uninstall/delete from installed programs
Java, it's an outdated version and vulnerable.

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

start
CreateRestorePoint:
CloseProcesses:
GroupPolicyScripts: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-763783208-265182315-1340191871-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-07-21] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-21] (Oracle Corporation)
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-21] (Oracle Corporation)
CHR Plugin: (Native Client) - C:\Users\Joel\AppData\Local\Google\Chrome\Application\52.0.2743.116\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Joel\AppData\Local\Google\Chrome\Application\52.0.2743.116\pdf.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.450.18) - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll => No File
CHR Plugin: (Java(TM) Platform SE 7 U45) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Google Update) - C:\Users\Joel\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll => No File
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.25.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.27.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.23.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.30.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.29.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.21.165\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.26.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.29.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.25.11\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.22.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.24.7\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.25.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.27.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.30.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.29.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.21.165\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.25.11\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.22.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.24.7\psuser.dll => No File
Task: {187E6A5F-5395-407C-926F-CF1ABDDA8085} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {23CB8F68-E0A3-4D54-9499-8A98001F0C7F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {2E592460-F389-45EA-8135-7F484A5A8B70} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {336E0E33-461A-4A62-B282-DEDA31D77F99} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {3835C75A-A464-4070-8A8A-317D2FB1A3EA} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {5A814989-8CC7-4196-B801-8192092F53D6} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {756DE0A9-3ADB-4ACD-AE1D-165E1BFA3DE3} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {811EB3A1-BF26-45B6-A795-2F19E269A317} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {89CAAF56-7A9B-4B34-BFF6-E0020C8C9CDD} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTIONTask: {9967F2D2-77B9-4446-8B50-6817ACB037FC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {9E50469D-3E35-4877-A0E8-F789A51EF52C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {A95F8C46-F9F4-411A-97D7-7D54FD8543D5} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {BD546E9E-C8F3-459A-8125-A2F4E7053B3F} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {C57D477C-DF97-48E0-AE2B-F5E974B62DE4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {DBB29E67-2F1C-42FD-8693-45EA32D3E09B} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {E28A5E16-0C46-430A-8D68-1DA8F41F8A43} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {F4284CB7-5635-405C-BF61-F30C2AB0A243} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:054203E4 [278]
EmptyTemp:
End

Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
~~~~~~~~~~~~~~~~~~~`

AdwCleaner

Please download AdwCleaner and save the file to your Desktop.
In order to use AdwCleaner, you have to agree the Eula:
Right-click AdwCleaner.exe and select Run as administrator to run the programme.
Follow the prompts.
Click Scan.
Upon completion, click Logfile. A log (AdwCleaner[S1].txt) will open. Briefly check the log for anything you know to be legitimate.
Return to AdwCleaner. Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab.
Click Clean.
Follow the prompts and allow your computer to reboot.
After the reboot, a log (AdwCleaner[C1].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and folder backups are made for items removed using this programme. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[C1].txt.

~~

Please download Junkware Removal Tool
or from here http://downloads.malwarebytes.org/file/jrt
to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

~~~
please post
Fixlog.txt
AdwCleaner[C1].txt
JRT.txt

**Bdole** · 2016-08-20, 14:20

Ok! Java and DriverFinder deleted. Below are the three log files.

Thanks again for the continued help!

Fix result of Farbar Recovery Scan Tool (x86) Version: 17-08-2016
Ran by Joel (18-08-2016 18:51:21) Run:1
Running from C:\Users\Joel\Desktop
Loaded Profiles: Joel & (Available Profiles: Joel)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
GroupPolicyScripts: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-763783208-265182315-1340191871-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-07-21] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-21] (Oracle Corporation)
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-21] (Oracle Corporation)
CHR Plugin: (Native Client) - C:\Users\Joel\AppData\Local\Google\Chrome\Application\52.0.2743.116\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Joel\AppData\Local\Google\Chrome\Application\52.0.2743.116\pdf.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.450.18) - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll => No File
CHR Plugin: (Java(TM) Platform SE 7 U45) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Google Update) - C:\Users\Joel\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll => No File
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.25.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.27.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.23.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.30.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.29.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.21.165\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.26.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.29.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.25.11\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.22.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.24.7\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.25.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.27.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.30.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.29.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.21.165\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.25.11\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.22.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Joel\AppData\Local\Google\Update\1.3.24.7\psuser.dll => No File
Task: {187E6A5F-5395-407C-926F-CF1ABDDA8085} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {23CB8F68-E0A3-4D54-9499-8A98001F0C7F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {2E592460-F389-45EA-8135-7F484A5A8B70} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {336E0E33-461A-4A62-B282-DEDA31D77F99} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {3835C75A-A464-4070-8A8A-317D2FB1A3EA} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {5A814989-8CC7-4196-B801-8192092F53D6} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {756DE0A9-3ADB-4ACD-AE1D-165E1BFA3DE3} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {811EB3A1-BF26-45B6-A795-2F19E269A317} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {89CAAF56-7A9B-4B34-BFF6-E0020C8C9CDD} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTIONTask: {9967F2D2-77B9-4446-8B50-6817ACB037FC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {9E50469D-3E35-4877-A0E8-F789A51EF52C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {A95F8C46-F9F4-411A-97D7-7D54FD8543D5} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {BD546E9E-C8F3-459A-8125-A2F4E7053B3F} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {C57D477C-DF97-48E0-AE2B-F5E974B62DE4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {DBB29E67-2F1C-42FD-8693-45EA32D3E09B} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {E28A5E16-0C46-430A-8D68-1DA8F41F8A43} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {F4284CB7-5635-405C-BF61-F30C2AB0A243} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:054203E4 [278]
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-763783208-265182315-1340191871-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key not found.
"HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found.
"HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully.
HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.101.2 => key not found.
C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll => not found.
HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.101.2 => key not found.
C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll => not found.
C:\Users\Joel\AppData\Local\Google\Chrome\Application\52.0.2743.116\ppGoogleNaClPluginChrome.dll => not found.
C:\Users\Joel\AppData\Local\Google\Chrome\Application\52.0.2743.116\pdf.dll => not found.
C:\Program Files\QuickTime\plugins\npqtplugin.dll => not found.
C:\Program Files\QuickTime\plugins\npqtplugin2.dll => not found.
C:\Program Files\QuickTime\plugins\npqtplugin3.dll => not found.
C:\Program Files\QuickTime\plugins\npqtplugin4.dll => not found.
C:\Program Files\QuickTime\plugins\npqtplugin5.dll => not found.
C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll => not found.
C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll => not found.
C:\Users\Joel\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll => not found.
C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll => not found.
c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll => not found.
idsvc => service removed successfully.
wpcsvc => service removed successfully.
HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208} => key not found.
HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448} => key not found.
HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1} => key not found.
HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856} => key not found.
HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E} => key not found.
HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98} => key not found.
HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247} => key not found.
HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8} => key not found.
HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61} => key not found.
HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB} => key not found.
HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A} => key not found.
HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2} => key not found.
HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9} => key not found.
HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF} => key not found.
HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93} => key not found.
HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E} => key not found.
"HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => key removed successfully.
"HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully.
"HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}" => key removed successfully.
"HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully.
"HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}" => key removed successfully.
"HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}" => key removed successfully.
"HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => key removed successfully.
"HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}" => key removed successfully.
"HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}" => key removed successfully.
"HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => key removed successfully.
"HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}" => key removed successfully.
"HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}" => key removed successfully.
"HKU\S-1-5-21-763783208-265182315-1340191871-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{187E6A5F-5395-407C-926F-CF1ABDDA8085}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{187E6A5F-5395-407C-926F-CF1ABDDA8085}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{23CB8F68-E0A3-4D54-9499-8A98001F0C7F}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23CB8F68-E0A3-4D54-9499-8A98001F0C7F}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2E592460-F389-45EA-8135-7F484A5A8B70}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E592460-F389-45EA-8135-7F484A5A8B70}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{336E0E33-461A-4A62-B282-DEDA31D77F99}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{336E0E33-461A-4A62-B282-DEDA31D77F99}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3835C75A-A464-4070-8A8A-317D2FB1A3EA}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3835C75A-A464-4070-8A8A-317D2FB1A3EA}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5A814989-8CC7-4196-B801-8192092F53D6}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A814989-8CC7-4196-B801-8192092F53D6}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{756DE0A9-3ADB-4ACD-AE1D-165E1BFA3DE3}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{756DE0A9-3ADB-4ACD-AE1D-165E1BFA3DE3}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{811EB3A1-BF26-45B6-A795-2F19E269A317}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{811EB3A1-BF26-45B6-A795-2F19E269A317}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{89CAAF56-7A9B-4B34-BFF6-E0020C8C9CDD}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{89CAAF56-7A9B-4B34-BFF6-E0020C8C9CDD}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9E50469D-3E35-4877-A0E8-F789A51EF52C}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9E50469D-3E35-4877-A0E8-F789A51EF52C}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A95F8C46-F9F4-411A-97D7-7D54FD8543D5}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A95F8C46-F9F4-411A-97D7-7D54FD8543D5}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BD546E9E-C8F3-459A-8125-A2F4E7053B3F}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BD546E9E-C8F3-459A-8125-A2F4E7053B3F}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C57D477C-DF97-48E0-AE2B-F5E974B62DE4}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C57D477C-DF97-48E0-AE2B-F5E974B62DE4}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DBB29E67-2F1C-42FD-8693-45EA32D3E09B}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DBB29E67-2F1C-42FD-8693-45EA32D3E09B}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E28A5E16-0C46-430A-8D68-1DA8F41F8A43}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E28A5E16-0C46-430A-8D68-1DA8F41F8A43}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F4284CB7-5635-405C-BF61-F30C2AB0A243}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F4284CB7-5635-405C-BF61-F30C2AB0A243}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-Weekend" => key removed successfully.
C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => moved successfully
C:\ProgramData\TEMP => ":054203E4" ADS removed successfully..

=========== EmptyTemp: ==========

BITS transfer queue => 37365 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 57702991 B
Java, Flash, Steam htmlcache => 4885 B
Windows/system/drivers => 2185377 B
Edge => 227045403 B
Chrome => 589486354 B
Firefox => 160080087 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
LocalService => 19723976 B
NetworkService => 464475211 B
Joel => 46676351 B

RecycleBin => 124859 B
EmptyTemp: => 1.5 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 18:55:41 ====

# AdwCleaner v6.000 - Logfile created 20/08/2016 at 07:53:59
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-08-19.1 [Server]
# Operating System : Windows 10 Pro (X86)
# Username : Joel - DELL-XPS410
# Running from : C:\Users\Joel\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://toolslib.net/forum

***** [ Services ] *****

[!] Service not deleted: {8454CB08-E1F0-4BB3-B611-A780048FE593}

***** [ Folders ] *****

[-] Folder deleted: C:\Users\Joel\AppData\Roaming\DriverFinder
[!] Folder not deleted: C:\Users\Joel\AppData\Roaming\DriverFinder
[!] Folder not deleted: C:\Users\Joel\AppData\Roaming\DriverFinder
[!] Folder not deleted: C:\Users\Joel\AppData\Roaming\DriverFinder
[!] Folder not deleted: C:\Users\Joel\AppData\Roaming\DriverFinder
[-] Folder deleted: C:\extensions

***** [ Files ] *****

[!] File not deleted:

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

[!] Key not deleted: HKU\S-1-5-21-763783208-265182315-1340191871-1001\Software\GreenTree Applications\YTD
[!] Key not deleted: HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\GreenTree Applications\YTD
[!] Key not deleted: HKCU\Software\GreenTree Applications\YTD
[!] Key not deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}

***** [ Web browsers ] *****

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1626 Bytes] - [20/08/2016 07:53:59]
C:\AdwCleaner\AdwCleaner[S0].txt - [1873 Bytes] - [19/08/2016 08:39:33]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1772 Bytes] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 10 Pro x86
Ran by Joel (Administrator) on Sat 08/20/2016 at 8:07:43.54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 18

Successfully deleted: C:\Program Files\mozilla firefox\defaults\pref\itms.js (File)
Successfully deleted: C:\ProgramData\Start Menu\Programs\mp3 rocket (Folder)
Successfully deleted: C:\ProgramData\Start Menu\Programs\ytd video downloader (Folder)
Successfully deleted: C:\ProgramData\ytd video downloader (Folder)
Successfully deleted: C:\Users\Public\Desktop\ytd video downloader.lnk (Shortcut)
Successfully deleted: C:\WINDOWS\System32\Tasks\PCDEventLauncherTask (Task)
Successfully deleted: C:\WINDOWS\wininit.ini (File)
Successfully deleted: C:\Program Files\GUT25EC.tmp (File)
Successfully deleted: C:\Program Files\GUTA226.tmp (File)
Successfully deleted: C:\Program Files\mp3 rocket (Folder)
Successfully deleted: C:\WINDOWS\prefetch\SPYBOTSD2-INSTALL-IEFREEZEFIX-60E23EF0.pf (File)
Successfully deleted: C:\WINDOWS\prefetch\SPYBOTSD2-INSTALL-IEFREEZEFIX-625B4A33.pf (File)
Successfully repaired: C:\ProgramData\Microsoft\windows\Start Menu\Programs\ShipRush\ShipRush for FedEx - Ecommerce Edition.lnk (Shortcut)
Successfully repaired: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShipRush\ShipRush for FedEx - Ecommerce Edition.lnk (Shortcut)
Successfully repaired: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShipRush\ShipRush for FedEx Help.lnk (Shortcut)
Successfully repaired: C:\ProgramData\Microsoft\windows\Start Menu\Programs\ShipRush\ShipRush for FedEx Help.lnk (Shortcut)
Successfully repaired: C:\ProgramData\Start Menu\Programs\ShipRush\ShipRush for FedEx - Ecommerce Edition.lnk (Shortcut)
Successfully repaired: C:\ProgramData\Start Menu\Programs\ShipRush\ShipRush for FedEx Help.lnk (Shortcut)

Registry: 2

Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_0F9F0B6353EE033798AF90928A2DFDFC (Registry Value)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 08/20/2016 at 8:10:17.17
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

**Juliet** · 2016-08-20, 15:58

Good deal

Since you already have Malwarebytes Anti-Malware onboard, we'll update it and run a scan.

Open Malwarebytes Anti-Malware
On the Dashboard click on Update Now
Go to the Setting Tab
Under Setting go to Detection and Protection
Under PUP and PUM make sure both are set to show Treat Detections as Malware
Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
Then on the Dashboard click on Scan
Make sure to select THREAT SCAN
Then click on Scan
Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards.
If threats are detected, click Remove Selected. If you are prompted to reboot, click Yes.
Upon completion of the scan (or after the reboot), click the History tab.
Click Application Logs, followed by the first Scan Log.
Click Export,followed by Copy to Clipboard. Paste the log in your next reply.

~~~

What we can do now is run an online scan with Eset, a good trusted scanner, reliable and thorough.
The settings I suggest will also show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.

Please disable your Antivirus as shown in the following topic: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Emsisoft Emergency Kit

Please download Emsisoft Emergency Kit and save it to your desktop.
Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop.

Leave all settings as they are and click the Extract button at the bottom.
A folder named EEK will be created in the root of the drive (usually c:\).

After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.
The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates.
Please click Yes so that it downloads the latest database updates.
When the update process is complete, a new button will appear in the lower-left corner that says Back. Click on this button to return to the Overview screen.
Click on Scan to be taken to the scan options.
If you are asked if you want the scanner to scan for Potentially Unwanted Programs, then click Yes.
Click on the Malware Scan button to start the scan.
When the scan is completed click the View report button in the lower-right corner, and the scan log will be opened in Notepad.
Please save the log in Notepad on your desktop, and copy it to your next reply.
When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.

How is your computer now?

**Bdole** · 2016-08-21, 15:08

Juliet,

Things are moving quicker now...thank you!

Following are the MalwareBytes and Emsisoft logs.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/20/2016
Scan Time: 10:08 AM
Logfile: MalwareBytesScan.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.08.20.06
Rootkit Database: v2016.08.15.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 10
CPU: x86
File System: NTFS
User: Joel

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 475418
Time Elapsed: 1 hr, 29 min, 49 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

Emsisoft Emergency Kit - Version 11.9
Last update: 8/20/2016 7:28:16 PM
User account: Dell-XPS410\Joel
Computer name: DELL-XPS410
OS version: Windows 10x86

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start: 8/20/2016 7:29:41 PM
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-763783208-265182315-1340191871-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)

Scanned 78352
Found 2

Scan end: 8/20/2016 7:38:21 PM
Scan time: 0:08:40

**Juliet** · 2016-08-21, 15:42

Things are moving quicker now

Yea!

One more tools please

Download RogueKiller to your desktop.
http://www.adlice.com/download/roguekiller/#download
Goes at the bottom of the page, right in front of the links.
Quit all running programs.
For Windows XP, double-click to start.
For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
Read and accept the EULA (End User Licene Agreement)
Click Scan to scan the system.
When the scan completes Close the program > Don't Fix anything!
Don't run any other options, they're not all bad!!
Post back the report which should be located on your desktop.

**Bdole** · 2016-08-22, 02:37

As requested, the RogueKiller log. Looks like none of these scanners are fond of YTD Downloader made by GreenTree.

RogueKiller V12.4.4.0 [Aug 16 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.10586) 32 bits version
Started in : Normal mode
User : Joel [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Scan -- Date : 08/21/2016 17:51:56

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 12 ¤¤¤
[Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1} (C:\Users\Joel\AppData\Local\Google\Update\1.3.23.9\psuser.dll) -> Found
[Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A} (C:\Users\Joel\AppData\Local\Google\Update\1.3.26.9\psuser.dll) -> Found
[Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2} (C:\Users\Joel\AppData\Local\Google\Update\1.3.29.1\psuser.dll) -> Found
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7} -> Found
[Hj.RegVal] HKEY_LOCAL_MACHINE\RK_Software_ON_D_A86D\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe -> Found
[PUM.Proxy] HKEY_USERS\S-1-5-21-763783208-265182315-1340191871-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:16110;https=127.0.0.1:16110 -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-21-763783208-265182315-1340191871-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.routerlogin.net/start.htm -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-763783208-265182315-1340191871-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-763783208-265182315-1340191871-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyComputer : 2 -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-763783208-265182315-1340191871-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowControlPanel : 2 -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-763783208-265182315-1340191871-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyDocs : 2 -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-763783208-265182315-1340191871-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 2 -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 2 ¤¤¤
[Tr.Generic][File] C:\Windows\VPDAgent.exe -> Found
[PUP][Folder] C:\Program Files\GreenTree Applications -> Found

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD3200AAKS-75SBA0 +++++
--- User ---
[MBR] e18cc7d1f8f23ebc3ffa48e0789b3ff3
[BSP] d695b62de0375c538da31935cc823f13 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 62 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 129024 | Size: 10240 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 21100544 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 21305344 | Size: 294841 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

**Juliet** · 2016-08-22, 16:18

ooks like none of these scanners are fond of YTD Downloader made by GreenTree

If you feel it's ok to leave this on the computer, I'll leave that option up to you.

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

start
CreateRestorePoint:
CloseProcesses:
ProxyServer: [S-1-5-21-763783208-265182315-1340191871-1001] => http=127.0.0.1:16110;https=127.0.0.1:16110
AutoConfigURL: [S-1-5-21-763783208-265182315-1340191871-1001] => http=127.0.0.1:16110;https=127.0.0.1:16110
ProxyServer: [S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => http=127.0.0.1:16110;https=127.0.0.1:16110
AutoConfigURL: [S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => http=127.0.0.1:16110;https=127.0.0.1:16110
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
End

Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

This should have us all fixed up, how's the computer now?

**Bdole** · 2016-08-24, 14:07

Things are running nicely! Here's the Fixlog.txt.

Fix result of Farbar Recovery Scan Tool (x86) Version: 21-08-2016 01
Ran by Joel (23-08-2016 19:49:33) Run:2
Running from C:\Users\Joel\Desktop
Loaded Profiles: Joel & (Available Profiles: Joel)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
ProxyServer: [S-1-5-21-763783208-265182315-1340191871-1001] => http=127.0.0.1:16110;https=127.0.0.1:16110
AutoConfigURL: [S-1-5-21-763783208-265182315-1340191871-1001] => http=127.0.0.1:16110;https=127.0.0.1:16110
ProxyServer: [S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => http=127.0.0.1:16110;https=127.0.0.1:16110
AutoConfigURL: [S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => http=127.0.0.1:16110;https=127.0.0.1:16110
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-763783208-265182315-1340191871-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully.
HKU\S-1-5-21-763783208-265182315-1340191871-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL => value not found.
HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully.
HKU\S-1-5-21-763783208-265182315-1340191871-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL => value not found.

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

========= netsh winsock reset all =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

========= netsh int ipv4 reset =========

Resetting Global, OK!
Resetting Interface, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Restart the computer to complete this action.

========= End of CMD: =========

========= netsh int ipv6 reset =========

Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.

========= End of CMD: =========

=========== EmptyTemp: ==========

BITS transfer queue => 32768 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10623704 B
Java, Flash, Steam htmlcache => 2316 B
Windows/system/drivers => -76008 B
Edge => 65039954 B
Chrome => 90147838 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
LocalService => 19874402 B
NetworkService => 0 B
Joel => 47582578 B

RecycleBin => 0 B
EmptyTemp: => 222.4 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 19:53:09 ====

**Juliet** · 2016-08-24, 17:58

Things are running nicely!

yes!

Honestly, I think we're done. If something was wrong you'd know it and i see no signs of anything left.

DelFix

Please download DelFix or from Here and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:
Activate UAC
Remove disinfection tools
Click the Run button.
-- This will remove the specialized tools we used to disinfect your system.
Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

************************************

Answers to common security questions - Best Practices by quietman7, MVP
How Malware Spreads - How did I get infected? by quietman7, MVP
Simple and easy ways to keep your computer safe and secure on the Internet by Lawrence Abrams, MVP
How to Prevent Malware by miekiemoes, MVP
How to backup and restore your data using Cobian Backup by YourHighness
Slow Computer/browser? It May Not Be Malwareby quietman7, MVP

AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
CryptoPrevent places policy restrictions on loading points for ransomware (eg. CryptoWall), helping prevent the execution of malware.
Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
Secunia PSI will scan your computer for vulnerable softwarethat is outdated, and automatically find the latest update for you.
SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
Unchecky automatically removes checkmarks for bunlded software in programme installers; helping you avoid adware and PUPs.
Web of Trust (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.

Want to help others? Join the ClassRoom and learn how.

Thread: Slow boot and browsing - help requested

Thread Tools

Display

Slow boot and browsing - help requested

Posting Permissions