Jump to content

lwayne14

Honorary Members
  • Posts

    24
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Aura Thank you for all your help...consider this case closed. Accomplished these tasks: 1. Ran DelFix...results below 2. Windows Updates were already automatic 3. Installed and ran Secunia...will try to keep programs up-to-date. 4. Installed Bitdefender 5. Installed MalwareBytes 6. Turned on Windows Firewall 7. Installed MalwareBytes Anti-Exploit 8. Installed uBlock Origin for Firefox Hope this will keep us out of trouble! Thanks again! # DelFix v1.013 - Logfile created 27/09/2016 at 18:49:49 # Updated 17/04/2016 by Xplode # Username : Kristina - KRISTINA-T420 # Operating System : Windows 10 Pro (64 bits) ~ Activating UAC ... OK ~ Removing disinfection tools ... Deleted : C:\FRST Deleted : C:\Users\Kristina\Desktop\Addition.txt Deleted : C:\Users\Kristina\Desktop\Fixlog.txt Deleted : C:\Users\Kristina\Desktop\FRST.txt Deleted : C:\Users\Kristina\Desktop\FRST64.exe Deleted : C:\Users\Kristina\Desktop\Search.txt ~ Creating registry backup ... OK ~ Cleaning system restore ... Deleted : RP #1 [Windows Update | 09/23/2016 16:09:25] Deleted : RP #6 [Windows Modules Installer | 09/26/2016 15:06:25] New restore point created ! ~ Resetting system settings ... OK ########## - EOF - ########## Cheers!
  2. RansomNotes complete and cleaned. All five programs have been uninstalled. What now?
  3. I think I will just delete all of the encrypted files. None of them are particularly important. The RansomNote software is still running...it's about half way through the C:/ partition. What AntiVirus shields do you recommend I should be using?
  4. Yes...that's what it is. A setup folder for software installs.
  5. QuickBooks issue has been resolved! Up and running on 2017 version with no loss of data from the 2009 version. I will retry RansomNoteCleaner. So what are the next steps here?
  6. I was using QuickBooks 2009. Now we've downloaded QuickBooks 2017 and we're getting the same error message. Also, I tried your link for the Ransom Note Cleaner, and my antivirus says it's an infected link.
  7. I know you're busy, but I've identified the issue with QuickBooks is an inability to access .NET... I try to install .NET 3.5, and I keep being told "Access is denied". Could this be a virus issue? Thanks...
  8. Here goes... Farbar Recovery Scan Tool (x64) Version: 25-09-2016 Ran by Kristina (26-09-2016 12:53:38) Running from C:\Users\Kristina\Desktop Boot Mode: Normal ================== Search Files: "*.crypt" ============= C:\DelFix.txt.crypt [2014-11-16 22:08][2014-11-16 22:08] 0000692 ___RA () EBEDEE5C5E677E5762EA3134FF88B2DD [File not signed] C:\SWTOOLS\apps\BurnNowSD\Burn.Now 4.5.msi.crypt [2010-09-10 11:18][2010-05-11 08:49] 6112516 ___RA () 574AAAF7F505933C3DEE83BE07EC5D41 [File not signed] C:\SWTOOLS\apps\BurnNowSD\info.txt.crypt [2010-09-10 11:18][2009-02-24 13:18] 0000442 ___RA () BE2CA348C565ABF0E9613556D0919B5D [File not signed] C:\SWTOOLS\apps\BurnNowSD\setupdir\0409\License.rtf.crypt [2010-09-10 11:18][2008-11-04 13:08] 0056525 ___RA () F22419C364BC672336D648E372540EBC [File not signed] C:\SWTOOLS\apps\BurnNowSD\setupdir\0407\License.rtf.crypt [2010-09-10 11:18][2008-11-04 13:11] 0070209 ___RA () DD2187DA640BAACE8313385D64EE42C5 [File not signed] C:\SWTOOLS\apps\BurnNowSD\setupdir\0404\License.rtf.crypt [2010-09-10 11:18][2008-11-04 13:10] 0130755 ___RA () 7CB3163C5A7C9839D0211764DA7D7FDD [File not signed] C:\SWTOOLS\apps\BurnNowSD\Setup\LenovoLauncher\DMF_Only\launcher\Launcher.xml.crypt [2010-09-10 11:18][2009-12-29 14:36] 0163170 ___RA () 2DC20829CA457A860D82CE45AB599EA1 [File not signed] C:\SWTOOLS\apps\BurnNowSD\Setup\LenovoLauncher\DMF_BN\launcher\Launcher.xml.crypt [2010-09-10 11:18][2009-12-29 14:13] 0163090 ___RA () 276E48F03E15E5B097A965EF5C8A0335 [File not signed] C:\SWTOOLS\apps\BurnNowSD\ISSetupPrerequisites\{1DC2FD11-3F2A-4E53-A32C-7CD67ECCB396}\vcredist.msi.crypt [2010-09-10 11:18][2007-01-11 15:58] 2635012 ___RA () 731B3E786EAB2598B23EA96D6D805877 [File not signed] C:\SWTOOLS\apps\Adobe\AdbeRdr940\US\InstallAdbeRdr940.cmd.crypt [2010-12-05 22:16][2010-12-05 21:49] 0000738 ___RA () 9ED5A83092E8F4E96B0DCB34CAB1BB08 [File not signed] C:\SWTOOLS\apps\Adobe\AdbeRdr940\US\SetupMUI.cmd.crypt [2010-12-05 22:16][2010-12-05 21:44] 0000667 ___RA () 0E0019C760A68BDD4300510F1C9FB357 [File not signed] C:\SWTOOLS\antivirus\NORTONIS\ALL\MODULECUST\SETUP.CMD.crypt [2011-09-04 20:36][2011-09-04 20:26] 0000379 ___RA () 1527C9F22AFB4C8D432BD14D06B06CAF [File not signed] C:\mfg\SPEC.pdf.crypt [2010-02-24 02:03][2009-05-07 12:14] 0101165 ___RA () 5EAEB66C0F7D3670A751E204A080F16E [File not signed] C:\mfg\W7ADD64EN006.pdf.crypt [2010-02-24 02:03][2010-02-08 01:00] 0162137 ___RA () A3ADC91F8A0CC870D966AFEEE32901DB [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\README.HTM.crypt [2011-12-11 20:29][2010-03-26 11:22] 0002201 ___RA () D7C36455F72F77BB67ED2BC8BFE39788 [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\Word.en-us\setup.xml.crypt [2011-12-11 20:29][2010-03-30 17:47] 0002684 ___RA () 173D3EF032087F399567419E1448BE77 [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\Word.en-us\WordMUI.msi.crypt [2011-12-11 21:53][2010-03-30 17:47] 2522884 ___RA () D50F1D4CDA2A1EAD03413EE62142C892 [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\Word.en-us\WordMUI.xml.crypt [2011-12-11 21:53][2010-03-30 17:47] 0002060 ___RA () 4652CCFC902BFD913EB394DA04CB7B0C [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\Updates\README.TXT.crypt [2011-12-11 20:29][2010-03-25 09:31] 0000335 ___RA () 9B5117D2B09F7396FB00FA4A31CC9B4A [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\Publisher.en-us\PublisherMUI.msi.crypt [2011-12-11 20:29][2010-03-30 17:47] 2514180 ___RA () A6444E9549D098186D96BAC6A7139DB2 [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\Publisher.en-us\PublisherMUI.xml.crypt [2011-12-11 20:29][2010-03-30 17:47] 0001710 ___RA () 022791794122DED89BE5B795FCD6028B [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\Publisher.en-us\setup.xml.crypt [2011-12-11 20:29][2010-03-30 17:47] 0001868 ___RA () 7D9A968DA442CFD3EBAC73E492F916FB [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\ProPlus.WW\config.xml.crypt [2011-12-11 20:29][2010-03-22 14:33] 0001173 ___RA () E8BA82B4B99D6998553C31FB1733C562 [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\ProPlus.WW\Office32WW.msi.crypt [2011-12-11 20:29][2010-03-30 12:10] 1992452 ___RA () 9CBC3214FBFD25A28F3E92DB6DC8D212 [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\ProPlus.WW\Office32WW.xml.crypt [2011-12-11 20:29][2010-03-30 12:13] 0004534 ___RA () 85F0A5FC9DAA3604940377554E4A638C [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\ProPlus.WW\ProPlusWW.msi.crypt [2011-12-11 20:29][2010-03-30 17:51] 27196164 ___RA () 186B9E5D8E22D3F152632FFF55BB44AE [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\ProPlus.WW\ProPlusWW.xml.crypt [2011-12-11 20:29][2010-03-30 17:52] 0017110 ___RA () 862FCCC18A81E2E03558F41998187265 [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\ProPlus.WW\setup.xml.crypt [2011-12-11 20:29][2010-03-30 17:52] 0030656 ___RA () D581B5BD1AE30C3015211E02DC34C25A [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\Proofing.en-us\Proofing.msi.crypt [2011-12-11 20:29][2010-03-30 17:47] 0869124 ___RA () 07F815378EB951A89255A5BFDD636FF3 [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\Proofing.en-us\Proofing.xml.crypt [2011-12-11 20:29][2010-03-30 17:47] 0001071 ___RA () F3BEF02A14F6543905817410396BBA99 [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\Proofing.en-us\setup.xml.crypt [2011-12-11 20:29][2010-03-30 17:47] 0006144 ___RA () B6ED5078D4AB7AF4B15B19681F32F3CA [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\Proofing.en-us\Proof.fr\Proof.msi.crypt [2011-12-11 20:29][2010-03-30 17:47] 0886020 ___RA () D0F91133CADCBA66799DA7FAE01BC71B [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\Proofing.en-us\Proof.fr\Proof.xml.crypt [2011-12-11 20:29][2010-03-30 17:47] 0001718 ___RA () D110CAD57C063E0B50BF8111E3B8CFBC [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\Proofing.en-us\Proof.es\Proof.msi.crypt [2011-12-11 20:29][2010-03-30 17:47] 0881412 ___RA () 4430BA03A9EC4A9E7D85362B232BE96F [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\Proofing.en-us\Proof.es\Proof.xml.crypt [2011-12-11 20:29][2010-03-30 17:47] 0001717 ___RA () 6B3E92D24A3FAFC56DF7B8185F909324 [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\Proofing.en-us\Proof.en\Proof.msi.crypt [2011-12-11 20:29][2010-03-30 12:11] 0875780 ___RA () EF085659BAF4A436CE257018D08C7970 [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\Proofing.en-us\Proof.en\Proof.xml.crypt [2011-12-11 20:29][2010-03-30 12:14] 0001607 ___RA () 0EE3F66B1BFB51A25854F4C8EB821568 [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\PowerPoint.en-us\PowerPointMUI.msi.crypt [2011-12-11 20:29][2010-03-30 17:47] 2503940 ___RA () 395D032F9133AF100A7B602C95CB6569 [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\PowerPoint.en-us\PowerPointMUI.xml.crypt [2011-12-11 20:29][2010-03-30 17:47] 0001710 ___RA () 7A7063E643AFC72C67A776767CA45331 [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\PowerPoint.en-us\setup.xml.crypt [2011-12-11 20:29][2010-03-30 17:47] 0002146 ___RA () FBF72CBC0D117945D25E3D270CD9870A [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\Outlook.en-us\OutlookMUI.msi.crypt [2011-12-11 20:29][2010-03-30 17:47] 2865924 ___RA () 84C87CFDD3C91580D93CA5301669327C [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\Outlook.en-us\OutlookMUI.xml.crypt [2011-12-11 20:29][2010-03-30 17:47] 0003446 ___RA () DEFAF0D934BEE0F2C389D0D89E5C7963 [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\Outlook.en-us\setup.xml.crypt [2011-12-11 20:29][2010-03-30 17:47] 0004467 ___RA () F3ABDAB929C5DDE607B6751304AAABE9 [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\OneNote.en-us\OneNoteMUI.msi.crypt [2011-12-11 20:29][2010-03-30 17:47] 2503940 ___RA () CCE34A9A5116671CFA643E71A498A555 [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\OneNote.en-us\OneNoteMUI.xml.crypt [2011-12-11 20:29][2010-03-30 17:47] 0001866 ___RA () 5B9E6A1936CBACC7524D3378251CCC8D [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\OneNote.en-us\setup.xml.crypt [2011-12-11 20:29][2010-03-30 17:47] 0002248 ___RA () 8DDB7725FCEFAC0FE9C87FBD18258FB4 [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\Office32.en-us\Office32MUI.msi.crypt [2011-12-11 20:29][2010-03-30 17:47] 0874244 ___RA () A1CF097664F3C53F0572344A488BCA50 [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\Office32.en-us\Office32MUI.xml.crypt [2011-12-11 20:29][2010-03-30 17:47] 0001643 ___RA () 9E2401634B50A427AAC7E72316C93C30 [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\Office32.en-us\setup.xml.crypt [2011-12-11 20:29][2010-03-30 17:47] 0002622 ___RA () 96853D81F947804AFC229E4E2A84807E [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\Office.en-us\branding.xml.crypt [2011-12-11 20:29][2010-03-27 17:14] 0596601 ___RA () CCD13EC2FF7BF72E83676D8DCE9A80C8 [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\Office.en-us\OfficeMUI.msi.crypt [2011-12-11 20:29][2010-03-30 17:47] 3702532 ___RA () 43FAB50EEEEA7E102BF12248082BFEAA [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\Office.en-us\OfficeMUI.xml.crypt [2011-12-11 20:29][2010-03-30 17:47] 0005817 ___RA () 25511E26A606356B7EAD6C09BAB00325 [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\Office.en-us\OfficeMUISet.msi.crypt [2011-12-11 20:29][2010-03-30 17:47] 0869124 ___RA () C534D3412C201933E1FF8A821B17AB45 [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\Office.en-us\OfficeMUISet.xml.crypt [2011-12-11 20:29][2010-03-30 17:47] 0001079 ___RA () 8F976AB82AEA6277A6742FBFD9B0FF18 [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\Office.en-us\setup.xml.crypt [2011-12-11 20:29][2010-03-30 17:47] 0009612 ___RA () 0DDB99E794B411CDF7D9F13F2F8DEADE [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\InfoPath.en-us\InfoPathMUI.msi.crypt [2011-12-11 20:29][2010-03-30 17:51] 3124484 ___RA () BD685071E032B03CDF146E8478490F95 [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\InfoPath.en-us\InfoPathMUI.xml.crypt [2011-12-11 20:29][2010-03-30 17:51] 0001491 ___RA () F0434938DBDB72C1135F06E99551E1B3 [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\InfoPath.en-us\setup.xml.crypt [2011-12-11 20:29][2010-03-30 17:51] 0002112 ___RA () 3796814AD45DA37DAB6BB8508C19EC5D [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\Groove.en-us\GrooveMUI.msi.crypt [2011-12-11 20:29][2010-03-30 17:51] 2508036 ___RA () C517E8D2C818AAEEE5A64859AE22CF8D [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\Groove.en-us\GrooveMUI.xml.crypt [2011-12-11 20:29][2010-03-30 17:51] 0001173 ___RA () B84D04E0ECBE6EB555F751F7B18F60D2 [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\Groove.en-us\setup.xml.crypt [2011-12-11 20:29][2010-03-30 17:51] 0001712 ___RA () 6DB3A4987E5164D7775388FD1ADF8042 [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\Excel.en-us\ExcelMUI.msi.crypt [2011-12-11 20:29][2010-03-30 17:47] 2506500 ___RA () 7E9A533BB97A2E7586C39E17B1B3D3EB [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\Excel.en-us\ExcelMUI.xml.crypt [2011-12-11 20:29][2010-03-30 17:47] 0001825 ___RA () 527BADC384A49E584C542EAAA409A483 [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\Excel.en-us\setup.xml.crypt [2011-12-11 20:29][2010-03-30 17:47] 0002556 ___RA () B4A2F1869AF37166E89A64E047283270 [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\Access.en-us\AccessMUISet.msi.crypt [2011-12-11 20:29][2010-03-30 17:47] 0869124 ___RA () 83C12923843AE877410EB66B666B351B [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\Access.en-us\AccessMUISet.xml.crypt [2011-12-11 20:29][2010-03-30 17:47] 0001079 ___RA () 0C7B05288E32825174B6313CEAB82E32 [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\Access.en-us\setup.xml.crypt [2011-12-11 20:29][2010-03-30 17:47] 0002884 ___RA () C02E6741FD8EB464A8122399F5139E03 [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\Access.en-us\Access.en-us\AccessMUI.msi.crypt [2011-12-11 20:29][2010-03-30 17:47] 2517764 ___RA () 7FE95E056E7BE061C898DB990317904D [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\Access.en-us\Access.en-us\AccessMUI.xml.crypt [2011-12-11 20:29][2010-03-30 17:47] 0001609 ___RA () DC07BA41FBFBCA9561D216D94A69A166 [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\Access.en-us\Access.en-us\branding.xml.crypt [2011-12-11 20:29][2010-03-27 17:14] 0596601 ___RA () D9DB933925A9AE262726025C8FCFF45C [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\Adobe Photoshop Elements 10.msi.crypt [2011-12-12 04:04][2011-09-07 06:58] 30331140 ___RA () FBCF8203BD76F594590150398A4F42F9 [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ols_config.xml.crypt [2011-12-15 12:10][2011-09-07 06:59] 0001082 ___RA () FC6E1BE4F9290B4865C38868FB28D466 [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ols_config_education.xml.crypt [2011-12-15 12:10][2011-09-07 06:59] 0001227 ___RA () 0048BBBF2F60C85BD699669FA39688FD [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\resources\setup.xml.crypt [2011-12-15 12:10][2011-09-07 06:59] 0000911 ___RA () 9D781EF9CF1173B6BA16747057ADFA23 [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\Media_db.db.crypt [2011-12-15 12:10][2011-09-07 06:59] 0178436 ___RA () EFC2F9E6776B1ED94EB1C243C4733F1F [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\Setup.xml.crypt [2011-12-15 12:10][2011-09-07 06:59] 0001221 ___RA () 3A4830FE93517113CCA1C2C1CBFB6FD6 [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\PSE10STIInstaller\Assets1_1.zip.crypt [2011-12-15 12:10][2011-09-07 06:59] 0000438 ___RA () A7F2883EFEC45F05F60693BA7D783E3F [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\PSE10STIInstaller\Install.db.crypt [2011-12-15 12:10][2011-09-07 06:59] 0072964 ___RA () 48D180EC1B82F067486BE59EA7CA18BA [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\PSE10STIInstaller\media.sql.crypt [2011-12-15 12:10][2011-09-07 06:59] 0010035 ___RA () 4B1B984ADA8A2A7983220668F215591C [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\PSE10STIInstaller\Media_db.db.crypt [2011-12-15 12:10][2011-09-07 06:59] 0025860 ___RA () B0C3AD250EDB4DF5195235A84D78C204 [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\PSE10STIInstaller\PSE10STIInstaller.boot.xml.crypt [2011-12-15 12:10][2011-09-07 06:59] 0005985 ___RA () 862B0EA545B412F6D29FB19590CB693D [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\PSE10STIInstaller\PSE10STIInstaller.proxy.xml.crypt [2011-12-15 12:10][2011-09-07 06:59] 0007566 ___RA () 369C795D71E4BEECC8E56524C7582DD3 [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\CameraRawForElements6.4All-x64\Assets2_1.zip.crypt [2011-12-15 12:10][2011-09-07 06:59] 6755161 ___RA () 270DA48BE548B2FB7AB2945E17A5952D [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\CameraRawForElements6.4All-x64\CameraRawForElements6.4All-x64.boot.xml.crypt [2011-12-15 12:10][2011-09-07 06:59] 0006487 ___RA () AF002FEFF0B530EB09482968842F9816 [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\CameraRawForElements6.4All-x64\CameraRawForElements6.4All-x64.proxy.xml.crypt [2011-12-15 12:10][2011-09-07 06:59] 0009093 ___RA () B47A553981C4CBBBAE88667A10FA9061 [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\CameraRawForElements6.4All-x64\Install.db.crypt [2011-12-15 12:10][2011-09-07 06:59] 0072964 ___RA () 8CE20D68EB0318BFCD2988E38EBFD841 [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\CameraRawForElements6.4All-x64\media.sql.crypt [2011-12-15 12:10][2011-09-07 06:59] 0013186 ___RA () 1CC647AA22D3A3F65F81B94F7661E1DE [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\CameraRawForElements6.4All-x64\Media_db.db.crypt [2011-12-15 12:10][2011-09-07 06:59] 0029956 ___RA () 4602B7C828E8B85921B4DE12B0FE5166 [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\CameraRawForElements6.4All\Assets2_1.zip.crypt [2011-12-15 12:10][2011-09-07 06:59] 5824550 ___RA () 5A9AFADDFC100144326235AF32B59FEF [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\CameraRawForElements6.4All\CameraRawForElements6.4All.boot.xml.crypt [2011-12-15 12:10][2011-09-07 06:59] 0006015 ___RA () 6585A504BD3A6C6EB419526818A31411 [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\CameraRawForElements6.4All\CameraRawForElements6.4All.proxy.xml.crypt [2011-12-15 12:10][2011-09-07 06:59] 0009931 ___RA () C25051776F686827FC2F669F7740A890 [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\CameraRawForElements6.4All\Install.db.crypt [2011-12-15 12:10][2011-09-07 06:59] 0072964 ___RA () 0137B70B1D3CFEB06DA19415ED495073 [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\CameraRawForElements6.4All\media.sql.crypt [2011-12-15 12:10][2011-09-07 06:59] 0013997 ___RA () 99DA64D6AC15EFA5880DCAC552D2EE69 [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\CameraRawForElements6.4All\Media_db.db.crypt [2011-12-15 12:10][2011-09-07 06:59] 0029956 ___RA () 6AD348037C29C2EA825ADE7A52A1E37A [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeXMPPanelsAll\AdobeXMPPanelsAll.boot.xml.crypt [2011-12-15 12:10][2011-09-07 06:59] 0005992 ___RA () 4487243CBF0C7BD199C5F16C5FBF2860 [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeXMPPanelsAll\AdobeXMPPanelsAll.proxy.xml.crypt [2011-12-15 12:10][2011-09-07 06:59] 0012124 ___RA () 99B86844A6F0D0C8068FAC3905C54584 [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeXMPPanelsAll\Assets2_1.zip.crypt [2011-12-15 12:10][2011-09-07 06:59] 1673792 ___RA () A7302562534EDADF61A87906C7E59D35 [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeXMPPanelsAll\Install.db.crypt [2011-12-15 12:10][2011-09-07 06:59] 0161028 ___RA () 3395BE147F5BE4E475D15137E9F733AD [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeXMPPanelsAll\media.sql.crypt [2011-12-15 12:10][2011-09-07 06:59] 0023879 ___RA () AC43C2D18A3A060D923FED108563BEDE [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeXMPPanelsAll\Media_db.db.crypt [2011-12-15 12:10][2011-09-07 06:59] 0044292 ___RA () 6343498D6ECAE63EDCE3FB8FD2515B09 [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeHelp\AdobeHelp.proxy.xml.crypt [2011-12-15 12:10][2011-09-07 06:59] 0003109 ___RA () CD006D0F19858D891F52E4C0B3276806 [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeHelp\media.sql.crypt [2011-12-15 12:10][2011-09-07 06:59] 0004587 ___RA () C884FA61CC3EFC23CE3CA4534A4791AC [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeHelp\Media_db.db.crypt [2011-12-15 12:10][2011-09-07 06:59] 0020740 ___RA () 77B165118592917A46C2B6CE87939F29 [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeCameraRawProfile6.0All-190511105927\6.4.071.xml.crypt [2011-12-15 12:10][2011-09-07 06:59] 0002499 ___RA () 2C338CD68457BC8FDFE6074C2A635D2B [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeCameraRawProfile6.0All-190511105927\AdobeCameraRawProfile6.0All-190511105927.boot.xml.crypt [2011-12-15 12:10][2011-09-07 06:59] 0006322 ___RA () F2A6B903A262F290CA4CC7D5795308C6 [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeCameraRawProfile6.0All-190511105927\AdobeCameraRawProfile6.0All-190511105927.proxy.xml.crypt [2011-12-15 12:10][2011-09-07 06:59] 0008574 ___RA () D9ACA78064B9B89484D29FDFC3DF1365 [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeCameraRawProfile6.0All-190511105927\Assets1_1.zip.crypt [2011-12-15 12:10][2011-09-07 06:59] 0000447 ___RA () 7885D9922E766360CA14662409215222 [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeCameraRawProfile6.0All-190511105927\Assets2_1.zip.crypt [2011-12-15 12:10][2011-09-07 06:59] 28384064 ___RA () 9C32A63904E2ABCF8A0713E3873B6C65 [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeCameraRawProfile6.0All-190511105927\Install.db.crypt [2011-12-15 12:10][2011-09-07 06:59] 0283908 ___RA () 1017D501FB6760149E2DD560298459D4 [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeCameraRawProfile6.0All-190511105927\media.sql.crypt [2011-12-15 12:10][2011-09-07 06:59] 0012081 ___RA () F09100D7A59BBBF2D54896B9503E479F [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeCameraRawProfile6.0All-190511105927\Media_db.db.crypt [2011-12-15 12:10][2011-09-07 06:59] 0026884 ___RA () C9A6C669F0E772DCF53C63AC611A11E2 [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeCameraRawProfile6.0All\AdobeCameraRawProfile6.0All.boot.xml.crypt [2011-12-15 12:10][2011-09-07 06:59] 0006261 ___RA () 8E37B7714F7099DF0B8E0AB3B0705BB6 [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeCameraRawProfile6.0All\AdobeCameraRawProfile6.0All.proxy.xml.crypt [2011-12-15 12:10][2011-09-07 06:59] 0020928 ___RA () 24495D149F2222EF8CA3CAC717BF4111 [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeCameraRawProfile6.0All\Assets2_1.zip.crypt [2011-12-15 12:10][2011-09-07 06:59] 61721770 ___RA () [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeCameraRawProfile6.0All\Install.db.crypt [2011-12-15 12:10][2011-09-07 06:59] 0259332 ___RA () 931E795BF26115D7E8F577E99523C482 [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeCameraRawProfile6.0All\media.sql.crypt [2011-12-15 12:10][2011-09-07 06:59] 0052142 ___RA () 33BA19BBA68A0F7C6CB33FC4BBAF5E6E [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeCameraRawProfile6.0All\Media_db.db.crypt [2011-12-15 12:10][2011-09-07 06:59] 0082180 ___RA () 1F9487784CEB44EE9333508787F7EE51 [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeAPE3.101-mul\AdobeAPE3.101-mul.boot.xml.crypt [2011-12-15 12:10][2011-09-07 06:59] 0006614 ___RA () C49C7BCAE44F4754A0C9312E89879DB0 [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeAPE3.101-mul\AdobeAPE3.101-mul.proxy.xml.crypt [2011-12-15 12:10][2011-09-07 06:59] 0016680 ___RA () 1EBF42384E44D006FDCB1B773C0D58B6 [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeAPE3.101-mul\Assets1_1.zip.crypt [2011-12-15 12:10][2011-09-07 06:59] 9406057 ___RA () 979F967A0FED4F60FF2371A9F42700EA [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeAPE3.101-mul\Install.db.crypt [2011-12-15 12:10][2011-09-07 06:59] 0072964 ___RA () 2ABBDA92047BED85BE653AF7AAD70C1A [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeAPE3.101-mul\media.sql.crypt [2011-12-15 12:10][2011-09-07 06:59] 0019724 ___RA () D957E1EF26C9D34E8AB75F5BDF3B7781 [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeAPE3.101-mul\Media_db.db.crypt [2011-12-15 12:10][2011-09-07 06:59] 0033028 ___RA () 68CB3F39E1EE732EC57B613F3ADF33BD [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\deploy\PSE10STIInstaller.install.xml.crypt [2011-12-15 12:09][2011-09-07 06:59] 0000743 ___RA () CBD12E42F5426FD907A4C0770AE20937 [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\deploy\PSE10STIInstaller.remove.xml.crypt [2011-12-15 12:09][2011-09-07 06:59] 0000829 ___RA () C52002698CBE6C248F84E1209963CF96 [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsOrganizer\Elements 10 Organizer.msi.crypt [2011-12-15 12:09][2011-09-07 06:59] 25458948 ___RA () 7D09785E5971EC8E32734082FA20AA97 [File not signed] C:\IUware Online\Adobe Acrobat X\AcroPro.msi.crypt [2011-12-12 04:03][2010-10-25 18:48] 8297732 ___RA () B0BF2F7CBF3E4EAD972A07AC5453A254 [File not signed] C:\CertificationUtility\ca_certificate.cer.crypt [2012-01-03 17:03][2012-01-03 18:04] 0001218 ___RA () 9EDD94D6F46CB003F9A7151695657402 [File not signed] ====== End of Search ======
  9. Here are search results: Farbar Recovery Scan Tool (x64) Version: 25-09-2016 Ran by Kristina (26-09-2016 11:37:34) Running from C:\Users\Kristina\Desktop Boot Mode: Normal ================== Search Files: "!Recovery_*" ============= C:\!Recovery_394F0EC6F0AA.html [1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed] C:\!Recovery_394F0EC6F0AA.txt [1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed] C:\Users\Kristina\Desktop\!Recovery_394F0EC6F0AA.html [1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed] C:\Users\Kristina\Desktop\!Recovery_394F0EC6F0AA.txt [1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed] C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\!Recovery_394F0EC6F0AA.bmp [1899-12-30 00:00][1899-12-30 00:00] 1281654 ___AT () CFE7C7104C7C08B2597A0F4B0491ECE7 [File not signed] C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\!Recovery_394F0EC6F0AA.html [1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed] C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\!Recovery_394F0EC6F0AA.txt [1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed] C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Network Shortcuts\!Recovery_394F0EC6F0AA.bmp [1899-12-30 00:00][1899-12-30 00:00] 1281654 ___AT () 5A1EAE334A018920522A38B4AEBA90C5 [File not signed] C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Network Shortcuts\!Recovery_394F0EC6F0AA.html [1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed] C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Network Shortcuts\!Recovery_394F0EC6F0AA.txt [1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed] C:\SWTOOLS\apps\BurnNowSD\!Recovery_394F0EC6F0AA.html [1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed] C:\SWTOOLS\apps\BurnNowSD\!Recovery_394F0EC6F0AA.txt [1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed] C:\SWTOOLS\apps\BurnNowSD\setupdir\0409\!Recovery_394F0EC6F0AA.html [1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed] C:\SWTOOLS\apps\BurnNowSD\setupdir\0409\!Recovery_394F0EC6F0AA.txt [1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed] C:\SWTOOLS\apps\BurnNowSD\setupdir\0407\!Recovery_394F0EC6F0AA.html [1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed] C:\SWTOOLS\apps\BurnNowSD\setupdir\0407\!Recovery_394F0EC6F0AA.txt [1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed] C:\SWTOOLS\apps\BurnNowSD\setupdir\0404\!Recovery_394F0EC6F0AA.html [1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed] C:\SWTOOLS\apps\BurnNowSD\setupdir\0404\!Recovery_394F0EC6F0AA.txt [1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed] C:\SWTOOLS\apps\BurnNowSD\Setup\LenovoLauncher\DMF_Only\launcher\!Recovery_394F0EC6F0AA.html [1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed] C:\SWTOOLS\apps\BurnNowSD\Setup\LenovoLauncher\DMF_Only\launcher\!Recovery_394F0EC6F0AA.txt [1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed] C:\SWTOOLS\apps\BurnNowSD\Setup\LenovoLauncher\DMF_BN\launcher\!Recovery_394F0EC6F0AA.html [1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed] C:\SWTOOLS\apps\BurnNowSD\Setup\LenovoLauncher\DMF_BN\launcher\!Recovery_394F0EC6F0AA.txt [1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed] C:\SWTOOLS\apps\BurnNowSD\ISSetupPrerequisites\{1DC2FD11-3F2A-4E53-A32C-7CD67ECCB396}\!Recovery_394F0EC6F0AA.html [1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed] C:\SWTOOLS\apps\BurnNowSD\ISSetupPrerequisites\{1DC2FD11-3F2A-4E53-A32C-7CD67ECCB396}\!Recovery_394F0EC6F0AA.txt [1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed] C:\SWTOOLS\apps\Adobe\AdbeRdr940\US\!Recovery_394F0EC6F0AA.html [1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed] C:\SWTOOLS\apps\Adobe\AdbeRdr940\US\!Recovery_394F0EC6F0AA.txt [1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed] C:\SWTOOLS\antivirus\NORTONIS\ALL\MODULECUST\!Recovery_394F0EC6F0AA.html [1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed] C:\SWTOOLS\antivirus\NORTONIS\ALL\MODULECUST\!Recovery_394F0EC6F0AA.txt [1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed] C:\mfg\!Recovery_394F0EC6F0AA.html [1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed] C:\mfg\!Recovery_394F0EC6F0AA.txt [1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\!Recovery_394F0EC6F0AA.html [1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\!Recovery_394F0EC6F0AA.txt [1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\Word.en-us\!Recovery_394F0EC6F0AA.html [1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\Word.en-us\!Recovery_394F0EC6F0AA.txt [1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\Updates\!Recovery_394F0EC6F0AA.html [1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\Updates\!Recovery_394F0EC6F0AA.txt [1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\Publisher.en-us\!Recovery_394F0EC6F0AA.html [1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\Publisher.en-us\!Recovery_394F0EC6F0AA.txt [1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\ProPlus.WW\!Recovery_394F0EC6F0AA.html [1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\ProPlus.WW\!Recovery_394F0EC6F0AA.txt [1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\Proofing.en-us\!Recovery_394F0EC6F0AA.html [1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\Proofing.en-us\!Recovery_394F0EC6F0AA.txt [1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\Proofing.en-us\Proof.fr\!Recovery_394F0EC6F0AA.html [1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\Proofing.en-us\Proof.fr\!Recovery_394F0EC6F0AA.txt [1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\Proofing.en-us\Proof.es\!Recovery_394F0EC6F0AA.html [1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\Proofing.en-us\Proof.es\!Recovery_394F0EC6F0AA.txt [1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\Proofing.en-us\Proof.en\!Recovery_394F0EC6F0AA.html [1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\Proofing.en-us\Proof.en\!Recovery_394F0EC6F0AA.txt [1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\PowerPoint.en-us\!Recovery_394F0EC6F0AA.html [1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\PowerPoint.en-us\!Recovery_394F0EC6F0AA.txt [1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\Outlook.en-us\!Recovery_394F0EC6F0AA.html [1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\Outlook.en-us\!Recovery_394F0EC6F0AA.txt [1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\OneNote.en-us\!Recovery_394F0EC6F0AA.html [1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\OneNote.en-us\!Recovery_394F0EC6F0AA.txt [1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\Office32.en-us\!Recovery_394F0EC6F0AA.html [1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\Office32.en-us\!Recovery_394F0EC6F0AA.txt [1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\Office.en-us\!Recovery_394F0EC6F0AA.html [1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\Office.en-us\!Recovery_394F0EC6F0AA.txt [1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\InfoPath.en-us\!Recovery_394F0EC6F0AA.html [1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\InfoPath.en-us\!Recovery_394F0EC6F0AA.txt [1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\Groove.en-us\!Recovery_394F0EC6F0AA.html [1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\Groove.en-us\!Recovery_394F0EC6F0AA.txt [1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\Excel.en-us\!Recovery_394F0EC6F0AA.html [1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\Excel.en-us\!Recovery_394F0EC6F0AA.txt [1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\Access.en-us\!Recovery_394F0EC6F0AA.html [1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\Access.en-us\!Recovery_394F0EC6F0AA.txt [1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\Access.en-us\Access.en-us\!Recovery_394F0EC6F0AA.html [1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed] C:\IUware Online\Office 2010 Professional Plus - 64bit\Access.en-us\Access.en-us\!Recovery_394F0EC6F0AA.txt [1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\!Recovery_394F0EC6F0AA.html [1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\!Recovery_394F0EC6F0AA.txt [1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\resources\!Recovery_394F0EC6F0AA.html [1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\resources\!Recovery_394F0EC6F0AA.txt [1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\!Recovery_394F0EC6F0AA.html [1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\!Recovery_394F0EC6F0AA.txt [1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\PSE10STIInstaller\!Recovery_394F0EC6F0AA.html [1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\PSE10STIInstaller\!Recovery_394F0EC6F0AA.txt [1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\CameraRawForElements6.4All-x64\!Recovery_394F0EC6F0AA.html [1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\CameraRawForElements6.4All-x64\!Recovery_394F0EC6F0AA.txt [1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\CameraRawForElements6.4All\!Recovery_394F0EC6F0AA.html [1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\CameraRawForElements6.4All\!Recovery_394F0EC6F0AA.txt [1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeXMPPanelsAll\!Recovery_394F0EC6F0AA.html [1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeXMPPanelsAll\!Recovery_394F0EC6F0AA.txt [1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeHelp\!Recovery_394F0EC6F0AA.html [1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeHelp\!Recovery_394F0EC6F0AA.txt [1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeCameraRawProfile6.0All-190511105927\!Recovery_394F0EC6F0AA.html [1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeCameraRawProfile6.0All-190511105927\!Recovery_394F0EC6F0AA.txt [1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeCameraRawProfile6.0All\!Recovery_394F0EC6F0AA.html [1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeCameraRawProfile6.0All\!Recovery_394F0EC6F0AA.txt [1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeAPE3.101-mul\!Recovery_394F0EC6F0AA.html [1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeAPE3.101-mul\!Recovery_394F0EC6F0AA.txt [1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\deploy\!Recovery_394F0EC6F0AA.html [1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\deploy\!Recovery_394F0EC6F0AA.txt [1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsOrganizer\!Recovery_394F0EC6F0AA.html [1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed] C:\IUware Online\Adobe Photoshop Elements 10\ElementsOrganizer\!Recovery_394F0EC6F0AA.txt [1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed] C:\IUware Online\Adobe Acrobat X\!Recovery_394F0EC6F0AA.html [1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed] C:\IUware Online\Adobe Acrobat X\!Recovery_394F0EC6F0AA.txt [1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed] C:\CertificationUtility\!Recovery_394F0EC6F0AA.html [1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed] C:\CertificationUtility\!Recovery_394F0EC6F0AA.txt [1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed] ====== End of Search ======
  10. There are about 100 files with the !Recovery_39... prefix on the computer in various locations. They all have *.bmp, *.html, or *.txt extensions. There are no dates (of any type) associated with those files. Trying the Quickbooks update now...
  11. 1. Modification date on C:/DelFix.txt.crypt is 11/16/2014. 2. I found the Quickbooks database file. It appears to be un-encrypted. We are running an old version of Quickbooks. I will have my wife upgrade to the most recent version and see if we still have problems. 3. Yes, I was referring to those files specifically... 4. So I have no active viruses? What tools should I be using to prevent any future attacks? Thanks!
  12. I searched for *.cr* and only found one file: C:/DelFix.txt.crypt. I looked at the QuickBooks files and did not notice anything unusual...but I have to admit I'm not sure where and what to look for... You referred to the virus in the past tense...is there no active virus affecting the computer? Can I get rid of the remnants of the RansomWare virus you described? What else might be affecting Quickbooks? Thanks again for your help...
  13. Aura - Thank you again for your help! 1. I attempted to run your fixlist, but it puked on the zip command. I believe it was because the third file doesn't exist (C:\ProgramData\KGyGaAvL.sys). I searched for the file with File Manager and found nothing. SO, I commented out the zip command and re-ran the fixlist. Below you will see the fixlog contents. 2. After the fixlist ran, I manually zipped up the files you had in your zip command and added two additional files that were part of the reason why I believe ransomware is involved. You will see the file names are similar - I found copies of the two files on my wife's desktop. The Upload.zip file has been been uploaded to bleepingcomputer. 3. Two reasons I believe ransomware is involved. 1) The presence of the files in the Upload.zip archive. 2) My wife uses Quickbooks and apparently was asked recently to authorize an "update" that would "alter files" on her computer. She clicked "ok" and now she can't open Quickbooks. It just shows a generic Windows window with the message "Preparing to install". Please let me know what you think! Thanks so much for taking the time to help us... Fix result of Farbar Recovery Scan Tool (x64) Version: 25-09-2016 Ran by Kristina (25-09-2016 23:28:45) Run:2 Running from C:\Users\Kristina\Desktop Loaded Profiles: Kristina (Available Profiles: Kristina) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: CreateRestorePoint: ** Zip: C:\ProgramData\394F0EC6F0AA.html;C:\Users\Kristina\AppData\Local\keyfile3.drm;C:\ProgramData\KGyGaAvL.sys HKLM-x32\...\Run: [] => [X] Toolbar: HKU\S-1-5-21-3252455347-703174392-3648365992-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKU\S-1-5-21-3252455347-703174392-3648365992-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File CustomCLSID: HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Kristina\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File CustomCLSID: HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File Task: {1B17C89B-680B-452F-91C4-0CADDBCBB380} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {22FF264A-3E6A-4E03-8F49-D6E70B3E1FD9} - System32\Tasks\{006AD1B6-222C-4CFE-85B2-1E2E8DEF04D3} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.11.0.102/en/abandoninstall?page=tsProgressBar Task: {2AD7AA97-0E4D-4F46-95CB-D8D81A25C15A} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {49177DEE-4498-4826-9ABD-8BF428E85522} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {5241ED6F-A8F7-4ABB-A982-357C6FDA162C} - System32\Tasks\{4343919E-2492-488C-87C2-DD49906D36F3} => pcalua.exe -a C:\Users\Kristina\Desktop\mflpro\Data\Disk1\setup.exe -d C:\Users\Kristina\Desktop\mflpro\Data\Disk1 Task: {52F31410-8CD0-43DB-916A-2869FC1DC434} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {5586AD4B-9CAD-404D-8D94-2009439E5B78} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION Task: {5A374ABB-EFB6-4008-95A0-A80119052135} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {60B05D9F-4CB0-4BCC-84A4-25123956A84C} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION Task: {624DAE63-EB7D-404B-9EB5-F31738568CB3} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {6AF622B7-24CF-472A-A465-E05F6E2FCCC2} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION Task: {7373EA82-D937-4FC0-801D-AE566114B065} - System32\Tasks\{FFB0B17E-0DA1-459F-821E-6656577C1FF7} => pcalua.exe -a E:\DCP-8060\Data\Disk1\setup.exe -d E:\DCP-8060\Data\Disk1 Task: {83759810-2C14-48BB-8EB5-93A9BD9D1D8F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {959C9C84-4D61-4395-B104-70A543DF90C4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {9D54BA26-46B1-4F3B-A6D8-195AE539AC5D} - \CCleanerSkipUAC -> No File <==== ATTENTION Task: {BA5B7B15-6280-463B-BEB5-4628F7135248} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {C7CD42A8-1F6B-4865-AF86-CBFA8DF756D2} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION Task: {D24D30C0-8893-47FE-A6CA-BF8C50A3106D} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {F175926B-D01D-4AF8-B6BD-9D2480F43387} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION Task: {F3C28C7D-E871-4945-87EF-2033AF845CF0} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION C:\ProgramData\APN EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. ** Zip: C:\ProgramData\394F0EC6F0AA.html;C:\Users\Kristina\AppData\Local\keyfile3.drm;C:\ProgramData\KGyGaAvL.sys => Error: No automatic fix found for this entry. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully HKU\S-1-5-21-3252455347-703174392-3648365992-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found. HKU\S-1-5-21-3252455347-703174392-3648365992-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value removed successfully HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found. "HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}" => key removed successfully "HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => key removed successfully "HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully "HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}" => key removed successfully "HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully "HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}" => key removed successfully "HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}" => key removed successfully "HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => key removed successfully "HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully "HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}" => key removed successfully "HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}" => key removed successfully "HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1B17C89B-680B-452F-91C4-0CADDBCBB380}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1B17C89B-680B-452F-91C4-0CADDBCBB380}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{22FF264A-3E6A-4E03-8F49-D6E70B3E1FD9}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{22FF264A-3E6A-4E03-8F49-D6E70B3E1FD9}" => key removed successfully C:\WINDOWS\System32\Tasks\{006AD1B6-222C-4CFE-85B2-1E2E8DEF04D3} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{006AD1B6-222C-4CFE-85B2-1E2E8DEF04D3}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2AD7AA97-0E4D-4F46-95CB-D8D81A25C15A}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2AD7AA97-0E4D-4F46-95CB-D8D81A25C15A}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{49177DEE-4498-4826-9ABD-8BF428E85522}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{49177DEE-4498-4826-9ABD-8BF428E85522}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5241ED6F-A8F7-4ABB-A982-357C6FDA162C}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5241ED6F-A8F7-4ABB-A982-357C6FDA162C}" => key removed successfully C:\WINDOWS\System32\Tasks\{4343919E-2492-488C-87C2-DD49906D36F3} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4343919E-2492-488C-87C2-DD49906D36F3}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{52F31410-8CD0-43DB-916A-2869FC1DC434}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{52F31410-8CD0-43DB-916A-2869FC1DC434}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5586AD4B-9CAD-404D-8D94-2009439E5B78}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5586AD4B-9CAD-404D-8D94-2009439E5B78}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-Weekend" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5A374ABB-EFB6-4008-95A0-A80119052135}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A374ABB-EFB6-4008-95A0-A80119052135}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{60B05D9F-4CB0-4BCC-84A4-25123956A84C}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60B05D9F-4CB0-4BCC-84A4-25123956A84C}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{624DAE63-EB7D-404B-9EB5-F31738568CB3}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{624DAE63-EB7D-404B-9EB5-F31738568CB3}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6AF622B7-24CF-472A-A465-E05F6E2FCCC2}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6AF622B7-24CF-472A-A465-E05F6E2FCCC2}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7373EA82-D937-4FC0-801D-AE566114B065}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7373EA82-D937-4FC0-801D-AE566114B065}" => key removed successfully C:\WINDOWS\System32\Tasks\{FFB0B17E-0DA1-459F-821E-6656577C1FF7} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FFB0B17E-0DA1-459F-821E-6656577C1FF7}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{83759810-2C14-48BB-8EB5-93A9BD9D1D8F}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{83759810-2C14-48BB-8EB5-93A9BD9D1D8F}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{959C9C84-4D61-4395-B104-70A543DF90C4}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{959C9C84-4D61-4395-B104-70A543DF90C4}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9D54BA26-46B1-4F3B-A6D8-195AE539AC5D}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9D54BA26-46B1-4F3B-A6D8-195AE539AC5D}" => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BA5B7B15-6280-463B-BEB5-4628F7135248}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BA5B7B15-6280-463B-BEB5-4628F7135248}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C7CD42A8-1F6B-4865-AF86-CBFA8DF756D2}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C7CD42A8-1F6B-4865-AF86-CBFA8DF756D2}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D24D30C0-8893-47FE-A6CA-BF8C50A3106D}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D24D30C0-8893-47FE-A6CA-BF8C50A3106D}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F175926B-D01D-4AF8-B6BD-9D2480F43387}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F175926B-D01D-4AF8-B6BD-9D2480F43387}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F3C28C7D-E871-4945-87EF-2033AF845CF0}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3C28C7D-E871-4945-87EF-2033AF845CF0}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => key removed successfully C:\ProgramData\APN => moved successfully =========== EmptyTemp: ========== BITS transfer queue => 308208 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 39941868 B Java, Flash, Steam htmlcache => 744 B Windows/system/drivers => 42097089 B Edge => 189260190 B Chrome => 10314368 B Firefox => 26174256 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 41866 B NetworkService => 13932 B Kristina => 69229842 B DefaultAppPool => 0 B RecycleBin => 1916651 B EmptyTemp: => 361.7 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 23:29:54 ====
  14. Yoan - Thank you so much for your help...here are the logs: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-09-2016 Ran by Kristina (administrator) on KRISTINA-T420 (25-09-2016 11:10:53) Running from C:\Users\Kristina\Desktop Loaded Profiles: Kristina (Available Profiles: Kristina) Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Edge) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Lenovo.) C:\Windows\System32\ibmpmsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Google Inc.) C:\Users\Kristina\AppData\Local\Google\Update\GoogleUpdate.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.82_none_5be7b69702339d1d\TiWorker.exe (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe (Avast Software) C:\Program Files\AVAST Software\SZBrowser\launcher.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.7.113.0_x64__kzf8qxf38zg5c\SkypeHost.exe (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe (Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe (Avast Software) C:\Program Files\AVAST Software\SZBrowser\1.48.2066.101\SZBrowser_autoupdate.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avBugReport.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-05-11] (Apple Inc.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7408312 2016-06-27] (AVAST Software) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-09-24] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-09-24] (Adobe Systems Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-12-22] (Oracle Corporation) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-04-22] (Apple Inc.) Winlogon\Notify\igfxcui: C:\WINDOWS\SYSTEM32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3252455347-703174392-3648365992-1001\...\Run: [Google Update] => C:\Users\Kristina\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.) HKU\S-1-5-21-3252455347-703174392-3648365992-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [151040 2016-07-16] (Microsoft Corporation) Lsa: [Notification Packages] scecli ACGina ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-05-22] (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{33822998-1efa-40f7-9663-5deb2279be4c}: [NameServer] 208.67.222.222,208.67.220.220 Tcpip\..\Interfaces\{33822998-1efa-40f7-9663-5deb2279be4c}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{58548d9a-f585-45b7-a056-e2e8b885369a}: [NameServer] 212.247.156.66 212.247.156.70 Tcpip\..\Interfaces\{6c3d430a-bd8f-4faa-9648-adfe3ad99e78}: [DhcpNameServer] 96.24.14.12 75.94.255.12 Tcpip\..\Interfaces\{f2bd3f19-7256-40b7-b314-526868c45747}: [NameServer] 212.247.156.66 212.247.156.70 Internet Explorer: ================== HKU\S-1-5-21-3252455347-703174392-3648365992-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP HKU\S-1-5-21-3252455347-703174392-3648365992-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad SearchScopes: HKLM-x32 -> DefaultScope value is missing SearchScopes: HKU\S-1-5-21-3252455347-703174392-3648365992-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enUS461 SearchScopes: HKU\S-1-5-21-3252455347-703174392-3648365992-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enUS461 BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-05-22] (AVAST Software) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll [2013-09-02] () BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\ssv.dll [2016-02-01] (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-05-22] (AVAST Software) BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files (x86)\WOT\WOT.dll [2013-09-02] () BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-02-01] (Oracle Corporation) BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated) Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2013-09-02] () Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll [2013-09-02] () Toolbar: HKU\S-1-5-21-3252455347-703174392-3648365992-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKU\S-1-5-21-3252455347-703174392-3648365992-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File Toolbar: HKU\S-1-5-21-3252455347-703174392-3648365992-1001 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2013-09-02] () Handler-x32: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll [2012-05-12] (Intuit, Inc.) Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\SYSTEM32\mscoree.dll [2016-07-16] (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-07-22] (Skype Technologies) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation) Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll [2013-09-02] () Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll [2013-09-02] () FireFox: ======== FF ProfilePath: C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\a84o85uu.default FF Homepage: www.google.com FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll [2013-06-22] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll [2013-06-22] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll [2012-10-04] (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] () FF Plugin-x32: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-02-01] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-02-01] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @skyhookwireless.com/LokiPlugin,version=3.1.0.05 -> C:\Program Files (x86)\Skyhook Wireless\Loki ActiveX Component\versions\3.1.0.05\loki.dll [2009-02-24] (Skyhook Wireless) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-24] (Adobe Systems Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3252455347-703174392-3648365992-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.) FF Plugin HKU\S-1-5-21-3252455347-703174392-3648365992-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.) FF Plugin HKU\S-1-5-21-3252455347-703174392-3648365992-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll [2013-01-23] (Amazon.com, Inc.) FF Extension: (Skype) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-22] FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-05-22] FF HKLM-x32\...\Firefox\Extensions: [VIP@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client FF Extension: (Symantec VIP Access Add-On) - C:\Program Files (x86)\Symantec\VIP Access Client [2011-12-05] [not signed] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-12-26] [not signed] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF Chrome: ======= CHR Profile: C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default [2016-07-24] CHR Extension: (Chrome Web Store Payments) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-24] CHR HKU\S-1-5-21-3252455347-703174392-3648365992-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Kristina\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-09-20] CHR HKU\S-1-5-21-3252455347-703174392-3648365992-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-05-22] (AVAST Software) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation) S4 CACLEARWIRE; C:\Program Files (x86)\Clearwire\Connection Manager\ConAppsSvc.exe [124240 2009-11-09] (SmithMicro Inc.) S4 CLEARWIRERcAppSvc; C:\Program Files (x86)\Clearwire\Connection Manager\RcAppSvc.exe [120144 2009-11-09] (SmithMicro Inc.) S4 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [478056 2011-10-04] (Lenovo.) S4 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2014-11-16] (SurfRight B.V.) S4 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [339456 2010-11-16] () [File not signed] S4 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited) S4 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [555320 2014-12-10] (Malwarebytes Corporation) S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes) S4 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2011-12-22] (Intuit) [File not signed] S4 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2008-11-18] (Intuit Inc.) [File not signed] S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-07-16] (Microsoft Corporation) S4 SMSI Device Launch Service; C:\Program Files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe [107856 2009-11-09] () S4 SROSVC; C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [446800 2011-09-01] (Lenovo Group Limited) R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255608 2016-04-21] (Synaptics Incorporated) S4 Tele2 Mobile Partner. RunOuc; C:\Program Files (x86)\Tele2 Mobile Partner\UpdateDog\ouc.exe [218624 2015-02-02] () [File not signed] S4 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed] S4 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [82544 2011-06-30] (Symantec Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-05-22] (AVAST Software) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-05-22] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-05-22] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-05-22] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-05-22] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-05-22] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-05-22] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-05-22] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-08-05] (AVAST Software) R3 e1cexpress; C:\Windows\system32\DRIVERS\e1c64x64.sys [468752 2014-06-27] (Intel Corporation) R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2014-12-10] () R2 hmpalert; C:\Windows\System32\drivers\hmpalert.sys [93144 2014-11-16] () R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-09-24] (Malwarebytes) S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation) S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R3 NETwNe64; C:\Windows\System32\drivers\NETwew01.sys [3343872 2016-07-16] (Intel Corporation) S3 PCTINDIS5X64; C:\Windows\system32\PCTINDIS5X64.SYS [43032 2009-11-09] (Smith Micro Inc.) S3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [52912 2015-08-07] (Synaptics Incorporated) R3 Tvti2c; C:\Windows\system32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo (United States) Inc.) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) U4 aspnet_state; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-09-25 11:10 - 2016-09-25 11:10 - 00022943 _____ C:\Users\Kristina\Desktop\FRST.txt 2016-09-25 11:10 - 2016-09-25 11:10 - 00000000 ____D C:\FRST 2016-09-25 11:10 - 2016-09-25 11:07 - 02403328 _____ (Farbar) C:\Users\Kristina\Desktop\FRST64.exe 2016-09-24 18:36 - 2016-09-24 19:21 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2016-09-23 09:01 - 2016-09-23 09:01 - 00000000 ____D C:\ProgramData\Microsoft OneDrive 2016-09-23 08:58 - 2016-09-24 17:46 - 00000000 ____D C:\Users\Kristina\AppData\Local\ConnectedDevicesPlatform 2016-09-23 08:58 - 2016-09-23 08:58 - 00000020 ___SH C:\Users\Kristina\ntuser.ini 2016-09-23 07:23 - 2016-09-23 05:05 - 00000000 ___DC C:\WINDOWS\Panther 2016-09-23 07:18 - 2016-09-23 04:35 - 00000000 ____D C:\Windows.old 2016-09-23 07:17 - 2016-09-23 07:17 - 00000000 ____D C:\Program Files\CMAK 2016-09-23 07:17 - 2016-09-23 07:17 - 00000000 ____D C:\Program Files (x86)\CMAK 2016-09-23 07:16 - 2016-09-23 07:16 - 23681024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 22566400 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 20965248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 19417088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 19416576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 13434368 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 13081088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 12345856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 12174336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 09260032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmploc.DLL 2016-09-23 07:16 - 2016-09-23 07:16 - 09260032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmploc.DLL 2016-09-23 07:16 - 2016-09-23 07:16 - 08122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 07623680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 06574592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 06043136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 04747776 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 04130944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 03893376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 03776512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 03305984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 03299328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe 2016-09-23 07:16 - 2016-09-23 07:16 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2016-09-23 07:16 - 2016-09-23 07:16 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2016-09-23 07:16 - 2016-09-23 07:16 - 02537824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2016-09-23 07:16 - 2016-09-23 07:16 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 02481768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 02446696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 02424320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Perception.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 02370048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 02256224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2016-09-23 07:16 - 2016-09-23 07:16 - 02251432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 02217472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 02214784 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 02183792 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 02095616 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2016-09-23 07:16 - 2016-09-23 07:16 - 02049480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 02026496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2016-09-23 07:16 - 2016-09-23 07:16 - 01990640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 01966288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 01891328 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 01883784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 01853232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 01847048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 01707512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 01656320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Perception.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 01656320 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 01637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 01595904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 01570680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 01557296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 01555456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe 2016-09-23 07:16 - 2016-09-23 07:16 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 01472536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 01453992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 01418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 01403392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Editing.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 01362504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpmde.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 01360456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 01343928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 01316352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 01293312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe 2016-09-23 07:16 - 2016-09-23 07:16 - 01282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 01220608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 01176664 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 01123360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 01106944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 01081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 01077760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 01071728 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 01066104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00996192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi 2016-09-23 07:16 - 2016-09-23 07:16 - 00980824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00963584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebcamUi.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00959104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00955520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00944640 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebcamUi.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00811416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00804864 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MiracastReceiver.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00790760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00779776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscui.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00758784 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00755656 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00714240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys 2016-09-23 07:16 - 2016-09-23 07:16 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00640976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe 2016-09-23 07:16 - 2016-09-23 07:16 - 00590952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00540160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00508416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe 2016-09-23 07:16 - 2016-09-23 07:16 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00450392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys 2016-09-23 07:16 - 2016-09-23 07:16 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\das.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00444416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00435040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys 2016-09-23 07:16 - 2016-09-23 07:16 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00409944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS 2016-09-23 07:16 - 2016-09-23 07:16 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys 2016-09-23 07:16 - 2016-09-23 07:16 - 00408600 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsmf.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00396168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00379744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys 2016-09-23 07:16 - 2016-09-23 07:16 - 00343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00321792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe 2016-09-23 07:16 - 2016-09-23 07:16 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00313560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys 2016-09-23 07:16 - 2016-09-23 07:16 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfksproxy.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00248320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys 2016-09-23 07:16 - 2016-09-23 07:16 - 00244816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00224096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys 2016-09-23 07:16 - 2016-09-23 07:16 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2016-09-23 07:16 - 2016-09-23 07:16 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tcpipcfg.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00172528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00151224 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00141824 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\SysWOW64\DscCoreConfProv.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00133472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys 2016-09-23 07:16 - 2016-09-23 07:16 - 00128352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys 2016-09-23 07:16 - 2016-09-23 07:16 - 00121368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slc.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00117240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupugc.exe 2016-09-23 07:16 - 2016-09-23 07:16 - 00108384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys 2016-09-23 07:16 - 2016-09-23 07:16 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppc.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dasHost.exe 2016-09-23 07:16 - 2016-09-23 07:16 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncPolicy.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncPolicy.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00057400 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe 2016-09-23 07:16 - 2016-09-23 07:16 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappprxy.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceassociation.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe 2016-09-23 07:16 - 2016-09-23 07:16 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\encapi.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netiougc.exe 2016-09-23 07:16 - 2016-09-23 07:16 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanhlp.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\spwmp.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spwmp.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdxm.ocx 2016-09-23 07:16 - 2016-09-23 07:16 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxmasf.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdxm.ocx 2016-09-23 07:16 - 2016-09-23 07:16 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxmasf.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6r.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 22218808 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 17187840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 13867520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 09128448 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 08156592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 07813472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2016-09-23 07:15 - 2016-09-23 07:15 - 07792640 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 07654912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 07468032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 07220224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 07219672 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 06653592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 06109184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 05721808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 05684736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 05622600 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe 2016-09-23 07:15 - 2016-09-23 07:15 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 05384192 _____ (Microsoft) C:\WINDOWS\system32\dbgeng.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 05376000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 04557824 _____ (Microsoft) C:\WINDOWS\SysWOW64\dbgeng.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 03617792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2016-09-23 07:15 - 2016-09-23 07:15 - 03435008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 03245056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 03116544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAJApi.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 03105792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe 2016-09-23 07:15 - 2016-09-23 07:15 - 02999296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2016-09-23 07:15 - 2016-09-23 07:15 - 02947072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 02913104 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 02852864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 02846208 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 02820096 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 02745224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 02711040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 02630144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 02423296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAJApi.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 02360832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 02315264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 02289664 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 02264064 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 02208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.3D.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 02190688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2016-09-23 07:15 - 2016-09-23 07:15 - 02166232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 02143232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 02107392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 02083840 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 01993216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 01980768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 01905664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 01859264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 01812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 01780736 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 01755136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 01738040 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 01708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 01690112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 01643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 01534464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.3D.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2016-09-23 07:15 - 2016-09-23 07:15 - 01503032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 01491968 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 01469120 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 01456640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 01430208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 01377008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe 2016-09-23 07:15 - 2016-09-23 07:15 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 01349120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2016-09-23 07:15 - 2016-09-23 07:15 - 01349120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 01312768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorDataService.exe 2016-09-23 07:15 - 2016-09-23 07:15 - 01280352 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 01267504 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 01264912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 01232384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 01217880 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 01163696 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2016-09-23 07:15 - 2016-09-23 07:15 - 01107456 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 01105408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MiracastReceiver.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 01099616 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2016-09-23 07:15 - 2016-09-23 07:15 - 01082368 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 01078784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 01066328 _____ (Microsoft Corporation) C:\WINDOWS\system32\pidgenx.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 01052672 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 01046976 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2016-09-23 07:15 - 2016-09-23 07:15 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 01014784 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 01013248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 01006080 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00988000 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2016-09-23 07:15 - 2016-09-23 07:15 - 00959488 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00942432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi 2016-09-23 07:15 - 2016-09-23 07:15 - 00939872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pidgenx.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00936448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00911872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00905216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00895488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00885824 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2016-09-23 07:15 - 2016-09-23 07:15 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe 2016-09-23 07:15 - 2016-09-23 07:15 - 00853344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00820736 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00807776 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe 2016-09-23 07:15 - 2016-09-23 07:15 - 00806912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00782176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe 2016-09-23 07:15 - 2016-09-23 07:15 - 00781824 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe 2016-09-23 07:15 - 2016-09-23 07:15 - 00773200 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00764936 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00761344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00755200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00743424 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00681304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ClipSp.sys 2016-09-23 07:15 - 2016-09-23 07:15 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00674304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00665768 _____ (Microsoft Corporation) C:\WINDOWS\system32\GenValObj.exe 2016-09-23 07:15 - 2016-09-23 07:15 - 00658272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2016-09-23 07:15 - 2016-09-23 07:15 - 00650240 _____ (Microsoft) C:\WINDOWS\system32\DbgModel.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00642048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00619368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2016-09-23 07:15 - 2016-09-23 07:15 - 00611328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe 2016-09-23 07:15 - 2016-09-23 07:15 - 00601200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00595488 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00587968 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe 2016-09-23 07:15 - 2016-09-23 07:15 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.UXRes.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.UXRes.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00554496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00552288 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00538112 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00536576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00529928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00526848 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00523712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMRServer.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\system32\w32time.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00509952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe 2016-09-23 07:15 - 2016-09-23 07:15 - 00500224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe 2016-09-23 07:15 - 2016-09-23 07:15 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00461312 _____ (Microsoft) C:\WINDOWS\SysWOW64\DbgModel.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTMediaFrame.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00442368 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00423776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe 2016-09-23 07:15 - 2016-09-23 07:15 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00410624 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosResource.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosResource.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00405344 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2016-09-23 07:15 - 2016-09-23 07:15 - 00396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00389000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00382272 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe 2016-09-23 07:15 - 2016-09-23 07:15 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\NmaDirect.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00361096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsmf.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe 2016-09-23 07:15 - 2016-09-23 07:15 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTMediaFrame.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00354264 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe 2016-09-23 07:15 - 2016-09-23 07:15 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00340832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00327680 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00303968 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00302592 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NmaDirect.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_WorkAccess.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00279904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys 2016-09-23 07:15 - 2016-09-23 07:15 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe 2016-09-23 07:15 - 2016-09-23 07:15 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00260096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe 2016-09-23 07:15 - 2016-09-23 07:15 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafpos.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpipcfg.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\C_G18030.DLL 2016-09-23 07:15 - 2016-09-23 07:15 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\C_G18030.DLL 2016-09-23 07:15 - 2016-09-23 07:15 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe 2016-09-23 07:15 - 2016-09-23 07:15 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToReceiver.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe 2016-09-23 07:15 - 2016-09-23 07:15 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2016-09-23 07:15 - 2016-09-23 07:15 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00204288 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\DscCoreConfProv.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipboardServer.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00187232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys 2016-09-23 07:15 - 2016-09-23 07:15 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2016-09-23 07:15 - 2016-09-23 07:15 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfksproxy.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe 2016-09-23 07:15 - 2016-09-23 07:15 - 00178528 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ClipboardServer.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00168800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2016-09-23 07:15 - 2016-09-23 07:15 - 00162850 _____ C:\WINDOWS\system32\C_932.NLS 2016-09-23 07:15 - 2016-09-23 07:15 - 00160096 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\XamlTileRender.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys 2016-09-23 07:15 - 2016-09-23 07:15 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys 2016-09-23 07:15 - 2016-09-23 07:15 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\slc.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\MediaFoundation.DefaultPerceptionProvider.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupugc.exe 2016-09-23 07:15 - 2016-09-23 07:15 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00118112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\EhStorTcgDrv.sys 2016-09-23 07:15 - 2016-09-23 07:15 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00114192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MapControls.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MapControls.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CastLaunch.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00079536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00077664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys 2016-09-23 07:15 - 2016-09-23 07:15 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00073568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys 2016-09-23 07:15 - 2016-09-23 07:15 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappprxy.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AddressParser.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe 2016-09-23 07:15 - 2016-09-23 07:15 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\POSyncServices.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataPlatformHelperUtil.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00062816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys 2016-09-23 07:15 - 2016-09-23 07:15 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\POSyncServices.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModelOOBE.exe 2016-09-23 07:15 - 2016-09-23 07:15 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataPlatformHelperUtil.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AddressParser.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactActivation.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00050880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2016-09-23 07:15 - 2016-09-23 07:15 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactActivation.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTypeHelperUtil.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00044472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe 2016-09-23 07:15 - 2016-09-23 07:15 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataLanguageUtil.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys 2016-09-23 07:15 - 2016-09-23 07:15 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe 2016-09-23 07:15 - 2016-09-23 07:15 - 00041824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SysResetErr.exe 2016-09-23 07:15 - 2016-09-23 07:15 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys 2016-09-23 07:15 - 2016-09-23 07:15 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTypeHelperUtil.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys 2016-09-23 07:15 - 2016-09-23 07:15 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataLanguageUtil.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00036168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfpmp.exe 2016-09-23 07:15 - 2016-09-23 07:15 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceassociation.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\netiougc.exe 2016-09-23 07:15 - 2016-09-23 07:15 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2016-09-23 07:15 - 2016-09-23 07:15 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerSvc.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\delegatorprovider.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi_passthru.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\smphost.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExtrasXmlParser.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\encapi.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smphost.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\delegatorprovider.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi_passthru.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00020320 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExtrasXmlParser.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\C_IS2022.DLL 2016-09-23 07:15 - 2016-09-23 07:15 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\c_GSM7.DLL 2016-09-23 07:15 - 2016-09-23 07:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\C_IS2022.DLL 2016-09-23 07:15 - 2016-09-23 07:15 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\c_GSM7.DLL 2016-09-23 07:15 - 2016-09-23 07:15 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.exe 2016-09-23 07:15 - 2016-09-23 07:15 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosTrace.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosTrace.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosHost.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosHost.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccessRes.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccessRes.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneutilRes.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6r.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlStringsRes.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneutilRes.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneServiceRes.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlStringsRes.dll 2016-09-23 07:10 - 2016-07-15 22:29 - 06225408 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsLexicons0027.dll 2016-09-23 07:10 - 2016-07-15 22:26 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsData0027.dll 2016-09-23 07:10 - 2016-07-15 22:25 - 01915392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MLS2.dll 2016-09-23 07:10 - 2016-07-15 21:45 - 06225408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsLexicons0027.dll 2016-09-23 07:10 - 2016-07-15 21:42 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsData0027.dll 2016-09-23 07:10 - 2016-07-15 21:39 - 01868800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MLS2.dll 2016-09-23 07:09 - 2016-09-23 07:09 - 00008192 _____ C:\WINDOWS\system32\config\userdiff 2016-09-23 07:07 - 2016-09-23 07:07 - 00199008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys 2016-09-23 05:07 - 2016-09-23 05:07 - 00000000 ____D C:\ProgramData\USOShared 2016-09-23 05:05 - 2016-09-23 05:05 - 00000000 _SHDL C:\Users\Default\My Documents 2016-09-23 05:05 - 2016-09-23 05:05 - 00000000 _SHDL C:\Users\Default\Documents\My Videos 2016-09-23 05:05 - 2016-09-23 05:05 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures 2016-09-23 05:05 - 2016-09-23 05:05 - 00000000 _SHDL C:\Users\Default\Documents\My Music 2016-09-23 05:05 - 2016-09-23 05:05 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos 2016-09-23 05:05 - 2016-09-23 05:05 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures 2016-09-23 05:05 - 2016-09-23 05:05 - 00000000 _SHDL C:\Users\Default User\Documents\My Music 2016-09-23 05:02 - 2016-09-23 05:04 - 00011433 _____ C:\WINDOWS\diagwrn.xml 2016-09-23 05:02 - 2016-09-23 05:04 - 00011433 _____ C:\WINDOWS\diagerr.xml 2016-09-23 04:55 - 2016-09-25 11:05 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-09-23 04:55 - 2016-09-23 04:55 - 00003534 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3252455347-703174392-3648365992-1001UA1d1e9de78b987dd 2016-09-23 04:55 - 2016-09-23 04:55 - 00003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2016-09-23 04:55 - 2016-09-23 04:55 - 00003434 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1d1e9ddf99919cf 2016-09-23 04:55 - 2016-09-23 04:55 - 00003358 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1459357021 2016-09-23 04:55 - 2016-09-23 04:55 - 00003310 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7A1CAD8F-6407-4F4C-A32D-30A2AB5907E6} 2016-09-23 04:55 - 2016-09-23 04:55 - 00003262 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3252455347-703174392-3648365992-1001Core1d1e9de7810862a 2016-09-23 04:55 - 2016-09-23 04:55 - 00003206 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1d1e9ddf8b95875 2016-09-23 04:55 - 2016-09-23 04:55 - 00003160 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update 2016-09-23 04:55 - 2016-09-23 04:55 - 00002828 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task 2016-09-23 04:55 - 2016-09-23 04:55 - 00002774 _____ C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-Kristina-T420-Kristina 2016-09-23 04:55 - 2016-09-23 04:55 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD 2016-09-23 04:55 - 2016-09-23 04:55 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking 2016-09-23 04:55 - 2016-09-23 04:55 - 00000000 ____D C:\WINDOWS\System32\Tasks\Lenovo 2016-09-23 04:55 - 2016-09-23 04:55 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software 2016-09-23 04:55 - 2016-09-23 04:55 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple 2016-09-23 04:55 - 2016-05-16 00:15 - 00004006 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3252455347-703174392-3648365992-1001UA 2016-09-23 04:55 - 2016-05-16 00:15 - 00004004 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2016-09-23 04:55 - 2016-05-16 00:15 - 00003610 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3252455347-703174392-3648365992-1001Core1d043c6c7a6c30c 2016-09-23 04:55 - 2016-05-16 00:15 - 00002988 _____ C:\WINDOWS\System32\Tasks\DiskUpdate 2016-09-23 04:55 - 2016-05-16 00:14 - 00004358 _____ C:\WINDOWS\System32\Tasks\PCDoctorBackgroundMonitorTask 2016-09-23 04:55 - 2016-05-16 00:14 - 00003752 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1d043c6b825e05e 2016-09-23 04:55 - 2016-05-16 00:14 - 00003752 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2016-09-23 04:55 - 2016-05-16 00:14 - 00003618 _____ C:\WINDOWS\System32\Tasks\SystemToolsDailyTest 2016-09-23 04:55 - 2016-05-16 00:14 - 00003610 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3252455347-703174392-3648365992-1001Core 2016-09-23 04:55 - 2016-05-16 00:14 - 00003558 _____ C:\WINDOWS\System32\Tasks\PCDEventLauncher 2016-09-23 04:55 - 2016-05-16 00:14 - 00003546 _____ C:\WINDOWS\System32\Tasks\Apple Diagnostics 2016-09-23 04:55 - 2016-05-16 00:14 - 00003486 _____ C:\WINDOWS\System32\Tasks\MCP 2016-09-23 04:55 - 2016-05-16 00:14 - 00003362 _____ C:\WINDOWS\System32\Tasks\{4343919E-2492-488C-87C2-DD49906D36F3} 2016-09-23 04:55 - 2016-05-16 00:14 - 00003278 _____ C:\WINDOWS\System32\Tasks\{FFB0B17E-0DA1-459F-821E-6656577C1FF7} 2016-09-23 04:55 - 2016-05-16 00:14 - 00003192 _____ C:\WINDOWS\System32\Tasks\{006AD1B6-222C-4CFE-85B2-1E2E8DEF04D3} 2016-09-23 04:55 - 2016-05-16 00:14 - 00003110 _____ C:\WINDOWS\System32\Tasks\PMTask 2016-09-23 04:55 - 2016-05-16 00:14 - 00003092 _____ C:\WINDOWS\System32\Tasks\Synaptics TouchPad Enhancements 2016-09-23 04:43 - 2016-09-23 04:43 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2016-09-23 04:43 - 2016-09-23 04:43 - 00000000 ____D C:\Users\Default\AppData\Roaming\Media Center Programs 2016-09-23 04:43 - 2016-09-23 04:43 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia 2016-09-23 04:43 - 2016-09-23 04:43 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help 2016-09-23 04:43 - 2016-09-23 04:43 - 00000000 ____D C:\Users\Default\AppData\Local\Google 2016-09-23 04:43 - 2016-09-23 04:43 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Media Center Programs 2016-09-23 04:43 - 2016-09-23 04:43 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia 2016-09-23 04:43 - 2016-09-23 04:43 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help 2016-09-23 04:43 - 2016-09-23 04:43 - 00000000 ____D C:\Users\Default User\AppData\Local\Google 2016-09-23 04:35 - 2016-09-23 04:35 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines 2016-09-23 04:34 - 2016-09-23 04:46 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate 2016-09-23 04:32 - 2016-09-24 18:25 - 00000000 ____D C:\Users\Kristina 2016-09-23 04:32 - 2016-09-23 04:51 - 00000000 ____D C:\Users\DefaultAppPool 2016-09-23 04:32 - 2016-09-23 04:32 - 00000000 _SHDL C:\Users\Kristina\My Documents 2016-09-23 04:32 - 2016-09-23 04:32 - 00000000 _SHDL C:\Users\Kristina\Documents\My Videos 2016-09-23 04:32 - 2016-09-23 04:32 - 00000000 _SHDL C:\Users\Kristina\Documents\My Pictures 2016-09-23 04:32 - 2016-09-23 04:32 - 00000000 _SHDL C:\Users\Kristina\Documents\My Music 2016-09-23 04:32 - 2016-09-23 04:32 - 00000000 _SHDL C:\Users\DefaultAppPool\My Documents 2016-09-23 04:32 - 2016-09-23 04:32 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Videos 2016-09-23 04:32 - 2016-09-23 04:32 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Pictures 2016-09-23 04:32 - 2016-09-23 04:32 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Music 2016-09-23 04:27 - 2016-09-23 04:35 - 00000000 ____D C:\Program Files\CONEXANT 2016-09-23 04:27 - 2016-09-23 04:27 - 00000410 _____ C:\WINDOWS\BRWMARK.INI 2016-09-23 04:27 - 2016-09-23 04:27 - 00000034 _____ C:\WINDOWS\SysWOW64\BD8060.DAT 2016-09-23 04:27 - 2016-09-23 04:27 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf 2016-09-23 04:27 - 2016-07-16 06:41 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll 2016-09-23 04:26 - 2016-09-23 04:26 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf 2016-09-23 04:26 - 2016-09-23 04:26 - 00000000 ____D C:\Program Files\Synaptics 2016-09-23 04:25 - 2016-09-24 18:06 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2016-09-23 04:25 - 2016-09-23 04:25 - 00000000 ____D C:\WINDOWS\ServiceProfiles 2016-09-23 04:24 - 2016-09-24 17:39 - 00398480 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-09-21 12:53 - 2016-09-21 12:53 - 02878185 _____ C:\Users\Kristina\Downloads\Prenup2008.pdf 2016-09-15 16:56 - 2016-09-15 16:56 - 00011264 _____ C:\Users\Kristina\Downloads\ATTORNEY_PAYMENT_REPORT (5).xls 2016-09-15 16:41 - 2016-09-15 16:41 - 00010240 _____ C:\Users\Kristina\Downloads\ATTORNEY_PAYMENT_REPORT (4).xls 2016-09-15 16:19 - 2016-09-15 16:19 - 00011264 _____ C:\Users\Kristina\Downloads\ATTORNEY_PAYMENT_REPORT (3).xls 2016-09-15 16:15 - 2016-09-15 16:15 - 00011264 _____ C:\Users\Kristina\Downloads\ATTORNEY_PAYMENT_REPORT (2).xls 2016-09-15 16:09 - 2016-09-15 16:09 - 00010240 _____ C:\Users\Kristina\Downloads\ATTORNEY_PAYMENT_REPORT (1).xls 2016-09-15 15:57 - 2016-09-15 15:58 - 00011264 _____ C:\Users\Kristina\Downloads\ATTORNEY_PAYMENT_REPORT.xls 2016-09-14 15:13 - 2016-09-14 15:13 - 03393566 _____ C:\Users\Kristina\Downloads\NOM Motion to Modify judgment.pdf 2016-09-14 15:12 - 2016-09-14 15:13 - 03800786 _____ C:\Users\Kristina\Downloads\Motion to Modify Judgment signed.pdf 2016-09-09 12:22 - 2016-09-09 12:22 - 00406423 _____ C:\Users\Kristina\Downloads\compliance_certificate.pdf 2016-09-09 11:06 - 2016-09-09 11:06 - 00383367 _____ C:\Users\Kristina\Downloads\retrievedocument.pdf 2016-09-02 15:27 - 2016-09-02 15:27 - 00012764 _____ C:\Users\Kristina\Downloads\165.pdf 2016-09-02 15:24 - 2016-09-02 15:24 - 00014561 _____ C:\Users\Kristina\Downloads\166.pdf 2016-09-02 15:19 - 2016-09-02 15:19 - 00020757 _____ C:\Users\Kristina\Downloads\169.pdf 2016-09-02 15:19 - 2016-09-02 15:19 - 00020757 _____ C:\Users\Kristina\Downloads\169 (1).pdf 2016-09-02 15:18 - 2016-09-02 15:18 - 00048513 _____ C:\Users\Kristina\Downloads\168.pdf 2016-09-02 15:17 - 2016-09-02 15:17 - 00036145 _____ C:\Users\Kristina\Downloads\21F.pdf 2016-09-02 15:16 - 2016-09-02 15:16 - 00079526 _____ C:\Users\Kristina\Downloads\45B.pdf 2016-09-01 14:34 - 2016-09-01 14:34 - 04215871 _____ C:\Users\Kristina\Downloads\Petition for Dissolution of Marriage signed (1).pdf 2016-08-31 18:26 - 2016-08-31 18:26 - 00012635 _____ C:\Users\Kristina\Documents\EXHIBIT B for Prenuptial agreement Revised.pdf 2016-08-31 17:43 - 2016-08-31 17:43 - 03898009 _____ C:\Users\Kristina\Downloads\Petition for Temp Maintenance signed.pdf 2016-08-31 17:43 - 2016-08-31 17:43 - 03898009 _____ C:\Users\Kristina\Downloads\Petition for Temp Maintenance signed (1).pdf 2016-08-31 17:41 - 2016-08-31 17:43 - 03393182 _____ C:\Users\Kristina\Downloads\Re-NOM Pet for Temp Maintenance.pdf 2016-08-31 17:41 - 2016-08-31 17:41 - 03393182 _____ C:\Users\Kristina\Downloads\Re-NOM Pet for Temp Maintenance (1).pdf 2016-08-31 10:57 - 2016-08-31 10:57 - 02428482 _____ C:\Users\Kristina\Downloads\Summons.pdf 2016-08-31 10:54 - 2016-08-31 10:55 - 04218477 _____ C:\Users\Kristina\Downloads\Petition for Allocation of Parental Responsibilities signed.pdf 2016-08-31 10:48 - 2016-08-31 10:48 - 00022921 _____ C:\Users\Kristina\Downloads\REGULAR COPY DOC.pdf ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-09-25 11:08 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-09-24 20:03 - 2016-07-16 01:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI 2016-09-24 19:24 - 2016-07-29 18:52 - 00961290 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-09-24 19:22 - 2012-12-14 21:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-09-24 18:56 - 2014-12-06 11:57 - 00000000 ____D C:\ProgramData\APN 2016-09-24 18:38 - 2014-06-23 12:06 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-09-24 18:31 - 2014-11-16 21:15 - 00000000 ____D C:\WINDOWS\CryptoGuard 2016-09-24 18:22 - 2014-12-04 21:48 - 00001182 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-09-24 18:22 - 2014-11-06 22:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-09-24 18:22 - 2014-06-23 12:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-09-24 17:57 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF 2016-09-24 17:35 - 2011-12-09 22:55 - 00000000 ____D C:\Users\Kristina\AppData\Roaming\Skype 2016-09-24 17:34 - 2011-12-22 17:54 - 00000000 ____D C:\Users\Kristina\Documents\Outlook Files 2016-09-24 07:35 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps 2016-09-24 04:11 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\appcompat 2016-09-23 13:39 - 2011-12-09 22:55 - 00000000 ____D C:\ProgramData\Skype 2016-09-23 11:12 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-09-23 11:00 - 2010-11-20 22:27 - 00504488 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2016-09-23 09:30 - 2011-12-27 19:04 - 00000000 ____D C:\Users\Kristina\Documents\A SOLO PRACTICE 2016-09-23 09:20 - 2016-07-30 22:37 - 00000000 ____D C:\Users\Kristina\AppData\Local\Packages 2016-09-23 09:11 - 2016-07-30 22:45 - 00002427 _____ C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-09-23 09:11 - 2016-07-30 22:45 - 00000000 ___RD C:\Users\Kristina\OneDrive 2016-09-23 08:59 - 2016-04-27 01:42 - 00000000 __RHD C:\Users\Public\AccountPictures 2016-09-23 08:59 - 2011-12-09 21:07 - 00000000 ___RD C:\Users\Kristina\Virtual Machines 2016-09-23 07:23 - 2016-07-16 06:47 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template 2016-09-23 07:17 - 2016-07-16 09:29 - 00000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2016-09-23 07:17 - 2016-07-16 06:47 - 00000000 ___SD C:\WINDOWS\system32\F12 2016-09-23 07:17 - 2016-07-16 06:47 - 00000000 ___SD C:\WINDOWS\system32\dsc 2016-09-23 07:17 - 2016-07-16 06:47 - 00000000 ___RD C:\Program Files\Windows Defender 2016-09-23 07:17 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2016-09-23 07:17 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\lv-LV 2016-09-23 07:17 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\lt-LT 2016-09-23 07:17 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\et-EE 2016-09-23 07:17 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\es-MX 2016-09-23 07:17 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\en-GB 2016-09-23 07:17 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\appraiser 2016-09-23 07:17 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\ShellExperiences 2016-09-23 07:17 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\Provisioning 2016-09-23 07:17 - 2016-07-16 06:47 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2016-09-23 07:17 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism 2016-09-23 07:17 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\system32\Dism 2016-09-23 05:07 - 2016-07-16 06:47 - 00000000 ____D C:\ProgramData\USOPrivate 2016-09-23 05:06 - 2016-07-16 01:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM 2016-09-23 05:04 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\rescache 2016-09-23 05:02 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase 2016-09-23 05:02 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\Registration 2016-09-23 05:02 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated 2016-09-23 04:55 - 2016-07-29 19:14 - 00022840 _____ C:\WINDOWS\system32\emptyregdb.dat 2016-09-23 04:55 - 2016-07-29 16:16 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3252455347-703174392-3648365992-1001UA1d1e9de78b987dd.job 2016-09-23 04:55 - 2016-07-29 16:16 - 00000868 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3252455347-703174392-3648365992-1001Core1d1e9de7810862a.job 2016-09-23 04:54 - 2016-07-16 06:47 - 00000000 __RSD C:\WINDOWS\Media 2016-09-23 04:54 - 2016-07-16 06:47 - 00000000 __RHD C:\Users\Public\Libraries 2016-09-23 04:46 - 2016-07-29 21:24 - 00000000 ____D C:\Program Files (x86)\MSBuild 2016-09-23 04:46 - 2016-05-30 09:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2016-09-23 04:46 - 2016-05-30 09:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime 2016-09-23 04:46 - 2016-04-27 01:21 - 00000000 ____D C:\WINDOWS\ShellNew 2016-09-23 04:46 - 2015-02-02 16:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tele2 Mobile Partner 2016-09-23 04:46 - 2014-12-06 11:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2016-09-23 04:46 - 2014-11-16 21:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foolish IT 2016-09-23 04:46 - 2014-11-16 21:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert 2016-09-23 04:46 - 2014-11-16 21:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit 2016-09-23 04:46 - 2013-09-20 11:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2016-09-23 04:46 - 2013-09-04 16:22 - 00000000 ____D C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2016-09-23 04:46 - 2013-09-04 16:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2016-09-23 04:46 - 2013-05-25 22:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud 2016-09-23 04:46 - 2012-06-27 16:42 - 00000000 ____D C:\WINDOWS\en 2016-09-23 04:46 - 2012-05-20 03:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2016-09-23 04:46 - 2011-12-22 17:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WordPerfect Office X3 2016-09-23 04:46 - 2011-12-22 16:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickBooks 2016-09-23 04:46 - 2011-12-15 09:18 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe 2016-09-23 04:46 - 2011-12-12 05:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2 2016-09-23 04:46 - 2011-12-11 21:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint 2016-09-23 04:46 - 2011-12-11 21:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016-09-23 04:46 - 2011-12-05 16:19 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live 2016-09-23 04:46 - 2011-12-05 16:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel DVD MovieFactory Lenovo Edition 2016-09-23 04:46 - 2011-12-05 16:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel 2016-09-23 04:46 - 2011-12-05 16:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Wireless Display 2016-09-23 04:46 - 2011-12-05 16:00 - 00000000 ___HD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools 2016-09-23 04:46 - 2011-12-05 15:58 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel 2016-09-23 04:46 - 2011-12-05 15:46 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Virtual PC 2016-09-23 04:43 - 2016-07-16 06:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2016-09-23 04:43 - 2015-10-30 01:28 - 00000000 ____D C:\Users\Default.migrated 2016-09-23 04:37 - 2016-07-29 21:24 - 00000000 ____D C:\WINDOWS\SysWOW64\BestPractices 2016-09-23 04:37 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\IME 2016-09-23 04:37 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\spool 2016-09-23 04:37 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\oobe 2016-09-23 04:37 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\NDF 2016-09-23 04:37 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\inetsrv 2016-09-23 04:37 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\IME 2016-09-23 04:37 - 2012-03-15 16:12 - 00000000 ____D C:\WINDOWS\SysWOW64\Adobe 2016-09-23 04:37 - 2012-02-16 04:01 - 00000000 __SHD C:\WINDOWS\SysWOW64\%APPDATA% 2016-09-23 04:37 - 2011-12-09 20:36 - 00000000 ___HD C:\WINDOWS\system32\WLANProfiles 2016-09-23 04:36 - 2016-07-29 21:24 - 00000000 ____D C:\WINDOWS\system32\BestPractices 2016-09-23 04:36 - 2016-07-16 06:47 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files 2016-09-23 04:36 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\schemas 2016-09-23 04:36 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions 2016-09-23 04:36 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports 2016-09-23 04:36 - 2012-01-10 23:56 - 00000000 __SHD C:\WINDOWS\system32\%APPDATA% 2016-09-23 04:36 - 2011-12-11 18:23 - 00000000 ____D C:\WINDOWS\system32\appmgmt 2016-09-23 04:35 - 2016-07-29 21:24 - 00000000 ____D C:\Program Files\Reference Assemblies 2016-09-23 04:35 - 2016-07-29 21:24 - 00000000 ____D C:\Program Files\MSBuild 2016-09-23 04:35 - 2016-07-29 21:24 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies 2016-09-23 04:35 - 2016-07-16 06:47 - 00000000 __SHD C:\Program Files\Windows Sidebar 2016-09-23 04:35 - 2016-07-16 06:47 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar 2016-09-23 04:35 - 2016-07-16 06:47 - 00000000 ____D C:\Program Files\Common Files\System 2016-09-23 04:35 - 2016-07-16 06:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2016-09-23 04:35 - 2015-12-26 11:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2016-09-23 04:35 - 2013-07-28 10:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe 2016-09-23 04:35 - 2013-02-02 13:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon 2016-09-23 04:35 - 2011-12-27 14:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother 2016-09-23 04:35 - 2011-12-22 23:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clearwire 2016-09-23 04:35 - 2011-12-05 16:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote 2016-09-23 04:35 - 2011-12-05 15:59 - 00000000 ____D C:\Program Files (x86)\Lenovo 2016-09-23 04:35 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Microsoft Games 2016-09-23 04:31 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep 2016-09-23 04:28 - 2016-07-16 06:47 - 00000000 ___RD C:\WINDOWS\PrintDialog 2016-09-23 04:28 - 2016-07-16 06:47 - 00000000 ___RD C:\WINDOWS\MiracastView 2016-09-23 04:28 - 2016-07-16 06:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2016-09-23 03:33 - 2016-07-16 10:17 - 00000000 ___HD C:\$WINDOWS.~BT 2016-09-23 03:17 - 2016-07-29 16:12 - 00000898 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d1e9ddf99919cf.job 2016-09-22 16:17 - 2016-07-29 16:12 - 00000894 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d1e9ddf8b95875.job 2016-09-17 18:37 - 2011-12-27 19:17 - 00000000 ____D C:\Users\Kristina\Documents\Lisle's docs 2016-09-15 15:19 - 2012-05-20 03:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2016-09-15 15:19 - 2012-05-20 03:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2016-09-15 15:14 - 2013-07-18 03:01 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-09-15 15:08 - 2011-12-22 16:56 - 144199024 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-09-14 13:49 - 2011-12-27 19:18 - 00000000 ____D C:\Users\Kristina\Documents\MAMI 2016-09-07 11:32 - 2016-07-16 06:49 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2016-09-07 11:32 - 2016-07-16 06:49 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2016-09-06 08:41 - 2011-12-27 19:04 - 00000000 ____D C:\Users\Kristina\Documents\PASSWORDS 2016-08-29 16:52 - 2012-02-04 12:24 - 00000000 ___RD C:\Program Files (x86)\Skype ==================== Files in the root of some directories ======= 2013-07-19 15:16 - 2013-07-19 15:16 - 0004096 ____H () C:\Users\Kristina\AppData\Local\keyfile3.drm 1601-03-12 08:17 - 1601-03-12 08:17 - 0014193 _____ () C:\ProgramData\394F0EC6F0AA.html 2012-04-03 19:56 - 2012-04-03 19:56 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys Some files in TEMP: ==================== C:\Users\Kristina\AppData\Local\Temp\dbfhide.exe C:\Users\Kristina\AppData\Local\Temp\dblgen10.dll C:\Users\Kristina\AppData\Local\Temp\dblib10.dll C:\Users\Kristina\AppData\Local\Temp\dbtool10.dll C:\Users\Kristina\AppData\Local\Temp\FsdRegistration.dll C:\Users\Kristina\AppData\Local\Temp\GDSBLMgr.dll C:\Users\Kristina\AppData\Local\Temp\Intuit.Spc.Map.EntitlementClient.Install.dll C:\Users\Kristina\AppData\Local\Temp\msvcp80.dll C:\Users\Kristina\AppData\Local\Temp\msvcr80.dll C:\Users\Kristina\AppData\Local\Temp\QBFirwal.dll C:\Users\Kristina\AppData\Local\Temp\qbinstal.dll C:\Users\Kristina\AppData\Local\Temp\QBNGEN.dll C:\Users\Kristina\AppData\Local\Temp\SMUnInstaller.dll C:\Users\Kristina\AppData\Local\Temp\stlport_r50.dll C:\Users\Kristina\AppData\Local\Temp\StopQBServer.dll C:\Users\Kristina\AppData\Local\Temp\UtilDBSetup.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-09-23 04:24 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-09-2016 Ran by Kristina (25-09-2016 11:13:16) Running from C:\Users\Kristina\Desktop Windows 10 Pro Version 1607 (X64) (2016-09-23 10:05:57) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3252455347-703174392-3648365992-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3252455347-703174392-3648365992-503 - Limited - Disabled) Guest (S-1-5-21-3252455347-703174392-3648365992-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3252455347-703174392-3648365992-1045 - Limited - Enabled) Kristina (S-1-5-21-3252455347-703174392-3648365992-1001 - Administrator - Enabled) => C:\Users\Kristina ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated) Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.16 - Adobe Systems) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated) Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.) Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated) Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.7.700.224 - Adobe Systems Incorporated) Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated) Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.07 - Adobe Systems Incorporated) Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.) Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC) Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) Avast Free Antivirus (HKLM-x32\...\avast) (Version: 11.2.2262 - AVAST Software) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Brother MFL-Pro Suite DCP-8060 (HKLM-x32\...\{9211CCBB-BEFE-4A0C-9199-D7A535DBFE5F}) (Version: 1.0.0.0 - Brother Industries, Ltd.) Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden CLEAR Connection Manager (HKLM\...\{077AA014-B568-4FF8-B360-9ACE1A1F4571}) (Version: 1.05.0035.0 - Clearwire) Conexant 20672 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.23.2 - Conexant) Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation) Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation) Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.890 - Corel Inc.) CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version: - Foolish IT LLC) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - ) Elements 10 Organizer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.15 - Evernote Corp.) Google Drive (HKLM-x32\...\{459CE109-4E46-4340-92BC-054642BC3BC2}) (Version: 1.31.2873.2758 - Google, Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden HitmanPro.Alert (HKLM\...\HitmanPro.Alert) (Version: 2.6.5.77 - SurfRight B.V.) iCloud (HKLM\...\{704C0303-D20C-45AF-BD2B-556EAF31BE09}) (Version: 2.1.2.8 - Apple Inc.) Integrated Camera Driver Installer Package Ver.1.1.0.1147 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1147 - RICOH) Integrated Camera TWAIN (HKLM-x32\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.11.1223 - Chicony Electronics Co.,Ltd.) Intel PROSet Wireless (x32 Version: - ) Hidden Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 16.4 - Intel) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2843 - Intel Corporation) iTunes (HKLM\...\{58D7E5F7-BAD1-49C5-93C8-B655736EDA00}) (Version: 12.4.0.119 - Apple Inc.) Java 8 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218071F0}) (Version: 8.0.710.15 - Oracle Corporation) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.10 - ) Lenovo Patch Utility (HKLM-x32\...\{24E92E7A-6848-4747-A3EA-3AAC0576BE52}) (Version: 1.00.0000 - Lenovo Group Limited) Lenovo Patch Utility 64 bit (HKLM\...\{39A04221-294E-4D90-A0F2-CCB1EF15CB56}) (Version: 1.20.0001 - Lenovo Group Limited) Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.10.15 - Lenovo) Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.) Lenovo Screen Reading Optimizer (HKLM-x32\...\{91A29166-4E1B-4664-B70B-4C4A3B6B3372}) (Version: 1.10 - Lenovo) Lenovo SimpleTap (HKLM\...\{39969C3E-B297-41E5-9A7B-E252B504B21B}) (Version: 2.1.0003.00 - Lenovo Group Limited) Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - ) Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5849.23 - PC-Doctor, Inc.) Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Lenovo) Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo) Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 3.00.006.0 - Lenovo) Loki ActiveX Control (HKLM-x32\...\Loki ActiveX Control) (Version: 3.1.0.05 - SkyhookWireless) Malwarebytes Anti-Exploit version 1.05.1.1016 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.05.1.1016 - Malwarebytes) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Message Center Plus (HKLM-x32\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited) Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50709.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 47.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.1.6018 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.60.01 - ) PSE10 STI Installer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden QuickBooks (x32 Version: 19.0.4014.705 - Intuit Inc.) Hidden QuickBooks Pro 2009 (HKLM-x32\...\{9A2F0810-3622-4E86-9072-973FBE1679C5}) (Version: 19.0.4014.705 - Intuit Inc.) QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.) RapidBoot (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.11 - Lenovo) Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - ) RICOH_Media_Driver_v2.13.18.02 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.13.18.02 - RICOH) SafeZone Stable 1.48.2066.101 (x32 Version: 1.48.2066.101 - Avast Software) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation) Skype™ 7.28 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.28.101 - Skype Technologies S.A.) SupportSoft Assisted Service (HKLM-x32\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.85 - Synaptics Incorporated) System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.01.0015 - Lenovo) Tele2 Mobile Partner (HKLM-x32\...\Tele2 Mobile Partner) (Version: 21.005.11.03.56 - Huawei Technologies Co.,Ltd) ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}) (Version: 6.4.0.2900 - Broadcom Corporation) ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.40 - ) ThinkPad Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.64 - ) ThinkPad UltraNav Utility (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo) ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 5.85 - Lenovo) ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.75 - Lenovo) ThinkVantage AutoLock (HKLM\...\{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1) (Version: 1.05 - Lenovo) ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.08 - Lenovo) Update Manager (x32 Version: 4.60 - Corel Corporation) Hidden VIP Access (HKLM-x32\...\{E8D46836-CD55-453C-A107-A59EC51CB8DC}) (Version: 2.0.2.140 - VeriSign) Windows Driver Package - Intel (e1cexpress) Net (12/21/2010 11.8.84.0) (HKLM\...\6D23A494E9A245843FB8584D9307D3E328DF8613) (Version: 12/21/2010 11.8.84.0 - Intel) Windows Driver Package - Intel System (09/10/2010 9.2.0.1011) (HKLM\...\0CDBDD444A1F5FFEA227B4E7DCE195F11F08240A) (Version: 09/10/2010 9.2.0.1011 - Intel) Windows Driver Package - Intel System (09/10/2010 9.2.0.1011) (HKLM\...\8058FF31D7C7F4818DC176DAF53CD379968C86E4) (Version: 09/10/2010 9.2.0.1011 - Intel) Windows Driver Package - Intel System (11/20/2010 9.2.0.1016) (HKLM\...\43B5066463CEBC83E99586A67037B6F9FC4193FE) (Version: 11/20/2010 9.2.0.1016 - Intel) Windows Driver Package - Intel USB (12/21/2010 9.2.0.1021) (HKLM\...\0DD5528A211904214F70A66DE6ADBD378B21566D) (Version: 12/21/2010 9.2.0.1021 - Intel) Windows Driver Package - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11) (HKLM\...\466E9B20D871055D6D3CDA2CDD1D355E978A61AF) (Version: 11/11/2010 1.61.00.11 - Lenovo) Windows Driver Package - Ricoh Company SD Host Controller (03/23/2011 6.10.10.30) (HKLM\...\4534F449D55EE49DEE206B3D9A3B1811E1A495EA) (Version: 03/23/2011 6.10.10.30 - Ricoh Company) Windows Driver Package - Synaptics (SynTP) Mouse (05/19/2011 15.3.8.0) (HKLM\...\DDD8A532E361E9A878EBEF69C338B306810DF059) (Version: 05/19/2011 15.3.8.0 - Synaptics) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) WordPerfect Office X3 (HKLM-x32\...\{83FBD495-DDF6-4C8D-92D6-10261DD6F6A3}) (Version: 13.0 - Corel Corporation) WOT for Internet Explorer (HKLM\...\{373B90E1-A28C-434C-92B6-7281AFA6115A}) (Version: 13.9.2.0 - WOT Services Oy) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Kristina\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File CustomCLSID: HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Kristina\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileCoAuth.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0CEB39A4-E2EE-404A-89D1-64ADBEEA8C5C} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe Task: {0D12E138-D7F3-4DE3-851F-896D8297FD0E} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {0F3D2144-5143-4334-B51F-E209ADA72B68} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe Task: {1B17C89B-680B-452F-91C4-0CADDBCBB380} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {20F5BDAB-542B-421F-986F-5F928B467A92} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-06-27] (PC-Doctor, Inc.) Task: {22FF264A-3E6A-4E03-8F49-D6E70B3E1FD9} - System32\Tasks\{006AD1B6-222C-4CFE-85B2-1E2E8DEF04D3} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.11.0.102/en/abandoninstall?page=tsProgressBar Task: {2679B763-4C6C-4935-AFB8-9C880D0790C5} - System32\Tasks\SafeZone scheduled Autoupdate 1459357021 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software) Task: {26E818E4-2A42-437A-A76F-D33D836B1588} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.) Task: {283809BF-2B4A-4793-9F94-25CD918A844A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3252455347-703174392-3648365992-1001Core => C:\Users\Kristina\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {29F28F1E-D1F3-428D-BEAD-9F7A5536E253} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-08] (Adobe Systems Incorporated) Task: {2AD7AA97-0E4D-4F46-95CB-D8D81A25C15A} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {31D1F3DF-7250-44C5-B80A-4417DC1FA2C3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.) Task: {49177DEE-4498-4826-9ABD-8BF428E85522} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {4CB00FE0-BAAF-46A8-A3C2-F73C69316F1C} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe Task: {50D24C46-0FB6-4982-88CE-9C6A64BCF01E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3252455347-703174392-3648365992-1001Core1d1e9de7810862a => C:\Users\Kristina\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {51376539-ABC9-4D03-BA8C-B8967D76978B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe Task: {5241ED6F-A8F7-4ABB-A982-357C6FDA162C} - System32\Tasks\{4343919E-2492-488C-87C2-DD49906D36F3} => pcalua.exe -a C:\Users\Kristina\Desktop\mflpro\Data\Disk1\setup.exe -d C:\Users\Kristina\Desktop\mflpro\Data\Disk1 Task: {52F31410-8CD0-43DB-916A-2869FC1DC434} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {55241966-A525-483A-80B3-912957AB1D5B} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe Task: {5586AD4B-9CAD-404D-8D94-2009439E5B78} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION Task: {5A374ABB-EFB6-4008-95A0-A80119052135} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {5BA07DE9-AFE8-4F78-BA8C-DD084C955095} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe Task: {60B05D9F-4CB0-4BCC-84A4-25123956A84C} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION Task: {624DAE63-EB7D-404B-9EB5-F31738568CB3} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {6620AE60-7FD9-4C82-852A-4C59BE211304} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {698CAB32-992C-4E9B-BF71-03266DA390BE} - System32\Tasks\GoogleUpdateTaskMachineCore1d043c6b825e05e => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {6AF622B7-24CF-472A-A465-E05F6E2FCCC2} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION Task: {6D8247F1-2793-44EA-8594-F74737F2A75E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe Task: {70CF4A51-46A8-4EA1-845F-C4895E86F3FA} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe Task: {7373EA82-D937-4FC0-801D-AE566114B065} - System32\Tasks\{FFB0B17E-0DA1-459F-821E-6656577C1FF7} => pcalua.exe -a E:\DCP-8060\Data\Disk1\setup.exe -d E:\DCP-8060\Data\Disk1 Task: {81A678C4-AC1B-4FCB-A875-0908BB3BE611} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Kristina\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-08-23] (Microsoft Corporation) Task: {81B9AE31-23E3-4E62-BCFF-F4E245BF02F6} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe Task: {83759810-2C14-48BB-8EB5-93A9BD9D1D8F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {848D18BF-5DD0-417B-B73D-A002E745686C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {8A6F6665-22CB-4A09-87C6-E04B977D0151} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {8B93F8DA-092E-4145-B826-85FB71A14FA3} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2011-09-22] (Lenovo) Task: {959C9C84-4D61-4395-B104-70A543DF90C4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {990E91B8-1AC2-4878-8D6A-9C8CC45611A3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3252455347-703174392-3648365992-1001UA1d1e9de78b987dd => C:\Users\Kristina\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {999CA0A6-E193-4623-A286-929739F3EA00} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2011-10-04] (Lenovo Group Limited) Task: {9D54BA26-46B1-4F3B-A6D8-195AE539AC5D} - \CCleanerSkipUAC -> No File <==== ATTENTION Task: {A04B3C43-AC19-47D6-BC16-40B0E45AD54E} - System32\Tasks\GoogleUpdateTaskMachineCore1d1e9ddf8b95875 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {A1B491D2-3F94-4DA5-950F-B488DE727980} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {A57CDDA4-929F-4106-A334-0367875C4063} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe Task: {B1AB13C3-8E5F-4C10-96B6-1923CF3A7177} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.) Task: {B4F753FA-6029-42EF-AFAD-61CDD35CC1B5} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-04-05] (Apple Inc.) Task: {B5A81A6F-8D53-4E41-BB44-E27338F065D2} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-04] (AVAST Software) Task: {BA5B7B15-6280-463B-BEB5-4628F7135248} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {BD13DE06-B699-47D0-9469-B0D784E0E16C} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {C421AFD3-E9F2-44A7-BEC8-03ACB2E8E28C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe Task: {C5922ACE-E33A-4577-ABF5-91B3A8F69D73} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-05-22] (AVAST Software) Task: {C7CD42A8-1F6B-4865-AF86-CBFA8DF756D2} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION Task: {C98147E0-759C-47A3-8D98-0508362DCC03} - System32\Tasks\GoogleUpdateTaskMachineUA1d1e9ddf99919cf => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {CBF5BBC6-8397-42A6-8C88-968311A3945A} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe Task: {CE47A082-0881-4AA7-A508-83DDCD3488D0} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {CF92BB5E-1E72-437B-8528-16ABAF4F2FBA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3252455347-703174392-3648365992-1001Core1d043c6c7a6c30c => C:\Users\Kristina\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {D18FEA03-171D-48E3-BE80-632D5CCCB21B} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [2009-02-09] () Task: {D24D30C0-8893-47FE-A6CA-BF8C50A3106D} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {D8D937D2-8E84-4F41-AA15-368D19A4AD0A} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe Task: {D98C6D61-054B-41BE-BF91-67CCD7846385} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe Task: {DE58F16A-1B6E-422C-A654-FC9C5220C863} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {E9FCEC84-FEB4-4C2E-99E3-55A463C899F3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3252455347-703174392-3648365992-1001UA => C:\Users\Kristina\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {EF19F11F-F341-48CA-B4EF-EE727F3EC5D8} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe Task: {F030A6A8-E074-454D-B7A5-A6AB8E738883} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe Task: {F1225876-BD16-424B-936F-AFC18D8810DD} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe Task: {F175926B-D01D-4AF8-B6BD-9D2480F43387} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION Task: {F3C28C7D-E871-4945-87EF-2033AF845CF0} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION Task: {F4D368A6-7134-4FE2-B4CF-8A336F5657E8} - System32\Tasks\Lenovo\SROptimizer => C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\\SRORest.exe [2011-09-08] (Lenovo Group Limited) Task: {FF53F7FC-1BE2-47FA-AB06-E2017EBE5349} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-28] () Task: {FFD98EE4-11A9-4092-BACB-5A9520286FF0} - System32\Tasks\AdobeAAMUpdater-1.0-Kristina-T420-Kristina => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-06-16] (Adobe Systems Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d043c6b825e05e.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d1e9ddf8b95875.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d1e9ddf99919cf.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3252455347-703174392-3648365992-1001Core.job => C:\Users\Kristina\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3252455347-703174392-3648365992-1001Core1d043c6c7a6c30c.job => C:\Users\Kristina\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3252455347-703174392-3648365992-1001Core1d1e9de7810862a.job => C:\Users\Kristina\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3252455347-703174392-3648365992-1001UA.job => C:\Users\Kristina\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3252455347-703174392-3648365992-1001UA1d1e9de78b987dd.job => C:\Users\Kristina\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exeq-backgroundmon scripts\backgroundmon.xml Task: C:\WINDOWS\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-04-22 01:07 - 2016-04-22 01:07 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2016-04-22 01:07 - 2016-04-22 01:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll 2016-09-23 09:10 - 2016-09-23 09:10 - 01864384 _____ () C:\Users\Kristina\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\ClientTelemetry.dll 2016-07-16 06:42 - 2016-07-16 06:42 - 00130048 _____ () C:\WINDOWS\SYSTEM32\CHARTV.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2016-09-23 07:15 - 2016-09-23 07:15 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 09760256 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 01401344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 02438144 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2015-06-01 21:00 - 2015-06-01 21:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 03378528 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll 2016-09-23 07:16 - 2016-09-23 07:16 - 02263904 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll 2016-04-27 01:24 - 2016-04-27 01:24 - 03342848 _____ () C:\Program Files\WindowsApps\Microsoft.CommsPhone_1.10.15000.0_x64__8wekyb3d8bbwe\CallsCore.dll 2016-04-27 01:24 - 2016-04-27 01:24 - 00366592 _____ () C:\Program Files\WindowsApps\Microsoft.CommsPhone_1.10.15000.0_x64__8wekyb3d8bbwe\CallsPresenters.dll 2016-08-26 10:22 - 2016-08-26 10:22 - 01413120 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1608.2312.0_x64__8wekyb3d8bbwe\TimeBackground.dll 2016-09-23 09:39 - 2016-09-23 09:39 - 00071168 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.7.113.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2016-09-23 09:39 - 2016-09-23 09:39 - 00178176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.7.113.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2016-09-22 13:41 - 2016-09-22 13:42 - 00055808 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11608.1001.49.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll 2016-05-22 18:23 - 2016-05-22 18:23 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2016-05-22 18:23 - 2016-05-22 18:23 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2016-09-24 17:34 - 2016-09-24 17:34 - 03118360 _____ () C:\Program Files\AVAST Software\Avast\defs\16092401\algo.dll 2016-09-25 11:06 - 2016-09-25 11:06 - 03118360 _____ () C:\Program Files\AVAST Software\Avast\defs\16092500\algo.dll 2016-05-22 18:23 - 2016-05-22 18:23 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll 2016-05-22 18:23 - 2016-05-22 18:23 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2016-09-23 09:03 - 2016-09-23 09:03 - 01383616 _____ () C:\Users\Kristina\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\ClientTelemetry.dll 2016-09-23 09:08 - 2016-09-23 09:08 - 00118976 _____ () C:\Users\Kristina\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileSyncViews.dll 2016-03-28 10:37 - 2016-03-28 10:37 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\S-1-5-21-3252455347-703174392-3648365992-1001\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-3252455347-703174392-3648365992-1001\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-3252455347-703174392-3648365992-1001\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-3252455347-703174392-3648365992-1001\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-3252455347-703174392-3648365992-1001\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-3252455347-703174392-3648365992-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-3252455347-703174392-3648365992-1001\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-3252455347-703174392-3648365992-1001\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-3252455347-703174392-3648365992-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-3252455347-703174392-3648365992-1001\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-3252455347-703174392-3648365992-1001\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-3252455347-703174392-3648365992-1001\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-3252455347-703174392-3648365992-1001\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-3252455347-703174392-3648365992-1001\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-3252455347-703174392-3648365992-1001\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-3252455347-703174392-3648365992-1001\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-3252455347-703174392-3648365992-1001\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-3252455347-703174392-3648365992-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-3252455347-703174392-3648365992-1001\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-3252455347-703174392-3648365992-1001\...\123simsen.com -> www.123simsen.com There are 7865 more sites. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2014-11-06 22:16 - 00450770 ___RA C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123fporn.info 127.0.0.1 www.123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123moviedownload.com 127.0.0.1 www.123moviedownload.com There are 15460 more lines. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3252455347-703174392-3648365992-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Landscapes\img33a.jpg DNS Servers: 208.67.222.222 - 208.67.220.220 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\Services: AcPrfMgrSvc => 2 MSCONFIG\Services: AcSvc => 2 MSCONFIG\Services: AdobeActiveFileMonitor10.0 => 2 MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: Apple Mobile Device => 2 MSCONFIG\Services: Bonjour Service => 2 MSCONFIG\Services: btwdins => 2 MSCONFIG\Services: CACLEARWIRE => 3 MSCONFIG\Services: CLEARWIRERcAppSvc => 3 MSCONFIG\Services: cphs => 3 MSCONFIG\Services: CxAudMsg => 2 MSCONFIG\Services: DozeSvc => 3 MSCONFIG\Services: EvtEng => 2 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: hmpalertsvc => 2 MSCONFIG\Services: HWDeviceService64.exe => 2 MSCONFIG\Services: HyperW7Svc => 2 MSCONFIG\Services: IBMPMSVC => 2 MSCONFIG\Services: iPod Service => 3 MSCONFIG\Services: jhi_service => 2 MSCONFIG\Services: LENOVO.CAMMUTE => 2 MSCONFIG\Services: LENOVO.MICMUTE => 2 MSCONFIG\Services: LENOVO.TPKNRSVC => 2 MSCONFIG\Services: Lenovo.VIRTSCRLSVC => 2 MSCONFIG\Services: LMS => 2 MSCONFIG\Services: MbaeSvc => 2 MSCONFIG\Services: MBAMScheduler => 2 MSCONFIG\Services: MBAMService => 2 MSCONFIG\Services: MozillaMaintenance => 3 MSCONFIG\Services: Power Manager DBC Service => 3 MSCONFIG\Services: PSI_SVC_2 => 2 MSCONFIG\Services: PwmEWSvc => 3 MSCONFIG\Services: QBCFMonitorService => 2 MSCONFIG\Services: QBFCService => 3 MSCONFIG\Services: RegSrvc => 2 MSCONFIG\Services: SMSI Device Launch Service => 2 MSCONFIG\Services: SROSVC => 2 MSCONFIG\Services: Tele2 Mobile Partner. RunOuc => 2 MSCONFIG\Services: TPHKLOAD => 2 MSCONFIG\Services: TPHKSVC => 2 MSCONFIG\Services: UleadBurningHelper => 2 MSCONFIG\Services: UMVPFSrv => 2 MSCONFIG\Services: UNS => 2 MSCONFIG\Services: VIPAppService => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\Windows\pss\QuickBooks Update Agent.lnk.CommonStartup MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" MSCONFIG\startupreg: AcWin7Hlpr => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" MSCONFIG\startupreg: ALCKRESI.EXE => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices MSCONFIG\startupreg: BrMfcWnd => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN MSCONFIG\startupreg: Clearwire Connection Manager => "C:\Program Files (x86)\Clearwire\Connection Manager\ClearwireCM.exe" -a MSCONFIG\startupreg: ControlCenter3 => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun MSCONFIG\startupreg: ForteConfig => C:\Program Files\Conexant\ForteConfig\fmapp.exe MSCONFIG\startupreg: Google Update => "C:\Users\Kristina\AppData\Local\Google\Update\GoogleUpdate.exe" /c MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe MSCONFIG\startupreg: HW_OPENEYE_OUC_Tele2 Mobile Partner => "C:\Program Files (x86)\Tele2 Mobile Partner\UpdateDog\ouc.exe" MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe MSCONFIG\startupreg: IMSS => "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" MSCONFIG\startupreg: Intuit SyncManager => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup MSCONFIG\startupreg: ISUSPM Startup => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: Lenovo Registration => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot MSCONFIG\startupreg: LENOVO.TPKNRRES => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe MSCONFIG\startupreg: LTT => C:\Program Files\PC-Doctor\EnableToolbarW32.exe MSCONFIG\startupreg: Malwarebytes Anti-Exploit => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe MSCONFIG\startupreg: PWMTRV => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor MSCONFIG\startupreg: QuickFinder Scheduler => "C:\Program Files (x86)\WordPerfect Office X3\Programs\QFSCHD130.EXE" MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: RotateImage => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe MSCONFIG\startupreg: SmartAudio => C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: TpShocks => TpShocks.exe ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{1B5D37C1-6203-47AE-8662-AB9DB9FEB300}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{31A0CE8F-3885-435B-9B00-8DDEF7E7C50A}] => (Allow) LPort=2869 FirewallRules: [{9B7CEE8A-656D-495F-8C22-D626F8278744}] => (Allow) LPort=1900 FirewallRules: [{E48179FA-7D5A-48B2-AD6B-928916D72CD3}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{B078358F-B640-46BC-9884-FF16900760A8}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe FirewallRules: [{0873A673-51CB-44DD-A060-32F0C9110FBC}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{67667AE6-821A-4890-9AD2-4D2A1CE9FB0A}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe FirewallRules: [{8B8AC8E7-6754-4F82-A32D-B404A24660AD}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe FirewallRules: [{0F315D02-9776-47E3-B3EA-A0D36B71F780}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{1C0059AF-6B88-42F9-B31F-3A566DAA5FD4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{BBBEAAD1-7778-4675-B6AD-3CC2D35B1386}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{BF2F35CC-5175-4A76-B452-5BC280235265}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{94F710B8-0C93-43E3-A4CF-7E890BED632B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{BF8F82B4-FCF6-4719-9D3D-03408F5660E0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{1188DC74-0BFE-4C59-B74B-0F36D443FE41}] => (Allow) C:\Program Files\iTunes\iTunes.exe ==================== Restore Points ========================= 23-09-2016 11:09:25 Windows Update ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (09/24/2016 07:54:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Kristina-T420) Description: Activation of app Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe:MicrosoftEdge.AppXxat4m5y1bf9ghax409y1vwyatpqea4s8.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (09/24/2016 07:21:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Kristina-T420) Description: Activation of app Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (09/24/2016 07:21:29 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Kristina-T420) Description: Activation of app Microsoft.Getstarted_4.0.12.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (09/24/2016 07:09:28 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Kristina-T420) Description: Activation of app Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe:MicrosoftEdge.AppXre20k58eaa822f0smszc2fbv5y0azn7k.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (09/24/2016 07:09:10 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Kristina-T420) Description: Activation of app Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe:App.AppX65n3t4j73ch7cremsjxn7q8bph1ma8jw.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (09/24/2016 06:36:55 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Kristina-T420) Description: Activation of app Microsoft.Getstarted_4.0.12.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (09/23/2016 01:37:56 PM) (Source: MsiInstaller) (EventID: 1041) (User: NT AUTHORITY) Description: Failed to begin a Windows Installer transaction ASU_MSI_TRAN. Error 1603 occurred while beginning the transaction. Error: (09/23/2016 01:08:08 PM) (Source: QuickBooks) (EventID: 4) (User: ) Description: An unexpected error has occured in "QuickBooks Pro 2009": QuickBooks has experienced a problem and must be shut down. Error: (09/23/2016 01:07:56 PM) (Source: QuickBooks) (EventID: 4) (User: ) Description: An unexpected error has occured in "QuickBooks Pro 2009": DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'.\.\src\ConnPool.cpp' at line 1003 from function:'DBMgr::DBConnPool::init' Error: (09/23/2016 01:07:56 PM) (Source: QuickBooks) (EventID: 4) (User: ) Description: An unexpected error has occured in "QuickBooks Pro 2009": Connection String:CON=QBConnectionPool-Probe-QB_data_engine_19; ;DBF=C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\Law Offices of Kristina J. Wayne 12_27_2011.QBW;ENG=QB_data_engine_19;DBN=b7322c75f5b44af584e4eeba3444b541 System errors: ============= Error: (09/25/2016 11:10:21 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Software Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (09/25/2016 11:10:21 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect. Error: (09/25/2016 11:09:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Software Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (09/25/2016 11:09:51 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect. Error: (09/25/2016 11:09:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Software Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (09/25/2016 11:09:06 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the sppsvc service to connect. Error: (09/25/2016 11:05:49 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (09/25/2016 11:04:54 AM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 16953) (User: NT AUTHORITY) Description: The password notification DLL ACGina failed to load with error 126. Please verify that the notification DLL path defined in the registry, HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages, refers to a correct and absolute path (<drive>:\<path>\<filename>.<ext>) and not a relative or invalid path. If the DLL path is correct, please validate that any supporting files are located in the same directory, and that the system account has read access to both the DLL path and any supporting files. Contact the provider of the notification DLL for additional support. Further details can be found on the web at http://go.microsoft.com/fwlink/?LinkId=245898. Error: (09/24/2016 08:03:22 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "1084" attempting to start the service dps with arguments "Unavailable" in order to run the server: {DDCFD26B-FEED-44CD-B71D-79487D2E5E5A} Error: (09/24/2016 08:03:22 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "1084" attempting to start the service dps with arguments "Unavailable" in order to run the server: {DDCFD26B-FEED-44CD-B71D-79487D2E5E5A} CodeIntegrity: =================================== Date: 2016-09-25 11:14:45.026 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system. Date: 2016-09-25 11:12:52.227 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system. Date: 2016-09-25 11:12:14.864 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system. Date: 2016-09-25 11:10:37.369 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system. Date: 2016-09-25 11:10:36.207 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system. Date: 2016-09-25 11:10:36.196 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system. Date: 2016-09-25 11:10:36.188 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system. Date: 2016-09-25 11:07:32.938 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\hmpalert.dll that did not meet the Windows signing level requirements. Date: 2016-09-24 18:23:27.786 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\hmpalert.dll that did not meet the Windows signing level requirements. Date: 2016-09-24 17:51:09.403 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\hmpalert.dll that did not meet the Windows signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-2640M CPU @ 2.80GHz Percentage of memory in use: 42% Total physical RAM: 3979.23 MB Available physical RAM: 2288.03 MB Total Virtual: 8075.23 MB Available Virtual: 6331.99 MB ==================== Drives ================================ Drive c: (Windows7_OS) (Fixed) (Total:447.88 GB) (Free:277.78 GB) NTFS ==>[system with boot components (obtained from drive)] Drive q: (Lenovo_Recovery) (Fixed) (Total:15.62 GB) (Free:5.35 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 53CCBDC7) Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=447.9 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=808 MB) - (Type=27) Partition 4: (Not Active) - (Size=15.6 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.