Inactive Freezes, doesn't start, can't create backup or restore points, etc..

H

highwayone01

Posts: 20   +0
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015
Ran by loriza (administrator) on LORIZA-PC (23-12-2016 01:27:41)
Running from C:\Users\loriza\Downloads
Loaded Profiles: loriza (Available Profiles: loriza & Jes & lori & DefaultAppPool)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
Failed to access process -> Memory Compression
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Dell) C:\Users\loriza\AppData\Local\Apps\2.0\PM3ERMA6.CTP\ZWCGMAC3.8TJ\dell..tion_6d0a76327dca4869_0007.000b_df227eeaae3cac0d\DellSystemDetect.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-28] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3246205657-874441744-2172450925-1001\...\Run: [HP ENVY 4520 series (NET)] => C:\Program Files\HP\HP ENVY 4520 series\Bin\ScanToPCActivationApp.exe [3651080 2015-03-09] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-3246205657-874441744-2172450925-1001\...\Run: [DellSystemDetect] => C:\Users\loriza\AppData\Local\Apps\2.0\PM3ERMA6.CTP\ZWCGMAC3.8TJ\dell..tion_6d0a76327dca4869_0007.000b_df227eeaae3cac0d\DellSystemDetect.exe [310728 2016-12-05] (Dell)
HKU\S-1-5-21-3246205657-874441744-2172450925-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [37376 2016-07-16] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{0a3ea574-a397-460b-9e92-69cdf6848daa}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{5517dfee-42d1-4a66-8dd9-287908231ee9}: [DhcpNameServer] 192.168.42.129
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mdaffmarmarie_16_11&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuzytDtDtDyE0E0EtA0C0A0E0EzzyC0DyEtN0D0Tzu0StCyDtAyBtN1L2XzutAtFtCzytFtAtFtBtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StByBtD0EtBtC0C0DtGyC0CyByDtGzzyCyCyEtGyBzztC0FtG0C0FyE0EtAyCtDtDtD0Azz0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtD0EtA0B0A0BtCtGyC0A0B0DtGyEzy0EtBtG0AtByCyBtGyC0A0BzyyCtBtDyDtDyEtBtB2QtN0A0LzutBtN1B2Z1V1T1S1NzutCyByDyB%26cr%3D863685433%26a%3Dwbf_mdaffmarmarie_16_11%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hotmail.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mdaffmarmarie_16_11&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuzytDtDtDyE0E0EtA0C0A0E0EzzyC0DyEtN0D0Tzu0StCyDtAyBtN1L2XzutAtFtCzytFtAtFtBtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StByBtD0EtBtC0C0DtGyC0CyByDtGzzyCyCyEtGyBzztC0FtG0C0FyE0EtAyCtDtDtD0Azz0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtD0EtA0B0A0BtCtGyC0A0B0DtGyEzy0EtBtG0AtByCyBtGyC0A0BzyyCtBtDyDtDyEtBtB2QtN0A0LzutBtN1B2Z1V1T1S1NzutCyByDyB%26cr%3D863685433%26a%3Dwbf_mdaffmarmarie_16_11%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mdaffmarmarie_16_11&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuzytDtDtDyE0E0EtA0C0A0E0EzzyC0DyEtN0D0Tzu0StCyDtAyBtN1L2XzutAtFtCzytFtAtFtBtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StByBtD0EtBtC0C0DtGyC0CyByDtGzzyCyCyEtGyBzztC0FtG0C0FyE0EtAyCtDtDtD0Azz0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtD0EtA0B0A0BtCtGyC0A0B0DtGyEzy0EtBtG0AtByCyBtGyC0A0BzyyCtBtDyDtDyEtBtB2QtN0A0LzutBtN1B2Z1V1T1S1NzutCyByDyB%26cr%3D863685433%26a%3Dwbf_mdaffmarmarie_16_11%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKLM -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3246205657-874441744-2172450925-1001 -> DefaultScope {7EA37319-9E94-47CA-BE8C-F0246D27EDA0} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-3246205657-874441744-2172450925-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3246205657-874441744-2172450925-1001 -> {08A8ABB8-3DDD-47F5-B9CC-6041418135EA} URL = hxxp://search.avg.com/route/?d=4db3d4bf&v=6.103.18.1&I=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
SearchScopes: HKU\S-1-5-21-3246205657-874441744-2172450925-1001 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL =
SearchScopes: HKU\S-1-5-21-3246205657-874441744-2172450925-1001 -> {7EA37319-9E94-47CA-BE8C-F0246D27EDA0} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-3246205657-874441744-2172450925-1001 -> {B5CE4609-6ECC-4B56-B6AA-FC068BF6E178} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-08-09] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-09] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3246205657-874441744-2172450925-1001 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
IE Session Restore: HKU\S-1-5-21-3246205657-874441744-2172450925-1001 -> is enabled.
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxps://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1449261703165
DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-09-15] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-09-15] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-09-15] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-09-15] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-09-15] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-09-15] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-09-15] (Microsoft Corporation)
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll [2016-07-16] (Microsoft Corporation)
Handler-x32: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll [2016-07-16] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\loriza\AppData\Roaming\Mozilla\Firefox\Profiles\c4enke4u.default-1459449022379
FF NewTab: hxxp://search.searchinfast.com?uid=1b2ee9f7-0e98-43f8-a5e7-d9b192326e82&uc=20160727&ap=appfocus5&source=googledisplay&page=newtab&implementation_id=dm_0.2.1
FF Homepage: hxxps://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-21] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-21] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-09] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll [2010-09-01] (Oberon-Media )
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Extension: DownloadManager - C:\Users\loriza\AppData\Roaming\Mozilla\Firefox\Profiles\c4enke4u.default-1459449022379\Extensions\@DownloadManager.xpi [2016-07-27]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-11-15]
Chrome:
=======
CHR Profile: C:\Users\loriza\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avira Browser Safety) - C:\Users\loriza\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-02-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\loriza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-29]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bahkljhhdeciiaodlkppoonappfnheoi] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdvancedSystemCareService5; C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [913752 2012-03-14] (IObit)
R2 AESTFilters; C:\Program Files\IDT\WDM\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation) [File not signed]
S2 CDPUserSvc; C:\Windows\System32\CDPUserSvc.dll [339456 2016-11-11] (Microsoft Corporation)
R2 CDPUserSvc_4696e; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R2 CDPUserSvc_4696e; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
S3 FrameServer; C:\Windows\system32\FrameServer.dll [805888 2016-11-02] (Microsoft Corporation)
S3 HvHost; C:\Windows\System32\hvhostsvc.dll [67584 2016-07-16] (Microsoft Corporation)
S3 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe [144008 2016-02-24] (McAfee, Inc.)
S3 MessagingService; C:\Windows\System32\MessagingService.dll [52224 2016-07-16] (Microsoft Corporation)
S3 MessagingService_4696e; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
S3 MessagingService_4696e; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [26112 2016-09-28] (Microsoft Corporation)
R2 OneSyncSvc_4696e; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R2 OneSyncSvc_4696e; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R3 PimIndexMaintenanceSvc_4696e; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R3 PimIndexMaintenanceSvc_4696e; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [8016240 2016-11-06] (Reimage®)
S3 RmSvc; C:\Windows\System32\RMapi.dll [140800 2016-09-15] (Microsoft Corporation)
S4 shpamsvc; C:\Windows\system32\Windows.SharedPC.AccountManager.dll [161792 2016-07-16] (Microsoft Corporation)
S2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [258048 2010-06-17] (IDT, Inc.) [File not signed]
S3 TieringEngineService; C:\Windows\system32\TieringEngineService.exe [287744 2016-07-16] (Microsoft Corporation)
R3 TimeBrokerSvc; C:\Windows\System32\TimeBrokerServer.dll [177664 2016-07-16] (Microsoft Corporation)
S4 tzautoupdate; C:\Windows\system32\tzautoupdate.dll [95232 2016-09-28] (Microsoft Corporation)
R3 UnistoreSvc_4696e; C:\WINDOWS\System32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R3 UnistoreSvc_4696e; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R3 UserDataSvc_4696e; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R3 UserDataSvc_4696e; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
S3 vmicrdv; C:\Windows\System32\icsvcext.dll [349696 2016-09-15] (Microsoft Corporation)
S3 vmicvss; C:\Windows\System32\icsvcext.dll [349696 2016-09-15] (Microsoft Corporation)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [83456 2016-09-28] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [568832 2016-09-28] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S3 wisvc; C:\Windows\system32\flightsettings.dll [635904 2016-11-02] (Microsoft Corporation)
S3 WpnUserService; C:\Windows\System32\WpnUserService.dll [74240 2016-07-16] (Microsoft Corporation)
S3 WpnUserService_4696e; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
S3 WpnUserService_4696e; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 A2DDA; C:\EEK\bin\a2ddax64.sys [26176 2015-02-07] (Emsisoft GmbH)
S3 AcpiDev; C:\Windows\System32\drivers\AcpiDev.sys [18432 2016-07-16] (Microsoft Corporation)
S3 applockerfltr; C:\Windows\System32\drivers\applockerfltr.sys [15360 2016-07-16] (Microsoft Corporation)
S0 b06bdrv; C:\Windows\System32\drivers\bxvbda.sys [533856 2016-07-16] (QLogic Corporation)
S3 bcmfn; C:\Windows\System32\drivers\bcmfn.sys [9728 2016-07-16] (Windows (R) Win 7 DDK provider)
S3 cht4iscsi; C:\Windows\System32\drivers\cht4sx64.sys [346976 2016-07-16] (Chelsio Communications)
S3 cht4vbd; C:\Windows\System32\drivers\cht4vx64.sys [2104160 2016-07-16] (Chelsio Communications)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-02-07] (Emsisoft GmbH)
R2 clreg; C:\Windows\System32\drivers\registry.sys [70144 2016-07-16] (Microsoft Corporation)
R1 GUBootStartup; C:\Windows\System32\Drivers\GUBootStartup.sys [20160 2015-09-28] (Glarysoft Ltd)
S3 hvservice; C:\Windows\System32\drivers\hvservice.sys [73568 2016-09-28] (Microsoft Corporation)
S3 iagpio; C:\Windows\System32\drivers\iagpio.sys [33280 2016-07-16] (Intel(R) Corporation)
S3 iai2c; C:\Windows\System32\drivers\iai2c.sys [81408 2016-07-16] (Intel(R) Corporation)
S3 iaLPSS2i_GPIO2; C:\Windows\System32\drivers\iaLPSS2i_GPIO2.sys [64512 2016-07-16] (Intel Corporation)
S3 iaLPSS2i_I2C; C:\Windows\System32\drivers\iaLPSS2i_I2C.sys [176384 2016-07-16] (Intel Corporation)
S3 IndirectKmd; C:\Windows\System32\drivers\IndirectKmd.sys [35840 2016-07-16] (Microsoft Corporation)
R0 iorate; C:\Windows\System32\drivers\iorate.sys [48992 2016-11-02] (Microsoft Corporation)
S0 megasas2i; C:\Windows\System32\drivers\MegaSas2i.sys [64352 2016-10-05] (Avago Technologies)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [175616 2016-09-28] (Microsoft Corporation)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S0 percsas2i; C:\Windows\System32\drivers\percsas2i.sys [58720 2016-07-16] (Avago Technologies)
R0 PxHlpa64; C:\Windows\SysWOW64\Drivers\PxHlpa64.sys [26720 2004-09-23] (Sonic Solutions) [File not signed]
S3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
S0 scmbus; C:\Windows\System32\drivers\scmbus.sys [88416 2016-07-16] (Microsoft Corporation)
S3 scmdisk0101; C:\Windows\System32\drivers\scmdisk0101.sys [123904 2016-07-16] (Microsoft Corporation)
S3 SCTDriverV1011; C:\Windows\system32\drivers\SCTDriverV1011.sys [261712 2010-11-09] (Jungo)
S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [13920 2016-11-02] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 UcmTcpciCx0101; C:\Windows\System32\Drivers\UcmTcpciCx.sys [108544 2016-07-16] (Microsoft Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [45568 2016-07-16] (Microsoft Corporation)
S3 vmgid; C:\Windows\System32\drivers\vmgid.sys [10240 2016-07-16] (Microsoft Corporation)
R0 volume; C:\Windows\System32\drivers\volume.sys [16224 2016-07-16] (Microsoft Corporation)
R2 wcifs; C:\Windows\system32\drivers\wcifs.sys [119648 2016-09-15] (Microsoft Corporation)
R2 wcnfs; C:\Windows\system32\drivers\wcnfs.sys [66560 2016-07-16] (Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U3 idsvc; no ImagePath
S3 PcdrNdisuio; \SystemRoot\syswow64\drivers\pcdrndisuio.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
NETSVC: shpamsvc -> C:\Windows\system32\Windows.SharedPC.AccountManager.dll (Microsoft Corporation)
NETSVC: WpnService -> C:\Windows\system32\WpnService.dll (Microsoft Corporation)
NETSVC: wisvc -> C:\Windows\system32\flightsettings.dll (Microsoft Corporation)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-21 00:33 - 2016-12-21 00:33 - 00000000 __SHD C:\found.001
2016-12-13 23:16 - 2016-12-09 02:01 - 01503544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-12-13 23:16 - 2016-12-09 02:01 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-12-13 23:16 - 2016-12-09 01:57 - 06668040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-12-13 23:16 - 2016-12-09 01:52 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-12-13 23:16 - 2016-12-09 01:40 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-12-13 23:16 - 2016-12-09 01:34 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-12-13 23:16 - 2016-12-09 01:32 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-12-13 23:16 - 2016-12-09 01:30 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-12-13 23:16 - 2016-12-09 01:20 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-12-13 23:16 - 2016-12-09 01:18 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-12-13 23:16 - 2016-12-09 01:18 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-12-13 23:16 - 2016-12-09 01:17 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2016-12-13 23:16 - 2016-12-09 01:16 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-12-13 23:16 - 2016-12-09 01:16 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-12-13 23:16 - 2016-11-11 00:01 - 01969912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2016-12-13 23:16 - 2016-11-11 00:01 - 00167848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2016-12-13 23:16 - 2016-11-10 23:59 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-12-13 23:16 - 2016-11-10 23:54 - 00122208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\migisol.dll
2016-12-13 23:16 - 2016-11-10 23:49 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2016-12-13 23:16 - 2016-11-10 23:47 - 01430720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-12-13 23:16 - 2016-11-10 23:42 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-12-13 23:16 - 2016-11-10 23:42 - 00152416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTWorkQ.dll
2016-12-13 23:16 - 2016-11-10 23:41 - 00157536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudStorageWizard.exe
2016-12-13 23:16 - 2016-11-10 23:38 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-12-13 23:16 - 2016-11-10 23:27 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetCfgNotifyObjectHost.exe
2016-12-13 23:16 - 2016-11-10 23:27 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-12-13 23:16 - 2016-11-10 23:26 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgentc.exe
2016-12-13 23:16 - 2016-11-10 23:24 - 00519168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2016-12-13 23:16 - 2016-11-10 23:24 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-12-13 23:16 - 2016-11-10 23:23 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-12-13 23:16 - 2016-11-10 23:22 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2016-12-13 23:16 - 2016-11-10 23:21 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-12-13 23:16 - 2016-11-10 23:21 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2016-12-13 23:16 - 2016-11-10 23:20 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-12-13 23:16 - 2016-11-10 23:20 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-12-13 23:16 - 2016-11-10 23:20 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2016-12-13 23:16 - 2016-11-10 23:19 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2016-12-13 23:16 - 2016-11-10 23:19 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-12-13 23:16 - 2016-11-10 23:19 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupugc.exe
2016-12-13 23:16 - 2016-11-10 23:18 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2016-12-13 23:16 - 2016-11-10 23:18 - 01336320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2016-12-13 23:16 - 2016-11-10 23:18 - 01196544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2016-12-13 23:16 - 2016-11-10 23:18 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2016-12-13 23:16 - 2016-11-10 23:18 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2016-12-13 23:16 - 2016-11-10 23:18 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscinterop.dll
2016-12-13 23:16 - 2016-11-10 23:17 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe
2016-12-13 23:16 - 2016-11-10 23:16 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-12-13 23:16 - 2016-11-10 23:15 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-12-13 23:16 - 2016-11-10 23:15 - 01357824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-12-13 23:16 - 2016-11-10 23:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2016-12-13 23:16 - 2016-11-10 23:15 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-12-13 23:16 - 2016-11-10 23:12 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcuiu.dll
2016-12-13 23:16 - 2016-11-10 23:06 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-12-13 23:16 - 2016-11-10 23:06 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2016-12-13 23:16 - 2016-11-10 23:06 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxclu.dll
2016-12-13 23:16 - 2016-11-10 23:05 - 03370496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-12-13 23:16 - 2016-11-10 23:04 - 02682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2016-12-13 23:16 - 2016-11-10 23:04 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-12-13 23:16 - 2016-11-10 23:04 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2016-12-13 23:16 - 2016-11-10 23:04 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-12-13 23:16 - 2016-11-10 23:03 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-12-13 23:16 - 2016-11-10 23:03 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-12-13 23:16 - 2016-11-10 23:03 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2016-12-13 23:16 - 2016-11-10 23:02 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-12-13 23:15 - 2016-12-09 02:11 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-12-13 23:15 - 2016-12-09 02:01 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-12-13 23:15 - 2016-12-09 02:00 - 00106896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2016-12-13 23:15 - 2016-12-09 01:59 - 02166752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-12-13 23:15 - 2016-12-09 01:59 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-12-13 23:15 - 2016-12-09 01:57 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-12-13 23:15 - 2016-12-09 01:56 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-12-13 23:15 - 2016-12-09 01:52 - 01415752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2016-12-13 23:15 - 2016-12-09 01:51 - 00117240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2016-12-13 23:15 - 2016-12-09 01:41 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2016-12-13 23:15 - 2016-12-09 01:36 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2016-12-13 23:15 - 2016-12-09 01:34 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2016-12-13 23:15 - 2016-12-09 01:31 - 03689984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-12-13 23:15 - 2016-12-09 01:31 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-12-13 23:15 - 2016-12-09 01:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-12-13 23:15 - 2016-12-09 01:30 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-12-13 23:15 - 2016-12-09 01:28 - 03306496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-12-13 23:15 - 2016-12-09 01:27 - 19417088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-12-13 23:15 - 2016-12-09 01:23 - 12177920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-12-13 23:15 - 2016-12-09 01:20 - 03198464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-12-13 23:15 - 2016-12-09 01:18 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-12-13 23:15 - 2016-12-09 01:17 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2016-12-13 23:15 - 2016-12-09 01:16 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-12-13 23:15 - 2016-12-09 01:15 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-12-13 23:15 - 2016-12-09 01:15 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-12-13 23:15 - 2016-12-09 01:15 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2016-12-13 23:15 - 2016-12-09 00:54 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-12-13 23:15 - 2016-11-11 00:39 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-12-13 23:15 - 2016-11-11 00:01 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2016-12-13 23:15 - 2016-11-11 00:00 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-12-13 23:15 - 2016-11-10 23:49 - 00869848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2016-12-13 23:15 - 2016-11-10 23:49 - 00248480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-12-13 23:15 - 2016-11-10 23:48 - 02277248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-12-13 23:15 - 2016-11-10 23:47 - 05722832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-12-13 23:15 - 2016-11-10 23:47 - 00527880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-12-13 23:15 - 2016-11-10 23:42 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-12-13 23:15 - 2016-11-10 23:42 - 01123912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-12-13 23:15 - 2016-11-10 23:42 - 00952416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-12-13 23:15 - 2016-11-10 23:42 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2016-12-13 23:15 - 2016-11-10 23:42 - 00374448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2016-12-13 23:15 - 2016-11-10 23:42 - 00091936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfaudiocnv.dll
2016-12-13 23:15 - 2016-11-10 23:41 - 04311736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-12-13 23:15 - 2016-11-10 23:28 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2016-12-13 23:15 - 2016-11-10 23:25 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-12-13 23:15 - 2016-11-10 23:25 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-12-13 23:15 - 2016-11-10 23:24 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2016-12-13 23:15 - 2016-11-10 23:24 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-12-13 23:15 - 2016-11-10 23:23 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2016-12-13 23:15 - 2016-11-10 23:22 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-12-13 23:15 - 2016-11-10 23:21 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-12-13 23:15 - 2016-11-10 23:19 - 13868544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-12-13 23:15 - 2016-11-10 23:19 - 01755136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
2016-12-13 23:15 - 2016-11-10 23:19 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2016-12-13 23:15 - 2016-11-10 23:19 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2016-12-13 23:15 - 2016-11-10 23:19 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2016-12-13 23:15 - 2016-11-10 23:17 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2016-12-13 23:15 - 2016-11-10 23:15 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-12-13 23:15 - 2016-11-10 23:14 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2016-12-13 23:15 - 2016-11-10 23:13 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-12-13 23:15 - 2016-11-10 23:10 - 06109184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-12-13 23:15 - 2016-11-10 23:10 - 00746496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcprx.dll
2016-12-13 23:15 - 2016-11-10 23:09 - 05380608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-12-13 23:15 - 2016-11-10 23:09 - 00545280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2016-12-13 23:15 - 2016-11-10 23:08 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xolehlp.dll
2016-12-13 23:15 - 2016-11-10 23:06 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2016-12-13 23:15 - 2016-11-10 23:06 - 02362880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2016-12-13 23:15 - 2016-11-10 23:06 - 02109952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2016-12-13 23:15 - 2016-11-10 23:05 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-12-13 23:15 - 2016-11-10 23:04 - 01992704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-12-13 23:15 - 2016-11-10 23:04 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-12-13 23:15 - 2016-11-10 23:03 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2016-12-13 23:15 - 2016-11-10 23:03 - 01576448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-12-13 23:15 - 2016-11-10 23:03 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-12-13 23:15 - 2016-11-10 23:03 - 00565248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2016-12-13 23:10 - 2016-12-09 02:20 - 01738560 _____ (Microsoft Corporation)
 
\system32\WindowsCodecs.dll
2016-12-13 23:10 - 2016-12-09 02:19 - 01293152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-12-13 23:10 - 2016-12-09 02:15 - 08168000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-12-13 23:10 - 2016-12-09 02:10 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-12-13 23:10 - 2016-12-09 01:45 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-12-13 23:10 - 2016-12-09 01:37 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-12-13 23:10 - 2016-12-09 01:36 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-12-13 23:10 - 2016-12-09 01:36 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2016-12-13 23:10 - 2016-12-09 01:29 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-12-13 23:10 - 2016-12-09 01:27 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-12-13 23:10 - 2016-12-09 01:26 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-12-13 23:10 - 2016-12-09 01:22 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-12-13 23:10 - 2016-12-09 01:21 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-12-13 23:10 - 2016-12-09 01:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-12-13 23:10 - 2016-12-09 01:21 - 01512960 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-12-13 23:10 - 2016-12-09 01:20 - 00730624 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-12-13 23:10 - 2016-12-09 01:19 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2016-12-13 23:10 - 2016-11-11 02:15 - 00198856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-12-13 23:10 - 2016-11-11 02:15 - 00101216 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceReactivation.dll
2016-12-13 23:10 - 2016-11-11 02:14 - 02186896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2016-12-13 23:10 - 2016-11-11 02:12 - 00128352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-12-13 23:10 - 2016-11-11 02:03 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2016-12-13 23:10 - 2016-11-11 02:02 - 00360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-12-13 23:10 - 2016-11-11 02:01 - 01859264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-12-13 23:10 - 2016-11-11 02:00 - 00223584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-12-13 23:10 - 2016-11-11 01:59 - 00433504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-12-13 23:10 - 2016-11-11 01:57 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-12-13 23:10 - 2016-11-11 01:56 - 00163752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll
2016-12-13 23:10 - 2016-11-11 01:55 - 01600624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-12-13 23:10 - 2016-11-11 01:55 - 00882680 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2016-12-13 23:10 - 2016-11-11 01:55 - 00743224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-12-13 23:10 - 2016-11-11 01:54 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-12-13 23:10 - 2016-11-11 01:51 - 00454592 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-12-13 23:10 - 2016-11-11 01:31 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-12-13 23:10 - 2016-11-11 01:28 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-12-13 23:10 - 2016-11-11 01:26 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\modem.sys
2016-12-13 23:10 - 2016-11-11 01:26 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgentc.exe
2016-12-13 23:10 - 2016-11-11 01:25 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-12-13 23:10 - 2016-11-11 01:24 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-12-13 23:10 - 2016-11-11 01:24 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2016-12-13 23:10 - 2016-11-11 01:24 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-12-13 23:10 - 2016-11-11 01:24 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2016-12-13 23:10 - 2016-11-11 01:23 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-12-13 23:10 - 2016-11-11 01:23 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-12-13 23:10 - 2016-11-11 01:22 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-12-13 23:10 - 2016-11-11 01:21 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-12-13 23:10 - 2016-11-11 01:21 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2016-12-13 23:10 - 2016-11-11 01:20 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2016-12-13 23:10 - 2016-11-11 01:20 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-12-13 23:10 - 2016-11-11 01:20 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2016-12-13 23:10 - 2016-11-11 01:20 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2016-12-13 23:10 - 2016-11-11 01:20 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-12-13 23:10 - 2016-11-11 01:20 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-12-13 23:10 - 2016-11-11 01:19 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-12-13 23:10 - 2016-11-11 01:19 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-12-13 23:10 - 2016-11-11 01:19 - 00388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2016-12-13 23:10 - 2016-11-11 01:19 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2016-12-13 23:10 - 2016-11-11 01:19 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-12-13 23:10 - 2016-11-11 01:17 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2016-12-13 23:10 - 2016-11-11 01:17 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-12-13 23:10 - 2016-11-11 01:17 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvSysprep.dll
2016-12-13 23:10 - 2016-11-11 01:16 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2016-12-13 23:10 - 2016-11-11 01:16 - 01477632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2016-12-13 23:10 - 2016-11-11 01:16 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-12-13 23:10 - 2016-11-11 01:16 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2016-12-13 23:10 - 2016-11-11 01:16 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2016-12-13 23:10 - 2016-11-11 01:15 - 00282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-12-13 23:10 - 2016-11-11 01:15 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscinterop.dll
2016-12-13 23:10 - 2016-11-11 01:15 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2016-12-13 23:10 - 2016-11-11 01:14 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-12-13 23:10 - 2016-11-11 01:14 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-12-13 23:10 - 2016-11-11 01:14 - 00615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2016-12-13 23:10 - 2016-11-11 01:14 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppnp.dll
2016-12-13 23:10 - 2016-11-11 01:13 - 00396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-12-13 23:10 - 2016-11-11 01:11 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpoext.dll
2016-12-13 23:10 - 2016-11-11 01:09 - 01366016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2016-12-13 23:10 - 2016-11-11 01:08 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2016-12-13 23:10 - 2016-11-11 01:07 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-12-13 23:10 - 2016-11-11 01:07 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-12-13 23:10 - 2016-11-11 01:07 - 00347648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2016-12-13 23:10 - 2016-11-11 01:06 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-12-13 23:10 - 2016-11-11 01:05 - 04136448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-12-13 23:10 - 2016-11-11 01:05 - 02852864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-12-13 23:10 - 2016-11-11 01:05 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-12-13 23:10 - 2016-11-11 01:04 - 02317312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-12-13 23:10 - 2016-11-11 01:04 - 01709056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-12-13 23:10 - 2016-11-11 01:04 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-12-13 23:10 - 2016-11-11 01:04 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-12-13 23:10 - 2016-11-11 01:04 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2016-12-13 23:10 - 2016-11-11 01:04 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-12-13 23:10 - 2016-11-11 01:03 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-12-13 23:10 - 2016-11-11 01:03 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2016-12-13 23:10 - 2016-11-11 01:02 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-12-13 23:09 - 2016-12-09 02:42 - 01637728 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-12-13 23:09 - 2016-12-09 02:42 - 00137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-12-13 23:09 - 2016-12-09 02:34 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-12-13 23:09 - 2016-12-09 02:34 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-12-13 23:09 - 2016-12-09 02:33 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-12-13 23:09 - 2016-12-09 02:33 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-12-13 23:09 - 2016-12-09 02:32 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-12-13 23:09 - 2016-12-09 02:30 - 00377184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-12-13 23:09 - 2016-12-09 02:29 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-13 23:09 - 2016-12-09 02:27 - 00172528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2016-12-13 23:09 - 2016-12-09 02:20 - 02677544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-12-13 23:09 - 2016-12-09 02:20 - 02189664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-12-13 23:09 - 2016-12-09 02:20 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-12-13 23:09 - 2016-12-09 02:20 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-12-13 23:09 - 2016-12-09 02:19 - 00168424 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2016-12-13 23:09 - 2016-12-09 02:18 - 02913144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-12-13 23:09 - 2016-12-09 02:18 - 01267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-12-13 23:09 - 2016-12-09 02:18 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-12-13 23:09 - 2016-12-09 02:15 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-12-13 23:09 - 2016-12-09 02:14 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-12-13 23:09 - 2016-12-09 02:14 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-12-13 23:09 - 2016-12-09 02:10 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-12-13 23:09 - 2016-12-09 01:47 - 22563328 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-12-13 23:09 - 2016-12-09 01:45 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2016-12-13 23:09 - 2016-12-09 01:42 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-12-13 23:09 - 2016-12-09 01:41 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2016-12-13 23:09 - 2016-12-09 01:37 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-12-13 23:09 - 2016-12-09 01:36 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-12-13 23:09 - 2016-12-09 01:33 - 03777536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-12-13 23:09 - 2016-12-09 01:33 - 01589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2016-12-13 23:09 - 2016-12-09 01:30 - 23677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-12-13 23:09 - 2016-12-09 01:28 - 01004544 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-12-13 23:09 - 2016-12-09 01:27 - 13084160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-12-13 23:09 - 2016-12-09 01:27 - 05114368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-12-13 23:09 - 2016-12-09 01:25 - 00376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
2016-12-13 23:09 - 2016-12-09 01:22 - 02820096 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-12-13 23:09 - 2016-12-09 01:22 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-12-13 23:09 - 2016-12-09 01:20 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-12-13 23:09 - 2016-12-09 01:20 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-12-13 23:09 - 2016-12-09 01:19 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-12-13 23:09 - 2016-12-09 01:19 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-12-13 23:09 - 2016-12-09 01:19 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-12-13 23:09 - 2016-12-09 01:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2016-12-13 23:09 - 2016-11-11 02:14 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2016-12-13 23:09 - 2016-11-11 02:14 - 00603488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2016-12-13 23:09 - 2016-11-11 02:13 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-12-13 23:09 - 2016-11-11 02:13 - 01886344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-12-13 23:09 - 2016-11-11 02:13 - 00352096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-12-13 23:09 - 2016-11-11 02:08 - 00142176 _____ (Microsoft Corporation) C:\WINDOWS\system32\migisol.dll
2016-12-13 23:09 - 2016-11-11 02:03 - 01069720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2016-12-13 23:09 - 2016-11-11 02:03 - 00266544 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-12-13 23:09 - 2016-11-11 02:02 - 02828376 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-12-13 23:09 - 2016-11-11 02:01 - 07219672 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-12-13 23:09 - 2016-11-11 02:01 - 00637400 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-12-13 23:09 - 2016-11-11 01:57 - 04130432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-12-13 23:09 - 2016-11-11 01:57 - 01473048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-12-13 23:09 - 2016-11-11 01:56 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-12-13 23:09 - 2016-11-11 01:56 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-12-13 23:09 - 2016-11-11 01:56 - 00424616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2016-12-13 23:09 - 2016-11-11 01:56 - 00187520 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudStorageWizard.exe
2016-12-13 23:09 - 2016-11-11 01:56 - 00126568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfaudiocnv.dll
2016-12-13 23:09 - 2016-11-11 01:29 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2016-12-13 23:09 - 2016-11-11 01:28 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CbtBackgroundManagerPolicy.dll
2016-12-13 23:09 - 2016-11-11 01:27 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-12-13 23:09 - 2016-11-11 01:27 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpremove.exe
2016-12-13 23:09 - 2016-11-11 01:26 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReportingCSP.dll
2016-12-13 23:09 - 2016-11-11 01:25 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-12-13 23:09 - 2016-11-11 01:25 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-12-13 23:09 - 2016-11-11 01:25 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2016-12-13 23:09 - 2016-11-11 01:25 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-12-13 23:09 - 2016-11-11 01:25 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2016-12-13 23:09 - 2016-11-11 01:24 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2016-12-13 23:09 - 2016-11-11 01:24 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-12-13 23:09 - 2016-11-11 01:23 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-12-13 23:09 - 2016-11-11 01:23 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\EAMProgressHandler.dll
2016-12-13 23:09 - 2016-11-11 01:22 - 00489472 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-12-13 23:09 - 2016-11-11 01:22 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-12-13 23:09 - 2016-11-11 01:21 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-12-13 23:09 - 2016-11-11 01:21 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-12-13 23:09 - 2016-11-11 01:21 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-12-13 23:09 - 2016-11-11 01:20 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-12-13 23:09 - 2016-11-11 01:20 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2016-12-13 23:09 - 2016-11-11 01:20 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2016-12-13 23:09 - 2016-11-11 01:20 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupugc.exe
2016-12-13 23:09 - 2016-11-11 01:20 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-12-13 23:09 - 2016-11-11 01:19 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2016-12-13 23:09 - 2016-11-11 01:19 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2016-12-13 23:09 - 2016-11-11 01:19 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2016-12-13 23:09 - 2016-11-11 01:18 - 17188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-12-13 23:09 - 2016-11-11 01:18 - 02084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2016-12-13 23:09 - 2016-11-11 01:18 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2016-12-13 23:09 - 2016-11-11 01:14 - 07654400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-12-13 23:09 - 2016-11-11 01:13 - 07812096 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-12-13 23:09 - 2016-11-11 01:13 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcuiu.dll
2016-12-13 23:09 - 2016-11-11 01:12 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcprx.dll
2016-12-13 23:09 - 2016-11-11 01:11 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2016-12-13 23:09 - 2016-11-11 01:09 - 00164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
2016-12-13 23:09 - 2016-11-11 01:07 - 03441152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2016-12-13 23:09 - 2016-11-11 01:07 - 02953216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2016-12-13 23:09 - 2016-11-11 01:07 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-12-13 23:09 - 2016-11-11 01:07 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2016-12-13 23:09 - 2016-11-11 01:06 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2016-12-13 23:09 - 2016-11-11 01:06 - 00960000 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-12-13 23:09 - 2016-11-11 01:05 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-12-13 23:09 - 2016-11-11 01:05 - 01031680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-12-13 23:09 - 2016-11-11 01:04 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2016-12-13 23:09 - 2016-11-11 01:04 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2016-12-13 23:09 - 2016-11-11 01:04 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2016-12-13 23:09 - 2016-11-11 01:04 - 01232384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-12-13 23:09 - 2016-11-11 01:04 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-12-13 23:09 - 2016-11-11 01:03 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-12-13 23:09 - 2016-11-11 01:03 - 02669056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-12-13 23:09 - 2016-11-11 01:03 - 02287616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-12-13 23:09 - 2016-11-11 01:03 - 00905216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-12-13 23:09 - 2016-11-11 01:03 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-12-13 23:09 - 2016-11-11 01:03 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-12-13 23:09 - 2016-11-11 01:03 - 00632320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-12-13 23:09 - 2016-11-11 01:02 - 00936448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-12-13 23:08 - 2016-12-09 02:28 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-12-13 23:08 - 2016-12-09 02:18 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2016-12-13 23:08 - 2016-12-09 02:18 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2016-12-13 23:08 - 2016-12-09 02:18 - 00947552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2016-12-13 23:08 - 2016-12-09 02:18 - 00811872 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2016-12-13 23:08 - 2016-12-09 02:09 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2016-12-13 23:08 - 2016-12-09 01:38 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-12-13 23:08 - 2016-12-09 01:37 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-12-13 23:08 - 2016-12-09 01:36 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-12-13 23:08 - 2016-12-09 01:26 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-12-13 23:08 - 2016-12-09 01:24 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-12-13 23:08 - 2016-12-09 01:21 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2016-12-13 23:08 - 2016-11-11 02:22 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-12-13 23:08 - 2016-11-11 02:00 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-12-13 23:08 - 2016-11-11 02:00 - 00219488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2016-12-13 23:08 - 2016-11-11 01:56 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2016-12-13 23:08 - 2016-11-11 01:56 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-12-13 23:08 - 2016-11-11 01:26 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-12-13 23:08 - 2016-11-11 01:26 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2016-12-13 23:08 - 2016-11-11 01:25 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2016-12-13 23:08 - 2016-11-11 01:24 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-12-13 23:08 - 2016-11-11 01:24 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2016-12-13 23:08 - 2016-11-11 01:22 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\EDPCleanup.exe
2016-12-13 23:08 - 2016-11-11 01:21 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2016-12-13 23:08 - 2016-11-11 01:20 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2016-12-13 23:08 - 2016-11-11 01:19 - 00620544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-12-13 23:08 - 2016-11-11 01:19 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-12-13 23:08 - 2016-11-11 01:16 - 00560128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2016-12-13 23:08 - 2016-11-11 01:11 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-12-13 23:08 - 2016-11-11 01:11 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-12-13 23:08 - 2016-11-11 01:07 - 01691136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-12-13 23:08 - 2016-11-11 01:02 - 03542016 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-12-06 00:54 - 2016-12-06 01:05 - 326305224 _____ (Microsoft Corporation) C:\Users\loriza\Downloads\Office_HS_2007_English_x32-1.exe
2016-12-06 00:53 - 2016-12-06 01:06 - 326305224 _____ (Microsoft Corporation) C:\Users\loriza\Downloads\Office_HS_2007_English_x32.exe
2016-12-05 22:54 - 2016-12-05 22:54 - 00000000 ____D C:\Users\loriza\AppData\Local\Deployment
2016-11-26 23:46 - 2016-11-26 23:46 - 05386008 _____ C:\Users\loriza\Downloads\susetup.exe
2016-11-26 23:43 - 2016-12-14 14:16 - 00000000 ____D C:\Users\loriza\AppData\LocalLow\Mozilla
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-23 01:27 - 2015-02-06 23:03 - 00022490 _____ C:\Users\loriza\Downloads\FRST.txt
2016-12-23 01:27 - 2015-02-05 11:28 - 02193920 _____ (Farbar) C:\Users\loriza\Downloads\FRST64.exe
2016-12-23 01:27 - 2014-10-31 22:31 - 00000000 ____D C:\FRST
2016-12-23 01:22 - 2016-09-28 21:16 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-12-23 01:14 - 2011-03-26 14:50 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2016-12-23 01:04 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\system32\sru
2016-12-23 00:25 - 2011-06-29 22:49 - 00000000 ____D C:\Users\loriza\AppData\Roaming\SoftGrid Client
2016-12-23 00:07 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-12-21 16:29 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-12-21 16:29 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-12-21 16:29 - 2016-04-16 07:22 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-12-21 13:33 - 2015-05-12 18:30 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-12-21 13:31 - 2016-09-28 21:49 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-12-21 13:30 - 2016-09-28 21:23 - 00000000 ____D C:\Users\loriza
2016-12-21 13:30 - 2016-07-15 22:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2016-12-21 00:23 - 2016-09-28 21:22 - 01716402 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-12-20 19:03 - 2016-09-28 21:23 - 00000000 ____D C:\Users\DefaultAppPool.IIS APPPOOL
2016-12-20 18:31 - 2016-09-28 21:18 - 00014420 _____ C:\WINDOWS\setupact.log
2016-12-16 18:17 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\rescache
2016-12-16 17:56 - 2016-09-28 21:16 - 00401112 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-12-16 17:53 - 2016-07-16 03:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-12-16 17:53 - 2016-07-16 03:47 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2016-12-16 17:53 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2016-12-16 17:53 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-12-16 17:53 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\system32\sr-Latn-CS
2016-12-16 17:53 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-12-16 17:53 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-12-16 17:53 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-12-16 17:53 - 2016-07-15 22:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-12-16 17:53 - 2016-07-15 22:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-12-16 17:53 - 2016-07-15 22:04 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-12-16 17:53 - 2016-07-15 22:04 - 00000000 ____D C:\WINDOWS\servicing
2016-12-16 12:27 - 2016-07-16 03:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-12-13 23:52 - 2013-08-15 18:19 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-12-13 23:48 - 2011-07-02 19:54 - 135632432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-12-13 22:45 - 2016-07-16 03:42 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-12-13 21:25 - 2016-07-25 11:22 - 00000000 ____D C:\Users\loriza\AppData\Local\Packages
2016-12-11 15:56 - 2016-07-16 03:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-12-11 15:56 - 2016-07-16 03:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-06 00:58 - 2013-12-15 14:27 - 234299824 _____ C:\Users\loriza\Downloads\OJ4500vG510g-m_Full_13_en.exe
2016-12-04 08:20 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-12-02 10:39 - 2016-11-15 15:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-02 10:39 - 2016-10-04 14:09 - 00005476 _____ C:\WINDOWS\PFRO.log
2016-12-02 10:39 - 2016-03-22 09:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-11-28 22:34 - 2013-12-15 16:22 - 00000000 ____D C:\Users\loriza\Documents\unclaimed property
2016-11-26 23:43 - 2015-09-28 12:31 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 5
==================== Files in the root of some directories =======
2014-05-09 23:04 - 2014-05-24 09:29 - 0000000 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2011-06-13 16:15 - 2015-02-08 22:38 - 0000000 _____ () C:\Users\loriza\AppData\Roaming\CIOSupport
2011-06-13 16:25 - 2011-06-13 16:25 - 0000268 ___RH () C:\Users\loriza\AppData\Roaming\Galactic Static
2011-06-13 16:25 - 2011-06-13 16:25 - 0000268 ___RH () C:\Users\loriza\AppData\Roaming\Galaxy Swirl
2016-07-11 07:59 - 2016-07-11 07:59 - 0000867 _____ () C:\Users\loriza\AppData\Local\recently-used.xbel
2012-04-03 11:27 - 2012-04-03 11:27 - 0000017 _____ () C:\Users\loriza\AppData\Local\resmon.resmoncfg
2016-11-04 11:14 - 2016-11-04 11:14 - 0000000 _____ () C:\Users\loriza\AppData\Local\rx_image32.Cache
2016-07-29 15:12 - 2016-07-29 15:12 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-02-08 22:38 - 2015-02-08 22:38 - 0000000 _____ () C:\ProgramData\Bass Reduction
2015-02-08 22:38 - 2015-02-08 22:38 - 0000000 _____ () C:\ProgramData\Bundle
2015-02-08 22:38 - 2015-02-08 22:38 - 0000000 _____ () C:\ProgramData\Carbon
2011-06-13 16:25 - 2011-06-13 16:25 - 0000268 ___RH () C:\ProgramData\Grand Piano
2011-06-13 16:25 - 2011-06-13 16:25 - 0000268 ___RH () C:\ProgramData\Grapher
2013-12-21 22:08 - 2013-12-21 22:08 - 0000417 _____ () C:\ProgramData\hpzinstall.log
2011-06-13 16:22 - 2015-02-03 19:38 - 0000020 ____H () C:\ProgramData\PKP_DLbx.DAT
2011-06-13 16:25 - 2011-06-13 16:25 - 0000020 ____H () C:\ProgramData\PKP_DLck.DAT
2011-06-13 16:15 - 2015-02-08 22:38 - 0000000 ____H () C:\ProgramData\PKP_DLdu.DAT
Files to move or delete:
====================
C:\Users\loriza\SETUP.EXE

Some files in TEMP:
====================
C:\Users\loriza\AppData\Local\Temp\jre-8u111-windows-au.exe
C:\Users\loriza\AppData\Local\Temp\rk.exe
C:\Users\loriza\AppData\Local\Temp\scp4C4F.tmp.exe

==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-21 00:29
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-02-2015
Ran by lori at 2015-02-15 02:15:55
Running from C:\Users\loriza\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Advanced SystemCare 5 (HKLM-x32\...\Advanced SystemCare 5_is1) (Version: 5.2.0 - IObit)
AML Free Registry Cleaner 4.25 (HKLM-x32\...\{315F5FFC-1A5C-4A2A-B8E7-1C5B1174C198}_is1) (Version: - AML SOFT, Inc.)
ArcSoft Panorama Maker 5 (HKLM-x32\...\{F18046C5-1C4E-4BE1-A3D6-A6F970E2E8E8}) (Version: 5.0.1.25 - ArcSoft)
Auslogics Duplicate File Finder (HKLM-x32\...\{6845255F-15CC-4DD1-94D5-D38F370118B3}_is1) (Version: 3.5.4.0 - Auslogics Labs Pty Ltd)
AVG 2014 (Version: 14.0.3705 - AVG Technologies) Hidden
Avira (HKLM-x32\...\{2c18809c-4097-4b51-a4d0-3deade730ef3}) (Version: 1.1.29.22350 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.29.22350 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Bejeweled 2 Deluxe (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110265407}) (Version: - Oberon Media)
CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
Cozi (HKLM-x32\...\{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}) (Version: 1.0.4323.24051 - Cozi Group, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.47 - Dell)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Driver Download Manager (HKU\S-1-5-21-3246205657-874441744-2172450925-1001\...\bd4d3a0508d364f5) (Version: 3.0.0.0 - Dell Inc)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{F336F89D-8C5A-432C-8EA9-DA19377AD591}) (Version: 1.4.162.0 - Fingertapps)
Dell Perks Webslice IE8 (HKLM-x32\...\{CF67ED0C-F85D-4791-AED3-3FE882EDB45D}) (Version: 8.0 - Nextjump Inc)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.30 - ArcSoft)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.0.6 - Dell Inc.)
Dell Stage (HKLM-x32\...\{FE182796-F6BA-486A-8590-89B7E8D1D60F}) (Version: 1.7.209.0 - Fingertapps)
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5907.29 - Dell Inc.)
Dell Support Center (Version: 3.1.5907.29 - PC-Doctor, Inc.) Hidden
Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.1.1.1408 - CyberLink Corp.)
Dell VideoStage (x32 Version: 1.1.1.1408 - CyberLink Corp.) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
EmailStripper 2.2 (HKLM-x32\...\EmailStripper_is1) (Version: - PaperCut Software Pty Ltd)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
File Uploader (HKLM-x32\...\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}) (Version: 1.2.5 - Nikon)
Google SketchUp 8 (HKLM-x32\...\{47BBA5AA-CA6F-4A41-858D-A7A776F29A8B}) (Version: 3.0.11752 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6289.0 - IDT)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2202 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{1A8BA6CE-822D-4888-89E2-ACBF4308F271}) (Version: 13.02.0000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.4.1002 - Intel Corporation)
Intel(R) Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
Internet Explorer (x32 Version: 8 - Microsoft Corporation) Hidden
Java(TM) 6 Update 23 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416023FF}) (Version: 6.0.230 - Oracle)
Java(TM) 6 Update 26 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216026FF}) (Version: 6.0.260 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Web Publishing Wizard 1.52 (HKLM-x32\...\WebPost) (Version: - )
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Photo Explosion Deluxe 3.0 (HKLM-x32\...\{1034BE34-1569-4889-831D-C2C3F2CB2F73}) (Version: 3.0.1.5 - Nova Development)
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
QuickTime (HKLM-x32\...\{E0D51394-1D45-460A-B62D-383BC4F8B335}) (Version: 7.3.1.70 - Apple Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1168 - SUPERAntiSpyware.com)
System Checkup 3.1 (HKLM-x32\...\{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1) (Version: 3.1.0.37 - iolo technologies, LLC)
TrustedID (HKLM-x32\...\{C16A92EF-017B-4839-9C75-FBADB5A1FA27}) (Version: 5.0 - TrustedID)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.1100 - Broadcom Corporation)
Windows Driver Package - Broadcom Corporation (BTHUSB) Bluetooth (03/24/2010 6.3.0.2501) (HKLM\...\AF09E130E2FD4D1BEFD1B9132AE624BAE0364719) (Version: 03/24/2010 6.3.0.2501 - Broadcom Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 18:34 - 2015-01-17 10:42 - 00450836 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {04A88B20-C060-429C-8BA4-ACDB8E187F10} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\Dell Support Center\uaclauncher.exe [2012-03-28] (PC-Doctor, Inc.)
Task: {170E208A-73E5-479E-9882-A0EE89D11D89} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21] (Adobe Systems Incorporated)
Task: {24058B68-2F06-4041-A5E1-58F7A2192828} - System32\Tasks\Wise Care 365 => C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe
Task: {29FAE714-33AC-49A1-8631-55671FEA43BD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {32FBA843-DC76-4A44-8F61-B2EE50C9E86D} - System32\Tasks\SUPERAntiSpyware Scheduled Task f71a260a-b154-44be-b8c3-0c15962212cf => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {3BF0D639-2133-4278-BB24-FB203CF39299} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {6BB47C70-38D2-49A8-86BB-7B8ED425D961} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {73B35DCC-F677-482B-880F-6E7D5ED66720} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2012-03-28] (PC-Doctor, Inc.)
Task: {74EA9E59-9012-40E6-BD4B-A6B10EE1ECF8} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {8079C95C-36D4-41F6-A1A7-8107E296500C} - System32\Tasks\{2C79EBA4-A801-43E9-BFBA-2B0FC7667EDE} => pcalua.exe -a "D:\Oberon Media\Bejeweled 2 Deluxe\Uninstall.exe" -d "D:\Oberon Media\Bejeweled 2 Deluxe"
Task: {8540A48E-FA15-4ED1-9E1C-C76BF42F2041} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-17] (Google Inc.)
Task: {896F741F-F274-49E6-B7E6-46CA2E4BB28B} - System32\Tasks\{8E3C8836-0D6C-4E5D-9CCD-54FC7C7C1A1E} => C:\Users\loriza\Desktop\New folder (4)\VALUEADD\MSFT\USMT\SCANSTATE.EXE [2001-08-23] (Microsoft Corporation)
Task: {89746ACB-1E93-4257-8F2D-B380A0FF4784} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {8CFFD43F-4DA1-4A78-BA93-A6AEDB0ACD5E} - System32\Tasks\{527855A0-6210-4E53-9F58-73EDD9BC80BD} => C:\Users\loriza\Desktop\New folder (4)\VALUEADD\MSFT\USMT\SCANSTATE.EXE [2001-08-23] (Microsoft Corporation)
Task: {9CACAC9C-CAD6-424C-B9AA-C747708ACFB7} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2012-03-28] (PC-Doctor, Inc.)
Task: {AEA82F52-404E-47F0-9AB1-D027BC85F8FC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-14] (Adobe Systems Incorporated)
Task: {B21A1423-6824-40CB-B7FE-1BE5B3C113F1} - System32\Tasks\SUPERAntiSpyware Scheduled Task 09fa3fbf-2c42-43a2-bce8-ccf3c8713520 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {CFE2711D-34D9-4771-AD56-530286465B3B} - System32\Tasks\{0AEC5B87-C828-4CBE-BB92-77294816B574} => pcalua.exe -a C:\Users\loriza\Downloads\HijackThis.exe -d C:\Users\loriza\Downloads
Task: {D14B283E-0074-4CDA-AC11-F4265E7E23C4} - System32\Tasks\{57CFF256-5EC7-409D-A10C-6A4AC90954E9} => pcalua.exe -a D:\OJ4500vG510g-m_Full_13_en.exe -d D:\
Task: {D827CA40-0F68-41AF-A375-A0A72BB79751} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-17] (Google Inc.)
Task: {E490FC15-B2CD-42D9-BCB6-6A79C62279E8} - System32\Tasks\{FF2F81BF-2DA7-4AA9-A303-17D9A7CF8178} => pcalua.exe -a "C:\Users\loriza\Downloads\emailstripper-installer (1).exe" -d C:\Users\loriza\Desktop
Task: {E71E2B4E-2DFB-4E44-A294-442580B6250E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {EBDC112C-F2D6-4772-BFFF-55BCD4A06490} - System32\Tasks\{6DDFDDB8-DA66-4243-A057-0705885E7C8F} => pcalua.exe -a D:\setup.EXE -d D:\ -c /AUTORUN
Task: {EFE3C952-3259-4F1B-9E82-8319C5130D2D} - System32\Tasks\Wise Turbo Checker => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe
Task: {FC179A76-641A-437A-9109-15E964852C8F} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\Dell Support Center\uaclauncher.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 09fa3fbf-2c42-43a2-bce8-ccf3c8713520.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task f71a260a-b154-44be-b8c3-0c15962212cf.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\Dell Support Center\uaclauncher.exe
Task: C:\Windows\Tasks\Wise Care 365.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe
Task: C:\Windows\Tasks\Wise Turbo Checker.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe
==================== Loaded Modules (whitelisted) ==============
2014-01-20 13:02 - 2011-11-10 22:43 - 00155480 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCv5ExtMenu_64.dll
2010-03-05 06:21 - 2010-03-05 06:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2010-03-05 06:21 - 2010-03-05 06:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2010-11-17 07:35 - 2010-11-17 07:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2010-02-28 01:33 - 2010-02-28 01:33 - 00077664 _____ () C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
2014-01-20 13:02 - 2011-04-21 16:54 - 00347024 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 5\madExcept_.bpl
2014-01-20 13:02 - 2011-04-21 16:54 - 00179088 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 5\madBasic_.bpl
2014-01-20 13:02 - 2011-04-21 16:54 - 00046480 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 5\madDisAsm_.bpl
2015-01-17 09:57 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-01-17 09:57 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-01-17 09:57 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-01-17 09:57 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-01-17 09:57 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2011-03-26 15:48 - 2010-08-11 15:19 - 00056544 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STCoreXml.dll
2011-03-26 15:48 - 2010-08-11 15:19 - 00113888 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll
2011-03-26 15:48 - 2010-08-11 15:19 - 00126176 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
2014-08-16 02:47 - 2014-08-16 02:47 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\16b6ac2f10565cd734d5bbeff760c842\IsdiInterop.ni.dll
2011-03-26 15:00 - 2010-06-08 07:44 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2010-11-24 19:44 - 2010-11-24 19:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2007-01-08 17:39 - 2007-01-08 17:39 - 00026184 _____ () C:\Program Files (x86)\Nova Development\Photo Explosion Deluxe 3.0\uvipl.dll
2007-01-08 17:27 - 2007-01-08 17:27 - 00025672 _____ () C:\Program Files (x86)\Nova Development\Photo Explosion Deluxe 3.0\cpuinf32.dll
2007-01-08 17:40 - 2007-01-08 17:40 - 00566856 _____ () C:\Program Files (x86)\Nova Development\Photo Explosion Deluxe 3.0\uviplA6.DLL
2014-04-03 13:57 - 2014-06-05 20:38 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:C46995DA
AlternateDataStreams: C:\Users\loriza\Documents\contingency removal.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\loriza\Documents\contingency removal.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Registry Areas =====================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3246205657-874441744-2172450925-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\loriza\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3246205657-874441744-2172450925-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\loriza wixx\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3246205657-874441744-2172450925-1006\Control Panel\Desktop\\Wallpaper -> C:\Users\Jes\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3246205657-874441744-2172450925-1008\Control Panel\Desktop\\Wallpaper -> C:\Users\lori\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)

==================== Accounts: =============================
Administrator (S-1-5-21-3246205657-874441744-2172450925-500 - Administrator - Disabled)
Guest (S-1-5-21-3246205657-874441744-2172450925-501 - Limited - Disabled)
Jes (S-1-5-21-3246205657-874441744-2172450925-1006 - Limited - Enabled) => C:\Users\Jes
lori (S-1-5-21-3246205657-874441744-2172450925-1008 - Administrator - Enabled) => C:\Users\lori
loriza (S-1-5-21-3246205657-874441744-2172450925-1001 - Limited - Enabled) => C:\Users\loriza
loriza wixx (S-1-5-21-3246205657-874441744-2172450925-1003 - Limited - Enabled) => C:\Users\loriza wixx
==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (02/15/2015 01:55:11 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (02/15/2015 01:04:10 AM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Failed to process session change. System.ComponentModel.Win32Exception (0x80004005): Key (Users\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall) could not be opened Error: 87, Hive: Users, Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
at Avira.OE.WinCore.Utility.RegistryValueWatcher.CheckResultAndThrowWin32Exception(Int32 result, String message)
at Avira.OE.WinCore.Utility.RegistryValueWatcher.OpenRegKey()
at Avira.OE.WinCore.Utility.RegistryValueWatcher.Start()
at Avira.OE.ServiceHost.AppInfoRepositoryFactory.CreateRegistryAppInfoRepository(RegistryHive registryHive, String registryPath, RegistryView registryView)
at Avira.OE.ServiceHost.DesktopApplications.UpdateUserAppInfoRepository(String userSid)
at Avira.OE.ServiceHost.DesktopApplications.UpdateOnNewUserSid(String userSid)
at Avira.OE.ServiceHost.DesktopApplications.OnSessionChange(Int32 sessionId, SessionChangeReason reason)
at Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
at System.Ser...
Error: (02/13/2015 02:54:20 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (02/13/2015 02:53:23 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (02/13/2015 00:31:22 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (02/13/2015 00:31:22 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (02/13/2015 00:29:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PanUI.exe, version: 13.2.0.3, time stamp: 0x4b913daa
Faulting module name: PanUI.exe, version: 13.2.0.3, time stamp: 0x4b913daa
Exception code: 0xc000000d
Fault offset: 0x00000000000bde04
Faulting process id: 0x1610
Faulting application start time: 0xPanUI.exe0
Faulting application path: PanUI.exe1
Faulting module path: PanUI.exe2
Report Id: PanUI.exe3
Error: (02/13/2015 00:19:59 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (02/13/2015 00:19:59 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (02/13/2015 00:18:43 AM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Failed to process session change. System.ComponentModel.Win32Exception (0x80004005): Key (Users\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall) could not be opened Error: 87, Hive: Users, Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
at Avira.OE.WinCore.Utility.RegistryValueWatcher.CheckResultAndThrowWin32Exception(Int32 result, String message)
at Avira.OE.WinCore.Utility.RegistryValueWatcher.OpenRegKey()
at Avira.OE.WinCore.Utility.RegistryValueWatcher.Start()
at Avira.OE.ServiceHost.AppInfoRepositoryFactory.CreateRegistryAppInfoRepository(RegistryHive registryHive, String registryPath, RegistryView registryView)
at Avira.OE.ServiceHost.DesktopApplications.UpdateUserAppInfoRepository(String userSid)
at Avira.OE.ServiceHost.DesktopApplications.UpdateOnNewUserSid(String userSid)
at Avira.OE.ServiceHost.DesktopApplications.OnSessionChange(Int32 sessionId, SessionChangeReason reason)
at Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
at System.Ser...

System errors:
=============
Error: (02/14/2015 11:39:30 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
Error: (02/13/2015 08:38:22 AM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
Error: (02/13/2015 01:27:15 AM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
Error: (02/13/2015 01:08:58 AM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
Error: (02/12/2015 11:55:05 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\drivers\pfc.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (02/12/2015 11:54:34 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
Error: (02/12/2015 06:52:45 PM) (Source: volsnap) (EventID: 14) (User: )
Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.
Error: (02/12/2015 06:45:16 PM) (Source: volsnap) (EventID: 14) (User: )
Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.
Error: (02/12/2015 06:30:21 PM) (Source: volsnap) (EventID: 14) (User: )
Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.
Error: (02/12/2015 06:22:44 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Microsoft Office Sessions:
=========================
Error: (02/15/2015 01:55:11 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\loriza\Downloads\esetsmartinstaller_enu.exe
Error: (02/15/2015 01:04:10 AM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Failed to process session change. System.ComponentModel.Win32Exception (0x80004005): Key (Users\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall) could not be opened Error: 87, Hive: Users, Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
at Avira.OE.WinCore.Utility.RegistryValueWatcher.CheckResultAndThrowWin32Exception(Int32 result, String message)
at Avira.OE.WinCore.Utility.RegistryValueWatcher.OpenRegKey()
at Avira.OE.WinCore.Utility.RegistryValueWatcher.Start()
at Avira.OE.ServiceHost.AppInfoRepositoryFactory.CreateRegistryAppInfoRepository(RegistryHive registryHive, String registryPath, RegistryView registryView)
at Avira.OE.ServiceHost.DesktopApplications.UpdateUserAppInfoRepository(String userSid)
at Avira.OE.ServiceHost.DesktopApplications.UpdateOnNewUserSid(String userSid)
at Avira.OE.ServiceHost.DesktopApplications.OnSessionChange(Int32 sessionId, SessionChangeReason reason)
at Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
at System.Ser...
Error: (02/13/2015 02:54:20 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
Error: (02/13/2015 02:53:23 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Cozi Express\CoziExpress.exe
Error: (02/13/2015 00:31:22 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Cozi Express\CoziExpress.exe
Error: (02/13/2015 00:31:22 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Cozi Express\CoziExpress.exe
Error: (02/13/2015 00:29:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: PanUI.exe13.2.0.34b913daaPanUI.exe13.2.0.34b913daac000000d00000000000bde04161001d04765e5edce59C:\Program Files\Intel\WiFi\bin\PanUI.exeC:\Program Files\Intel\WiFi\bin\PanUI.exe6d00e218-b35a-11e4-9469-b6c7807da8fa
Error: (02/13/2015 00:19:59 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Cozi Express\CoziExpress.exe
Error: (02/13/2015 00:19:59 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Cozi Express\CoziExpress.exe
Error: (02/13/2015 00:18:43 AM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Failed to process session change. System.ComponentModel.Win32Exception (0x80004005): Key (Users\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall) could not be opened Error: 87, Hive: Users, Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
at Avira.OE.WinCore.Utility.RegistryValueWatcher.CheckResultAndThrowWin32Exception(Int32 result, String message)
at Avira.OE.WinCore.Utility.RegistryValueWatcher.OpenRegKey()
at Avira.OE.WinCore.Utility.RegistryValueWatcher.Start()
at Avira.OE.ServiceHost.AppInfoRepositoryFactory.CreateRegistryAppInfoRepository(RegistryHive registryHive, String registryPath, RegistryView registryView)
at Avira.OE.ServiceHost.DesktopApplications.UpdateUserAppInfoRepository(String userSid)
at Avira.OE.ServiceHost.DesktopApplications.UpdateOnNewUserSid(String userSid)
at Avira.OE.ServiceHost.DesktopApplications.OnSessionChange(Int32 sessionId, SessionChangeReason reason)
at Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
at System.Ser...

==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz
Percentage of memory in use: 53%
Total physical RAM: 5942.68 MB
Available physical RAM: 2742.61 MB
Total Pagefile: 11883.55 MB
Available Pagefile: 7445.09 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:581.42 GB) (Free:506.2 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: () (Removable) (Total:3.83 GB) (Free:3.59 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 59E62B41)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=581.4 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 3.8 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
 
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==========================================

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.

redtarget.gif
Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

Already installed:
2.0 Threat Scan
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
How to get logs:
(Export log to save as txt)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.
(Copy to clipboard for pasting into forum replies or tickets)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

redtarget.gif
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select [URL='https://www.techspot.com/guides/1718-run-as-administrator-explained/]Run As Administrator[/URL]
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.


redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
So, I have tried to run the Roguekiller several times. It runs for about 12 minutes, detecting 54 items. After checking processes and folders up to the windows\sysWow64\ folder, and the program closes abruptly. When I reopen the roguekiller to scan again, I notice the "driver loaded" is not on for the second scan. I do get a message saying Malware detected, Windows defender removing it during the scan of windows\system64. The second scan closes abruptly a bit sooner then the first.
RogueKiller V12.9.0.0 (x64) [Dec 26 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : loriza [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan Aborted -- Date : 12/26/2016 07:53:55 (Duration : 00:00:49)
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 0 ¤¤¤
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ WMI : 0 ¤¤¤
¤¤¤ Hosts File : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0x20]) ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
 
I am providing 2 logs, Malwarebytes, before and after.
Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 12/26/16
Scan Time: 9:42 AM
Logfile:
Administrator: Yes
-Software Information-
Version: 3.0.5.1299
Components Version: 1.0.43
Update Package Version: 1.0.864
License: Trial
-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: LORIZA-PC\loriza
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 576472
Time Elapsed: 11 min, 26 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 53
PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}, Quarantined, [1317], [332494],1.0.864
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}, Quarantined, [1317], [332494],1.0.864
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}, Quarantined, [1317], [332494],1.0.864
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\TYPELIB\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}, Quarantined, [1317], [327206],1.0.864
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\INTERFACE\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}, Quarantined, [1317], [327206],1.0.864
PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}, Quarantined, [1317], [327206],1.0.864
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}, Quarantined, [1317], [327206],1.0.864
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\INTERFACE\{BD51A48E-EB5F-4454-8774-EF962DF64546}, Quarantined, [1317], [327206],1.0.864
PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{BD51A48E-EB5F-4454-8774-EF962DF64546}, Quarantined, [1317], [327206],1.0.864
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{BD51A48E-EB5F-4454-8774-EF962DF64546}, Quarantined, [1317], [327206],1.0.864
PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}, Quarantined, [1317], [327206],1.0.864
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}, Quarantined, [1317], [327206],1.0.864
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}, Quarantined, [1317], [327206],1.0.864
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}, Quarantined, [1317], [327205],1.0.864
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\REI_AxControl.ReiEngine, Quarantined, [1317], [327205],1.0.864
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\REI_AxControl.ReiEngine.1, Quarantined, [1317], [327205],1.0.864
PUP.Optional.Reimage, HKU\S-1-5-21-3246205657-874441744-2172450925-1008\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{10ECCE17-29B5-4880-A8F5-EAD298611484}, Quarantined, [1317], [327205],1.0.864
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\APPID\REI_AxControl.DLL, Quarantined, [1317], [327193],1.0.864
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\REI_AxControl.DLL, Quarantined, [1317], [327193],1.0.864
PUP.Optional.SlimCleanerPlus, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\SlimCleaner Plus (Scheduled Scan - loriza), Quarantined, [1657], [334109],1.0.864
PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{4BDFADD9-7AEE-498C-8F93-4CC46DC0B36B}, Quarantined, [1226], [258706],1.0.864
PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{A7F62B70-713F-49B4-9879-AA22BE77D3A6}, Quarantined, [1226], [258707],1.0.864
PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\System Healer Task, Quarantined, [1226], [252787],1.0.864
PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{AF837327-9AB4-4885-BD69-5EC81321B1B7}, Quarantined, [1226], [258706],1.0.864
PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{C4779A68-E7A7-4644-9D97-90ED594443E5}, Quarantined, [1226], [258707],1.0.864
PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\System HealerPeriod, Quarantined, [1226], [252787],1.0.864
PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D72EBF9C-D92F-47D3-B18F-7E5E69400457}, Quarantined, [1226], [258706],1.0.864
PUP.Optional.SlimCleanerPlus, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F98D2934-A0D1-4B92-B338-1B9EBC5F16ED}, Quarantined, [1657], [334102],1.0.864
PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\System HealerStartUp, Quarantined, [1226], [252787],1.0.864
PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\SystemHealer Monitor, Quarantined, [1226], [252788],1.0.864
PUP.Optional.Reimage, HKLM\SOFTWARE\REIMAGE\Reimage Repair, Quarantined, [1317], [336077],1.0.864
PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\SystemHealer Run Delay, Quarantined, [1226], [252788],1.0.864
PUP.Optional.SystemHealer, HKU\S-1-5-21-3246205657-874441744-2172450925-1001\SOFTWARE\SYSTEM HEALER, Quarantined, [1226], [252826],1.0.864
PUP.Optional.AshampooRegistryCleaner, HKU\S-1-5-21-3246205657-874441744-2172450925-1001\SOFTWARE\AML\Registry Cleaner, Quarantined, [2705], [354941],1.0.864
PUP.Optional.SystemHealer, HKU\S-1-5-21-3246205657-874441744-2172450925-1008\SOFTWARE\SYSTEM HEALER, Quarantined, [1226], [252826],1.0.864
PUP.Optional.AshampooRegistryCleaner, HKU\S-1-5-21-3246205657-874441744-2172450925-1008\SOFTWARE\AML\Registry Cleaner, Quarantined, [2705], [354941],1.0.864
PUP.Optional.SearchManager.ChrPRST, HKU\S-1-5-21-3246205657-874441744-2172450925-1008\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\bahkljhhdeciiaodlkppoonappfnheoi, Quarantined, [14626], [260810],1.0.864
Adware.NowUSeeIt, HKU\S-1-5-21-3246205657-874441744-2172450925-1001\SOFTWARE\NowUSeeItPlayer, Quarantined, [17545], [251334],1.0.864
PUP.Optional.InstallCore, HKU\S-1-5-21-3246205657-874441744-2172450925-1008\SOFTWARE\csastats, Quarantined, [8], [260986],1.0.864
PUP.Optional.ProductSetup, HKU\S-1-5-21-3246205657-874441744-2172450925-1008\SOFTWARE\PRODUCTSETUP, Quarantined, [16943], [242047],1.0.864
PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\REI_AxControl.DLL, Quarantined, [1317], [327193],1.0.864
PUP.Optional.SearchManager.ChrPRST, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\bahkljhhdeciiaodlkppoonappfnheoi, Quarantined, [14626], [259286],1.0.864
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\WOW6432NODE\SLIMWARE UTILITIES? INC.\DriverApp, Delete-on-Reboot, [1207], [341522],1.0.864
PUP.Optional.DriverUpdate, HKU\S-1-5-21-3246205657-874441744-2172450925-1001\SOFTWARE\SLIMWARE UTILITIES INC\DriverUpdate, Quarantined, [1207], [341521],1.0.864
PUP.Optional.SlimCleanerPlus, HKU\S-1-5-21-3246205657-874441744-2172450925-1001\SOFTWARE\SLIMWARE UTILITIES INC\SlimCleaner Plus, Quarantined, [1657], [340171],1.0.864
PUP.Optional.SystemHealer, HKU\S-1-5-21-3246205657-874441744-2172450925-1006\SOFTWARE\SYSTEM HEALER, Quarantined, [1226], [252826],1.0.864
PUP.Optional.SearchManager.ChrPRST, HKU\S-1-5-21-3246205657-874441744-2172450925-1008\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\bahkljhhdeciiaodlkppoonappfnheoi, Quarantined, [14626], [260810],1.0.864
PUP.Optional.OneSystemCare, HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\POWER\USER\POWERSCHEMES\04262113-2a31-48e1-b4bb-3b42174bea0f, Quarantined, [580], [336950],1.0.864
PUP.Optional.OneSystemCare, HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\POWER\USER\POWERSCHEMES\e24b7131-d039-43cb-9e6f-ad4be601ec1f, Quarantined, [580], [336950],1.0.864
PUP.Optional.Reimage, HKU\S-1-5-21-3246205657-874441744-2172450925-1008\SOFTWARE\REIMAGE\PC REPAIR, Quarantined, [1317], [327204],1.0.864
PUP.Optional.MediaPlayAir, HKU\S-1-5-21-3246205657-874441744-2172450925-1008\SOFTWARE\UNDEFINED, Quarantined, [1356], [334354],1.0.864
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\WOW6432NODE\SLIMWARE UTILITIES INC\DriverUpdate, Quarantined, [1207], [338931],1.0.864
PUP.Optional.SlimCleanerPlus, HKLM\SOFTWARE\WOW6432NODE\SLIMWARE UTILITIES INC\SlimCleaner Plus, Quarantined, [1657], [338932],1.0.864
Registry Value: 21
PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{4BDFADD9-7AEE-498C-8F93-4CC46DC0B36B}|PATH, Quarantined, [1226], [258706],1.0.864
PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{A7F62B70-713F-49B4-9879-AA22BE77D3A6}|PATH, Quarantined, [1226], [258707],1.0.864
PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{AF837327-9AB4-4885-BD69-5EC81321B1B7}|PATH, Quarantined, [1226], [258706],1.0.864
PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{C4779A68-E7A7-4644-9D97-90ED594443E5}|PATH, Quarantined, [1226], [258707],1.0.864
PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D72EBF9C-D92F-47D3-B18F-7E5E69400457}|PATH, Quarantined, [1226], [258706],1.0.864
PUP.Optional.SlimCleanerPlus, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F98D2934-A0D1-4B92-B338-1B9EBC5F16ED}|PATH, Quarantined, [1657], [334102],1.0.864
PUP.Optional.VulnerableDellSystemDetect, HKU\S-1-5-21-3246205657-874441744-2172450925-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|DELLSYSTEMDETECT, Quarantined, [17556], [251680],1.0.864
PUP.Optional.SystemHealer, HKU\S-1-5-21-3246205657-874441744-2172450925-1001\SOFTWARE\SYSTEM HEALER|HOMEPAGE, Quarantined, [1226], [252826],1.0.864
PUP.Optional.SystemHealer, HKU\S-1-5-21-3246205657-874441744-2172450925-1001\SOFTWARE\SYSTEM HEALER|CARTURL, Quarantined, [1226], [261796],1.0.864
PUP.Optional.SystemHealer, HKU\S-1-5-21-3246205657-874441744-2172450925-1001\SOFTWARE\SYSTEM HEALER|SUPPORTPAGE, Quarantined, [1226], [252826],1.0.864
PUP.Optional.SystemHealer, HKU\S-1-5-21-3246205657-874441744-2172450925-1008\SOFTWARE\SYSTEM HEALER|HOMEPAGE, Quarantined, [1226], [252826],1.0.864
PUP.Optional.SystemHealer, HKU\S-1-5-21-3246205657-874441744-2172450925-1008\SOFTWARE\SYSTEM HEALER|CARTURL, Quarantined, [1226], [261796],1.0.864
PUP.Optional.SystemHealer, HKU\S-1-5-21-3246205657-874441744-2172450925-1008\SOFTWARE\SYSTEM HEALER|SUPPORTPAGE, Quarantined, [1226], [252826],1.0.864
PUP.Optional.ProductSetup, HKU\S-1-5-21-3246205657-874441744-2172450925-1008\SOFTWARE\PRODUCTSETUP|TB, Quarantined, [16943], [242047],1.0.864
PUP.Optional.SystemHealer, HKU\S-1-5-21-3246205657-874441744-2172450925-1006\SOFTWARE\SYSTEM HEALER|HOMEPAGE, Quarantined, [1226], [252826],1.0.864
PUP.Optional.SystemHealer, HKU\S-1-5-21-3246205657-874441744-2172450925-1006\SOFTWARE\SYSTEM HEALER|CARTURL, Quarantined, [1226], [261796],1.0.864
PUP.Optional.SystemHealer, HKU\S-1-5-21-3246205657-874441744-2172450925-1006\SOFTWARE\SYSTEM HEALER|SUPPORTPAGE, Quarantined, [1226], [252826],1.0.864
PUP.Optional.OneSystemCare, HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\POWER\USER\POWERSCHEMES\04262113-2a31-48e1-b4bb-3b42174bea0f|DESCRIPTION, Quarantined, [580], [336950],1.0.864
PUP.Optional.OneSystemCare, HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\POWER\USER\POWERSCHEMES\e24b7131-d039-43cb-9e6f-ad4be601ec1f|DESCRIPTION, Quarantined, [580], [336950],1.0.864
PUP.Optional.Reimage, HKU\S-1-5-21-3246205657-874441744-2172450925-1008\SOFTWARE\REIMAGE\PC REPAIR|QUITMESSAGE, Quarantined, [1317], [327204],1.0.864
PUP.Optional.MediaPlayAir, HKU\S-1-5-21-3246205657-874441744-2172450925-1008\SOFTWARE\UNDEFINED|FLASHPLAYERPRO [1].EXE, Quarantined, [1356], [334354],1.0.864
Data Stream: 0
(No malicious items detected)
Folder: 33
PUP.Optional.SystemHealer, C:\Users\lori\AppData\Roaming\System Healer\Languages, Quarantined, [1226], [181294],1.0.864
PUP.Optional.SystemHealer, C:\Users\lori\AppData\Roaming\System Healer\WL, Quarantined, [1226], [181294],1.0.864
PUP.Optional.SystemHealer, C:\USERS\LORI\APPDATA\ROAMING\System Healer, Quarantined, [1226], [181294],1.0.864
PUP.Optional.SystemHealer, C:\PROGRAM FILES (X86)\SystemHealer, Quarantined, [1226], [182463],1.0.864
PUP.Optional.DriverUpdate, C:\Users\loriza\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Images, Quarantined, [1207], [341510],1.0.864
PUP.Optional.DriverUpdate, C:\Users\loriza\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs, Quarantined, [1207], [341510],1.0.864
PUP.Optional.DriverUpdate, C:\USERS\LORIZA\APPDATA\LOCAL\SlimWare Utilities Inc\DriverUpdate, Quarantined, [1207], [341510],1.0.864
PUP.Optional.SlimCleanerPlus, C:\Users\loriza\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\Cache\Local Storage, Quarantined, [1657], [340170],1.0.864
PUP.Optional.SlimCleanerPlus, C:\Users\loriza\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\Cache, Quarantined, [1657], [340170],1.0.864
PUP.Optional.SlimCleanerPlus, C:\USERS\LORIZA\APPDATA\LOCAL\SlimWare Utilities Inc\SlimCleaner Plus, Quarantined, [1657], [340170],1.0.864
PUP.Optional.SystemHealer, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SYSTEM HEALER, Quarantined, [1226], [181295],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\skin\icons\weather, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\content\external, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\content\chrome, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\content\common, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\content\search, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\skin\external, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\skin\images, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\skin\fonts, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\skin\icons, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\_metadata, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\skin\css, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\content, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\skin, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\USERS\LORI\APPDATA\LOCAL\CHROMIUM\USER DATA\DEFAULT\EXTENSIONS\BAHKLJHHDECIIAODLKPPOONAPPFNHEOI, Quarantined, [14626], [182129],1.0.864
Adware.NowUSeeIt, C:\USERS\LORIZA\APPDATA\LOCAL\NOWUSEEITPLAYER, Quarantined, [17545], [251333],1.0.864
PUP.Optional.MindSpark, C:\Users\Jes\AppData\Roaming\Mozilla\Firefox\Profiles\d2kri8ns.default\extensions\_5zMembers_@www.couponxplorer.com\META-INF, Quarantined, [343], [302304],1.0.864
PUP.Optional.MindSpark, C:\Users\Jes\AppData\Roaming\Mozilla\Firefox\Profiles\d2kri8ns.default\extensions\_5zMembers_@www.couponxplorer.com\chrome, Quarantined, [343], [302304],1.0.864
PUP.Optional.MindSpark, C:\USERS\JES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D2KRI8NS.DEFAULT\EXTENSIONS\_5ZMEMBERS_@WWW.COUPONXPLORER.COM, Quarantined, [343], [302304],1.0.864
PUP.Optional.WinYahoo, C:\Users\lori\AppData\Local\{3200045C-16A8-68E4-7B30-4D0C5F58B194}\HowToRemove, Quarantined, [116], [302717],1.0.864
PUP.Optional.WinYahoo, C:\USERS\LORI\APPDATA\LOCAL\{3200045C-16A8-68E4-7B30-4D0C5F58B194}, Quarantined, [116], [302717],1.0.864
PUP.Optional.MindSpark, C:\USERS\JES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D2KRI8NS.DEFAULT\CouponXplorer_5z, Quarantined, [343], [240302],1.0.864
File: 209
PUP.Optional.SystemHealer, C:\Users\lori\AppData\Roaming\System Healer\Languages\Danish.xml, Quarantined, [1226], [181294],1.0.864
PUP.Optional.SystemHealer, C:\Users\lori\AppData\Roaming\System Healer\Languages\Dutch.xml, Quarantined, [1226], [181294],1.0.864
PUP.Optional.SystemHealer, C:\Users\lori\AppData\Roaming\System Healer\Languages\English.xml, Quarantined, [1226], [181294],1.0.864
PUP.Optional.SystemHealer, C:\Users\lori\AppData\Roaming\System Healer\Languages\French.xml, Quarantined, [1226], [181294],1.0.864
PUP.Optional.SystemHealer, C:\Users\lori\AppData\Roaming\System Healer\Languages\German.xml, Quarantined, [1226], [181294],1.0.864
PUP.Optional.SystemHealer, C:\Users\lori\AppData\Roaming\System Healer\Languages\Italian.xml, Quarantined, [1226], [181294],1.0.864
PUP.Optional.SystemHealer, C:\Users\lori\AppData\Roaming\System Healer\Languages\Norwegian.xml, Quarantined, [1226], [181294],1.0.864
PUP.Optional.SystemHealer, C:\Users\lori\AppData\Roaming\System Healer\Languages\Parameters.xml, Quarantined, [1226], [181294],1.0.864
PUP.Optional.SystemHealer, C:\Users\lori\AppData\Roaming\System Healer\Languages\Portuguese.xml, Quarantined, [1226], [181294],1.0.864
PUP.Optional.SystemHealer, C:\Users\lori\AppData\Roaming\System Healer\Languages\Spanish.xml, Quarantined, [1226], [181294],1.0.864
PUP.Optional.SystemHealer, C:\Users\lori\AppData\Roaming\System Healer\Languages\Swedish.xml, Quarantined, [1226], [181294],1.0.864
PUP.Optional.SystemHealer, C:\Users\lori\AppData\Roaming\System Healer\CallBanner.png, Quarantined, [1226], [181294],1.0.864
PUP.Optional.SystemHealer, C:\Users\lori\AppData\Roaming\System Healer\FinishedScan.png, Quarantined, [1226], [181294],1.0.864
PUP.Optional.SystemHealer, C:\WINDOWS\SYSTEM32\TASKS\{7E790447-0C78-0B04-0A11-7F790409110C}, Quarantined, [1226], [-1],0.0.0
PUP.Optional.SystemHealer, C:\Program Files (x86)\SystemHealer\HealerCheckout.exe, Quarantined, [1226], [182463],1.0.864
PUP.Optional.SystemHealer, C:\Program Files (x86)\SystemHealer\HealerConsole.exe, Quarantined, [1226], [182463],1.0.864
PUP.Optional.SystemHealer, C:\Program Files (x86)\SystemHealer\RescueMonitor.exe, Quarantined, [1226], [182463],1.0.864
PUP.Optional.SystemHealer, C:\Program Files (x86)\SystemHealer\SHShellExtension.dll, Quarantined, [1226], [182463],1.0.864
PUP.Optional.SystemHealer, C:\Program Files (x86)\SystemHealer\SystemHealer.exe, Quarantined, [1226], [182463],1.0.864
PUP.Optional.SystemHealer, C:\Program Files (x86)\SystemHealer\SystemHealer.ini, Quarantined, [1226], [182463],1.0.864
PUP.Optional.DriverUpdate, C:\Users\loriza\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Images\acer.png, Quarantined, [1207], [341510],1.0.864
PUP.Optional.DriverUpdate, C:\Users\loriza\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2016-10-28 20-34-12 0.log, Quarantined, [1207], [341510],1.0.864
PUP.Optional.DriverUpdate, C:\Users\loriza\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2016-10-28 20-34-28 0.log, Quarantined, [1207], [341510],1.0.864
PUP.Optional.DriverUpdate, C:\Users\loriza\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2016-10-28 20-36-56 0.log, Quarantined, [1207], [341510],1.0.864
PUP.Optional.DriverUpdate, C:\Users\loriza\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2016-11-01 08-39-02 0.log, Quarantined, [1207], [341510],1.0.864
PUP.Optional.DriverUpdate, C:\Users\loriza\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2016-11-02 10-41-17 0.log, Quarantined, [1207], [341510],1.0.864
PUP.Optional.DriverUpdate, C:\Users\loriza\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2016-11-04 08-39-01 0.log, Quarantined, [1207], [341510],1.0.864
PUP.Optional.DriverUpdate, C:\Users\loriza\AppData\Local\SlimWare Utilities Inc\DriverUpdate\ignores.dat, Quarantined, [1207], [341510],1.0.864
PUP.Optional.DriverUpdate, C:\Users\loriza\AppData\Local\SlimWare Utilities Inc\DriverUpdate\rupdates.db, Quarantined, [1207], [341510],1.0.864
PUP.Optional.DriverUpdate, C:\Users\loriza\AppData\Local\SlimWare Utilities Inc\DriverUpdate\settings.db, Quarantined, [1207], [341510],1.0.864
PUP.Optional.DriverUpdate, C:\Users\loriza\AppData\Local\SlimWare Utilities Inc\DriverUpdate\supdates.db, Quarantined, [1207], [341510],1.0.864
PUP.Optional.DriverUpdate, C:\Users\loriza\AppData\Local\SlimWare Utilities Inc\DriverUpdate\SWDUMon.cat, Quarantined, [1207], [341510],1.0.864
PUP.Optional.DriverUpdate, C:\Users\loriza\AppData\Local\SlimWare Utilities Inc\DriverUpdate\SWDUMon.inf, Quarantined, [1207], [341510],1.0.864
PUP.Optional.DriverUpdate, C:\Users\loriza\AppData\Local\SlimWare Utilities Inc\DriverUpdate\SWDUMon.sys, Quarantined, [1207], [341510],1.0.864
PUP.Optional.SlimCleanerPlus, C:\Users\loriza\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\Cache\Local Storage\ui_main_0.localstorage, Quarantined, [1657], [340170],1.0.864
PUP.Optional.SlimCleanerPlus, C:\Users\loriza\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\Cache\Local Storage\ui_main_0.localstorage-journal, Quarantined, [1657], [340170],1.0.864
PUP.Optional.SlimCleanerPlus, C:\Users\loriza\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\cookiefilter.db, Quarantined, [1657], [340170],1.0.864
PUP.Optional.SlimCleanerPlus, C:\Users\loriza\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\settings, Quarantined, [1657], [340170],1.0.864
PUP.Optional.SystemHealer, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer\Launch System Healer.lnk, Quarantined, [1226], [181295],1.0.864
PUP.Optional.SystemHealer, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer\System Healer on the Web.url, Quarantined, [1226], [181295],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\content\chrome\common.js, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\content\chrome\lifecycle.js, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\content\chrome\settings.js, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User
 
Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\content\chrome\setup.js, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\content\chrome\utils.js, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\content\common\conf-sys.js, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\content\common\conf.js, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\content\common\prefs-sys.js, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\content\common\prefs.js, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\content\common\settings-dev.js, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\content\external\jquery-2.1.1.min.js, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\content\external\md5.min.js, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\content\external\spectrum.css, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\content\external\spectrum.js, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\content\external\string.min.js, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\content\external\underscore-min.js, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\content\search\AutoSuggest.js, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\content\search\contentscript.js, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\content\search\newtab-base.js, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\content\search\search-engines.js, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\content\search\search-form.js, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\content\search\search-images.js, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\content\search\search-redirect.js, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\content\background.html, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\content\newtab.html, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\skin\css\newtab.css, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\skin\css\search.css, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\skin\css\search2.css, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\skin\css\styles.css, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\skin\external\normalize.css, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\skin\fonts\HelveticaNeue-Thin.otf, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\skin\fonts\neue-bold.woff, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\skin\fonts\neue.woff, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\skin\icons\weather\01d.svg, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\skin\icons\weather\01n.svg, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\skin\icons\weather\02d.svg, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\skin\icons\weather\02n.svg, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\skin\icons\weather\03d.svg, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\skin\icons\weather\03n.svg, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\skin\icons\weather\04d.svg, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\skin\icons\weather\04n.svg, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\skin\icons\weather\09d.svg, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\skin\icons\weather\09n.svg, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\skin\icons\weather\10d.svg, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\skin\icons\weather\10n.svg, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\skin\icons\weather\11d.svg, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\skin\icons\weather\11n.svg, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\skin\icons\weather\13d.svg, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\skin\icons\weather\13n.svg, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\skin\icons\weather\50d.svg, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\skin\icons\weather\50n.svg, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\skin\icons\128.png, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\skin\icons\16.png, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\skin\icons\48.png, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\skin\images\bg.jpg, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\skin\images\bing.png, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\skin\images\bluesky-bg.jpg, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\skin\images\brush.png, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\skin\images\clock.png, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\skin\images\cloud.png, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\skin\images\cupcake-bg.jpg, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\skin\images\desk-bg.jpg, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\skin\images\doodle.png, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\skin\images\down.png, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\skin\images\google.png, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\skin\images\mountain-bg.jpg, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\skin\images\sea-bg.jpg, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\skin\images\yahoo.png, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\skin\images\yahoo.svg, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\_metadata\verified_contents.json, Quarantined, [14626], [182129],1.0.864
PUP.Optional.SearchManager.ChrPRST, C:\Users\lori\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.17_0\manifest.json, Quarantined, [14626], [182129],1.0.864
PUP.Optional.WinYahoo, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\HOWTOREMOVE.HTML.LNK, Quarantined, [116], [254335],1.0.864
PUP.Optional.MindSpark.Generic, C:\USERS\JES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D2KRI8NS.DEFAULT\PREFS.JS, Replaced, [1049], [319354],1.0.864
PUP.Optional.MindSpark.Generic, C:\USERS\JES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D2KRI8NS.DEFAULT\PREFS.JS, Replaced, [1049], [319354],1.0.864
PUP.Optional.MindSpark.Generic, C:\USERS\JES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D2KRI8NS.DEFAULT\PREFS.JS, Replaced, [1049], [319354],1.0.864
PUP.Optional.MindSpark.Generic, C:\USERS\JES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D2KRI8NS.DEFAULT\PREFS.JS, Replaced, [1049], [319354],1.0.864
PUP.Optional.MindSpark.Generic, C:\USERS\JES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D2KRI8NS.DEFAULT\PREFS.JS, Replaced, [1049], [319354],1.0.864
PUP.Optional.MindSpark.Generic, C:\USERS\JES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D2KRI8NS.DEFAULT\PREFS.JS, Replaced, [1049], [319354],1.0.864
PUP.Optional.MindSpark.Generic, C:\USERS\JES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D2KRI8NS.DEFAULT\PREFS.JS, Replaced, [1049], [319354],1.0.864
PUP.Optional.MindSpark.Generic, C:\USERS\JES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D2KRI8NS.DEFAULT\PREFS.JS, Replaced, [1049], [319354],1.0.864
PUP.Optional.MindSpark.Generic, C:\USERS\JES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D2KRI8NS.DEFAULT\PREFS.JS, Replaced, [1049], [319354],1.0.864
PUP.Optional.MindSpark.Generic, C:\USERS\JES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D2KRI8NS.DEFAULT\PREFS.JS, Replaced, [1049], [319354],1.0.864
PUP.Optional.MindSpark.Generic, C:\USERS\JES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D2KRI8NS.DEFAULT\PREFS.JS, Replaced, [1049], [319354],1.0.864
PUP.Optional.MindSpark.Generic, C:\USERS\JES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D2KRI8NS.DEFAULT\PREFS.JS, Replaced, [1049], [319354],1.0.864
PUP.Optional.MindSpark.Generic, C:\USERS\JES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D2KRI8NS.DEFAULT\PREFS.JS, Replaced, [1049], [319354],1.0.864
PUP.Optional.MindSpark.Generic, C:\USERS\JES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D2KRI8NS.DEFAULT\PREFS.JS, Replaced, [1049], [319354],1.0.864
PUP.Optional.MindSpark.Generic, C:\USERS\JES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D2KRI8NS.DEFAULT\PREFS.JS, Replaced, [1049], [319354],1.0.864
PUP.Optional.MindSpark.Generic, C:\USERS\JES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D2KRI8NS.DEFAULT\PREFS.JS, Replaced, [1049], [319354],1.0.864
PUP.Optional.MindSpark.Generic, C:\USERS\JES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D2KRI8NS.DEFAULT\PREFS.JS, Replaced, [1049], [319354],1.0.864
PUP.Optional.MindSpark.Generic, C:\USERS\JES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D2KRI8NS.DEFAULT\PREFS.JS, Replaced, [1049], [319354],1.0.864
PUP.Optional.MindSpark.Generic, C:\USERS\JES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D2KRI8NS.DEFAULT\PREFS.JS, Replaced, [1049], [319354],1.0.864
PUP.Optional.MindSpark.Generic, C:\USERS\JES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D2KRI8NS.DEFAULT\PREFS.JS, Replaced, [1049], [319354],1.0.864
PUP.Optional.MindSpark.Generic, C:\USERS\JES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D2KRI8NS.DEFAULT\PREFS.JS, Replaced, [1049], [319354],1.0.864
PUP.Optional.MindSpark.Generic, C:\USERS\JES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D2KRI8NS.DEFAULT\PREFS.JS, Replaced, [1049], [319354],1.0.864
PUP.Optional.MindSpark.Generic, C:\USERS\JES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D2KRI8NS.DEFAULT\PREFS.JS, Replaced, [1049], [319354],1.0.864
PUP.Optional.MindSpark.Generic, C:\USERS\JES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D2KRI8NS.DEFAULT\PREFS.JS, Replaced, [1049], [319354],1.0.864
PUP.Optional.MindSpark.Generic, C:\USERS\JES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D2KRI8NS.DEFAULT\PREFS.JS, Replaced, [1049], [319354],1.0.864
PUP.Optional.MindSpark.Generic, C:\USERS\JES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D2KRI8NS.DEFAULT\PREFS.JS, Replaced, [1049], [319354],1.0.864
PUP.Optional.MindSpark.Generic, C:\USERS\JES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D2KRI8NS.DEFAULT\PREFS.JS, Replaced, [1049], [319354],1.0.864
PUP.Optional.MindSpark.Generic, C:\USERS\JES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D2KRI8NS.DEFAULT\PREFS.JS, Replaced, [1049], [319354],1.0.864
PUP.Optional.MindSpark.Generic, C:\USERS\JES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D2KRI8NS.DEFAULT\PREFS.JS, Replaced, [1049], [319354],1.0.864
PUP.Optional.MindSpark.Generic, C:\USERS\JES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D2KRI8NS.DEFAULT\PREFS.JS, Replaced, [1049], [319354],1.0.864
PUP.Optional.MindSpark.Generic, C:\USERS\JES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D2KRI8NS.DEFAULT\PREFS.JS, Replaced, [1049], [319354],1.0.864
PUP.Optional.MindSpark.Generic, C:\USERS\JES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D2KRI8NS.DEFAULT\PREFS.JS, Replaced, [1049], [319354],1.0.864
PUP.Optional.MindSpark.Generic, C:\USERS\JES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D2KRI8NS.DEFAULT\PREFS.JS, Replaced, [1049], [319354],1.0.864
PUP.Optional.MindSpark.Generic, C:\USERS\JES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D2KRI8NS.DEFAULT\PREFS.JS, Replaced, [1049], [319354],1.0.864
PUP.Optional.MindSpark.Generic, C:\USERS\JES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D2KRI8NS.DEFAULT\PREFS.JS, Replaced, [1049], [319354],1.0.864
PUP.Optional.MindSpark.Generic, C:\USERS\JES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D2KRI8NS.DEFAULT\PREFS.JS, Replaced, [1049], [319354],1.0.864
PUP.Optional.MindSpark.Generic, C:\USERS\JES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D2KRI8NS.DEFAULT\PREFS.JS, Replaced, [1049], [319354],1.0.864
PUP.Optional.MindSpark.Generic, C:\USERS\JES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D2KRI8NS.DEFAULT\PREFS.JS, Replaced, [1049], [319354],1.0.864
PUP.Optional.MindSpark.Generic, C:\USERS\JES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D2KRI8NS.DEFAULT\PREFS.JS, Replaced, [1049], [319354],1.0.864
PUP.Optional.WinYahoo, C:\USERS\LORI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EGL6NLO1.DEFAULT-1420413239925\PREFS.JS, Replaced, [116], [303324],1.0.864
PUP.Optional.Reimage, C:\USERS\LORIZA\APPDATA\LOCAL\TEMP\REIMAGE.LOG, Quarantined, [1317], [334717],1.0.864
PUP.Optional.Slimware, C:\USERS\LORIZA\APPDATA\LOCAL\TEMP\SCP4C4F.TMP.EXE, Quarantined, [1932], [338168],1.0.864
PUP.Optional.SystemHealer, C:\USERS\PUBLIC\DESKTOP\LAUNCH SYSTEM HEALER.LNK, Quarantined, [1226], [252782],1.0.864
PUP.Optional.Reimage, C:\USERS\LORIZA\APPDATA\LOCAL\TEMP\~NSU.TMP\BU_.EXE, Quarantined, [1317], [327181],1.0.864
PUP.Optional.Reimage, C:\USERS\LORIZA\APPDATA\LOCAL\TEMP\~NSU.TMP\AU_.EXE, Quarantined, [1317], [331559],1.0.864
PUP.Optional.InstallCore, C:\USERS\LORI\DOWNLOADS\FLASHPLAYERPRO [1].EXE, Quarantined, [8], [121962],1.0.864
PUP.Optional.Reimage, C:\WINDOWS\TEMP\REIMAGE.LOG, Quarantined, [1317], [334717],1.0.864
PUP.Optional.Reimage, C:\USERS\LORI\DOWNLOADS\REIMAGEREPAIR.EXE, Quarantined, [1317], [331559],1.0.864
PUP.Optional.DriverDetective, C:\USERS\LORIZA\DOWNLOADS\DRIVERDETECTIVE.EXE, Quarantined, [1878], [335971],1.0.864
 
PUP.Optional.TweakBit.Generic, C:\USERS\LORIZA\DOWNLOADS\FIX_WINDOWS%20UPDATE-SETUP.EXE, Quarantined, [2454], [349180],1.0.864
PUP.Optional.TweakBit.Generic, C:\USERS\LORIZA\DOWNLOADS\FIX_WINDOWS%20UPDATE-SETUP(1).EXE, Quarantined, [2454], [349180],1.0.864
PUP.Optional.TweakBit.Generic, C:\USERS\LORIZA\DOWNLOADS\FIX-MY-PC-SETUP.EXE, Quarantined, [2454], [349180],1.0.864
PUP.Optional.BundleInstaller, C:\USERS\LORIZA\DOWNLOADS\FLASHPLAYERPRO.EXE, Quarantined, [38], [18947],1.0.864
PUP.Optional.Reimage, C:\USERS\LORIZA\DOWNLOADS\REIMAGEREPAIR.EXE, Quarantined, [1317], [331559],1.0.864
PUP.Optional.OpenCandy, C:\USERS\LORIZA\DOWNLOADS\KEYFINDERINSTALLER.EXE, Quarantined, [645], [123245],1.0.864
PUP.Optional.DriverUpdate, C:\USERS\LORIZA\DOWNLOADS\DRIVERUPDATE-SETUP.EXE, Quarantined, [1207], [331447],1.0.864
Adware.NowUSeeIt, C:\USERS\LORIZA\APPDATA\LOCAL\NOWUSEEITPLAYER\NOWUSEEITPLAYER.DAT, Quarantined, [17545], [251333],1.0.864
Adware.NowUSeeIt, C:\Users\loriza\AppData\Local\NowUSeeItPlayer\NowUSeeItPlayer.cfg, Quarantined, [17545], [251333],1.0.864
PUP.Optional.SystemHealer, C:\WINDOWS\SYSTEM32\TASKS\System Healer Task, Quarantined, [1226], [252783],1.0.864
PUP.Optional.SystemHealer, C:\WINDOWS\SYSTEM32\TASKS\System HealerPeriod, Quarantined, [1226], [252783],1.0.864
PUP.Optional.SystemHealer, C:\WINDOWS\SYSTEM32\TASKS\System HealerStartUp, Quarantined, [1226], [252783],1.0.864
PUP.Optional.SpeedItUp, C:\WINDOWS\REIMAGE.INI, Quarantined, [1421], [329423],1.0.864
PUP.Optional.MindSpark, C:\USERS\JES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D2KRI8NS.DEFAULT\EXTENSIONS\_5ZMEMBERS_@WWW.COUPONXPLORER.COM\INSTALL.RDF, Quarantined, [343], [302304],1.0.864
PUP.Optional.MindSpark, C:\Users\Jes\AppData\Roaming\Mozilla\Firefox\Profiles\d2kri8ns.default\extensions\_5zMembers_@www.couponxplorer.com\chrome\ffxtbr.jar, Quarantined, [343], [302304],1.0.864
PUP.Optional.MindSpark, C:\Users\Jes\AppData\Roaming\Mozilla\Firefox\Profiles\d2kri8ns.default\extensions\_5zMembers_@www.couponxplorer.com\META-INF\manifest.mf, Quarantined, [343], [302304],1.0.864
PUP.Optional.MindSpark, C:\Users\Jes\AppData\Roaming\Mozilla\Firefox\Profiles\d2kri8ns.default\extensions\_5zMembers_@www.couponxplorer.com\META-INF\mozilla.rsa, Quarantined, [343], [302304],1.0.864
PUP.Optional.MindSpark, C:\Users\Jes\AppData\Roaming\Mozilla\Firefox\Profiles\d2kri8ns.default\extensions\_5zMembers_@www.couponxplorer.com\META-INF\mozilla.sf, Quarantined, [343], [302304],1.0.864
PUP.Optional.MindSpark, C:\Users\Jes\AppData\Roaming\Mozilla\Firefox\Profiles\d2kri8ns.default\extensions\_5zMembers_@www.couponxplorer.com\bootstrap.js, Quarantined, [343], [302304],1.0.864
PUP.Optional.MindSpark, C:\Users\Jes\AppData\Roaming\Mozilla\Firefox\Profiles\d2kri8ns.default\extensions\_5zMembers_@www.couponxplorer.com\chrome.manifest, Quarantined, [343], [302304],1.0.864
PUP.Optional.MindSpark, C:\Users\Jes\AppData\Roaming\Mozilla\Firefox\Profiles\d2kri8ns.default\extensions\_5zMembers_@www.couponxplorer.com\chrome.manifest.restartless, Quarantined, [343], [302304],1.0.864
PUP.Optional.WinYahoo, C:\USERS\LORI\APPDATA\LOCAL\{3200045C-16A8-68E4-7B30-4D0C5F58B194}\HOWTOREMOVE\HOWTOREMOVE.HTML, Quarantined, [116], [302717],1.0.864
PUP.Optional.WinYahoo, C:\Users\lori\AppData\Local\{3200045C-16A8-68E4-7B30-4D0C5F58B194}\HowToRemove\chromium-min.jpg, Quarantined, [116], [302717],1.0.864
PUP.Optional.WinYahoo, C:\Users\lori\AppData\Local\{3200045C-16A8-68E4-7B30-4D0C5F58B194}\HowToRemove\control panel-min-min.JPG, Quarantined, [116], [302717],1.0.864
PUP.Optional.WinYahoo, C:\Users\lori\AppData\Local\{3200045C-16A8-68E4-7B30-4D0C5F58B194}\HowToRemove\down.png, Quarantined, [116], [302717],1.0.864
PUP.Optional.WinYahoo, C:\Users\lori\AppData\Local\{3200045C-16A8-68E4-7B30-4D0C5F58B194}\HowToRemove\ff menu.JPG, Quarantined, [116], [302717],1.0.864
PUP.Optional.WinYahoo, C:\Users\lori\AppData\Local\{3200045C-16A8-68E4-7B30-4D0C5F58B194}\HowToRemove\ff search engine-min.png, Quarantined, [116], [302717],1.0.864
PUP.Optional.WinYahoo, C:\Users\lori\AppData\Local\{3200045C-16A8-68E4-7B30-4D0C5F58B194}\HowToRemove\hp-min ff.png, Quarantined, [116], [302717],1.0.864
PUP.Optional.WinYahoo, C:\Users\lori\AppData\Local\{3200045C-16A8-68E4-7B30-4D0C5F58B194}\HowToRemove\hp-min ie.png, Quarantined, [116], [302717],1.0.864
PUP.Optional.WinYahoo, C:\Users\lori\AppData\Local\{3200045C-16A8-68E4-7B30-4D0C5F58B194}\HowToRemove\search engine.gif, Quarantined, [116], [302717],1.0.864
PUP.Optional.WinYahoo, C:\Users\lori\AppData\Local\{3200045C-16A8-68E4-7B30-4D0C5F58B194}\HowToRemove\setup pages.gif, Quarantined, [116], [302717],1.0.864
PUP.Optional.WinYahoo, C:\Users\lori\AppData\Local\{3200045C-16A8-68E4-7B30-4D0C5F58B194}\HowToRemove\sp-min.png, Quarantined, [116], [302717],1.0.864
PUP.Optional.WinYahoo, C:\Users\lori\AppData\Local\{3200045C-16A8-68E4-7B30-4D0C5F58B194}\HowToRemove\start-min.jpg, Quarantined, [116], [302717],1.0.864
PUP.Optional.WinYahoo, C:\Users\lori\AppData\Local\{3200045C-16A8-68E4-7B30-4D0C5F58B194}\HowToRemove\up.png, Quarantined, [116], [302717],1.0.864
PUP.Optional.WinYahoo, C:\Users\lori\AppData\Local\{3200045C-16A8-68E4-7B30-4D0C5F58B194}\config.dat, Quarantined, [116], [302717],1.0.864
PUP.Optional.WinYahoo, C:\Users\lori\AppData\Local\{3200045C-16A8-68E4-7B30-4D0C5F58B194}\info.dat, Quarantined, [116], [302717],1.0.864
PUP.Optional.WinYahoo, C:\Users\lori\AppData\Local\{3200045C-16A8-68E4-7B30-4D0C5F58B194}\install.log, Quarantined, [116], [302717],1.0.864
PUP.Optional.WinYahoo, C:\Users\lori\AppData\Local\{3200045C-16A8-68E4-7B30-4D0C5F58B194}\nafi, Quarantined, [116], [302717],1.0.864
PUP.Optional.WinYahoo, C:\Users\lori\AppData\Local\{3200045C-16A8-68E4-7B30-4D0C5F58B194}\Sqlite3.dll, Quarantined, [116], [302717],1.0.864
PUP.Optional.WinYahoo, C:\Users\lori\AppData\Local\{3200045C-16A8-68E4-7B30-4D0C5F58B194}\uninst.dat, Quarantined, [116], [302717],1.0.864
PUP.Optional.SystemHealer, C:\WINDOWS\TASKS\SYSTEM HEALERSTARTUP.JOB, Quarantined, [1226], [252785],1.0.864
PUP.Optional.SlimCleanerPlus, C:\WINDOWS\SYSTEM32\TASKS\SlimCleaner Plus (Scheduled Scan - loriza), Quarantined, [1657], [334098],1.0.864
PUP.Optional.WinYahoo, C:\USERS\LORI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EGL6NLO1.DEFAULT-1420413239925\SEARCHPLUGINS\SEARCH PROVIDED BY YAHOO.XML, Quarantined, [116], [302449],1.0.864
PUP.Optional.SlimCleanerPlus, C:\WINDOWS\TASKS\SLIMCLEANER PLUS (SCHEDULED SCAN - LORIZA).JOB, Quarantined, [1657], [331621],1.0.864
PUP.Optional.SystemHealer, C:\WINDOWS\TASKS\SYSTEM HEALERPERIOD.JOB, Quarantined, [1226], [252785],1.0.864
PUP.Optional.MindSpark, C:\USERS\JES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D2KRI8NS.DEFAULT\CouponXplorer_5z\2298693A-113F-43B6-95F1-8AD1C30F094E.sqlite, Quarantined, [343], [240302],1.0.864
PUP.Optional.SystemHealer, C:\WINDOWS\SYSTEM32\TASKS\SystemHealer Monitor, Quarantined, [1226], [252784],1.0.864
PUP.Optional.SystemHealer, C:\WINDOWS\SYSTEM32\TASKS\SystemHealer Run Delay, Quarantined, [1226], [252784],1.0.864
Physical Sector: 0
(No malicious items detected)

(end)
 
Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 12/28/16
Scan Time: 10:58 AM
Logfile:
Administrator: Yes
-Software Information-
Version: 3.0.5.1299
Components Version: 1.0.43
Update Package Version: 1.0.878
License: Trial
-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: LORIZA-PC\loriza
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 577003
Time Elapsed: 10 min, 22 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 0
(No malicious items detected)
Registry Value: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 0
(No malicious items detected)
Physical Sector: 0
(No malicious items detected)
(end)
# AdwCleaner v6.041 - Logfile created 26/12/2016 at 19:30:46
# Updated on 16/12/2016 by Malwarebytes
# Database : 2016-12-26.3 [Server]
# Operating System : Windows 10 Home (X64)
# Username : loriza - LORIZA-PC
# Running from : C:\Users\loriza\Desktop\adwcleaner_6.041.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support
***** [ Services ] *****
[-] Service deleted: swdumon
***** [ Folders ] *****
[-] Folder deleted: C:\ProgramData\Avg_Update_0814tb
[-] Folder deleted: C:\Users\loriza\AppData\Local\iWin
[-] Folder deleted: C:\Users\loriza\AppData\Local\slimware utilities inc
[-] Folder deleted: C:\Users\loriza\AppData\Local\YSearchUtil
[#] Folder deleted on reboot: C:\Users\loriza\AppData\Local\SlimWare Utilities Inc
[-] Folder deleted: C:\Users\loriza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pogo Games
[-] Folder deleted: C:\Users\lori\AppData\Local\iWin
[-] Folder deleted: C:\ProgramData\iWin
[-] Folder deleted: C:\ProgramData\iwin games
[#] Folder deleted on reboot: C:\ProgramData\Application Data\iWin
[#] Folder deleted on reboot: C:\ProgramData\Application Data\iwin games
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iwin games
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pogo Games
[-] Folder deleted: C:\Users\Public\Documents\Downloaded Installers
[-] Folder deleted: C:\Program Files (x86)\iwin games
***** [ Files ] *****
[-] File deleted: C:\WINDOWS\SysNative\reimage.rep
[-] File deleted: C:\WINDOWS\SysNative\drivers\swdumon.sys
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Shortcuts ] *****
***** [ Scheduled Tasks ] *****
[-] Task deleted: updateTask
***** [ Registry ] *****
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
[-] Key deleted: HKU\.DEFAULT\Software\Auslogics
[-] Key deleted: HKU\S-1-5-21-3246205657-874441744-2172450925-1001\Software\reimagerepair
[-] Key deleted: HKU\S-1-5-21-3246205657-874441744-2172450925-1001\Software\SlimWare Utilities Inc
[-] Key deleted: HKU\S-1-5-21-3246205657-874441744-2172450925-1001\Software\PogoDGC
[-] Key deleted: HKU\S-1-5-21-3246205657-874441744-2172450925-1001\Software\AppDataLow\Software\AVG Security Toolbar
[-] Key deleted: HKU\S-1-5-21-3246205657-874441744-2172450925-1006\Software\PogoDGC
[-] Key deleted: HKU\S-1-5-21-3246205657-874441744-2172450925-1008\Software\Reimage
[-] Key deleted: HKU\S-1-5-21-3246205657-874441744-2172450925-1008\Software\reimagerepair
[-] Key deleted: HKU\S-1-5-21-3246205657-874441744-2172450925-1008\Software\PogoDGC
[#] Key deleted on reboot: HKU\S-1-5-18\Software\Auslogics
[#] Key deleted on reboot: HKCU\Software\reimagerepair
[#] Key deleted on reboot: HKCU\Software\SlimWare Utilities Inc
[#] Key deleted on reboot: HKCU\Software\PogoDGC
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\AVG Security Toolbar
[-] Key deleted: HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
[-] Key deleted: HKLM\SOFTWARE\SlimWare Utilities Inc
[-] Key deleted: HKLM\SOFTWARE\Trymedia Systems
[-] Key deleted: HKLM\SOFTWARE\PogoDGC
[-] Key deleted: HKLM\SOFTWARE\Auslogics
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverUpdate
[#] Key deleted on reboot: [x64] HKCU\Software\reimagerepair
[#] Key deleted on reboot: [x64] HKCU\Software\SlimWare Utilities Inc
[#] Key deleted on reboot: [x64] HKCU\Software\PogoDGC
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\AVG Security Toolbar
[-] Key deleted: [x64] HKLM\SOFTWARE\Reimage
[-] Key deleted: [x64] HKLM\SOFTWARE\PogoDGC
[-] Key deleted: [x64] HKLM\SOFTWARE\WISECLEANER
[-] Key deleted: HKU\S-1-5-21-3246205657-874441744-2172450925-1001\Software\Microsoft\Internet Explorer\SearchScopes\{08A8ABB8-3DDD-47F5-B9CC-6041418135EA}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{08A8ABB8-3DDD-47F5-B9CC-6041418135EA}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{08A8ABB8-3DDD-47F5-B9CC-6041418135EA}
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\downspeedtest.dl.tb.ask.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\funpopulargames.dl.tb.ask.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\reimageplus.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\shopathome.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.shopathome.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\driverupdate.net
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.driverupdate.net
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\driverupdate.net
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.driverupdate.net
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\downspeedtest.dl.tb.ask.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\funpopulargames.dl.tb.ask.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\reimageplus.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\shopathome.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.shopathome.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\driverupdate.net
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.driverupdate.net
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\driverupdate.net
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.driverupdate.net
***** [ Web browsers ] *****
[-] Chrome preferences cleaned: "browser.startup.homepage" - "hxxp://hp.myway.com/couponxplorer/ttab02/index.html?coId=a5650951ca484e5f8d9d34274ae7d968&subId=couponpitstop-2&ln=en&n=782af59c&ptb=2298693A-113F-43B6-95F1-8AD1C30F094E&st=tab&p2=%5EAFA%5Exdm109%5ETTAB02%5Eus&si=couponpitstop-2"
[-] Chrome preferences cleaned: "browser.search.selectedEngine" - "Search Provided by Yahoo"
[-] Chrome preferences cleaned: "browser.search.defaultenginename" - "Search Provided by Yahoo"
*************************
:: "Tracing" keys deleted
:: Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [8405 Bytes] - [26/12/2016 19:30:46]
C:\AdwCleaner\AdwCleaner[R0].txt - [3820 Bytes] - [17/01/2015 09:27:18]
C:\AdwCleaner\AdwCleaner[R1].txt - [1472 Bytes] - [17/01/2015 09:32:53]
C:\AdwCleaner\AdwCleaner[R2].txt - [1592 Bytes] - [17/01/2015 09:37:54]
C:\AdwCleaner\AdwCleaner[R3].txt - [1652 Bytes] - [17/01/2015 09:44:38]
C:\AdwCleaner\AdwCleaner[R4].txt - [1712 Bytes] - [17/01/2015 09:51:06]
C:\AdwCleaner\AdwCleaner[R5].txt - [1775 Bytes] - [05/02/2015 17:19:45]
C:\AdwCleaner\AdwCleaner[S0].txt - [3998 Bytes] - [17/01/2015 09:29:18]
C:\AdwCleaner\AdwCleaner[S1].txt - [1588 Bytes] - [17/01/2015 09:35:01]
C:\AdwCleaner\AdwCleaner[S4].txt - [8874 Bytes] - [26/12/2016 18:22:52]
C:\AdwCleaner\AdwCleaner[S7].txt - [2276 Bytes] - [02/12/2015 19:27:30]
C:\AdwCleaner\AdwCleaner[S8].txt - [2157 Bytes] - [02/12/2015 22:21:06]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [9281 Bytes] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Home x64
Ran by loriza (Administrator) on Mon 12/26/2016 at 20:23:54.76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 1
Successfully deleted: C:\WINDOWS\SysWOW64\shoD47.tmp (File)
Deleted the following from C:\Users\loriza\AppData\Roaming\Mozilla\Firefox\Profiles\c4enke4u.default-1459449022379\prefs.js
user_pref(browser.newtab.url, hxxp://search.searchinfast.com?uid=1b2ee9f7-0e98-43f8-a5e7-d9b192326e82&uc=20160727&ap=appfocus5&source=googledisplay&page=newtab&implementati
Registry: 2
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} (Registry Key)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 12/26/2016 at 20:28:25.32
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
# AdwCleaner v6.041 - Logfile created 28/12/2016 at 11:24:09
# Updated on 16/12/2016 by Malwarebytes
# Database : 2016-12-26.3 [Local]
# Operating System : Windows 10 Home (X64)
# Username : loriza - LORIZA-PC
# Running from : C:\Users\loriza\Desktop\AdwCleaner.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support

***** [ Services ] *****
No malicious services found.

***** [ Folders ] *****
No malicious folders found.

***** [ Files ] *****
No malicious files found.

***** [ DLL ] *****
No malicious DLLs found.

***** [ WMI ] *****
No malicious keys found.

***** [ Shortcuts ] *****
No infected shortcut found.

***** [ Scheduled Tasks ] *****
No malicious task found.

***** [ Registry ] *****
No malicious registry entries found.

***** [ Web browsers ] *****
No malicious Firefox based browser items found.
No malicious Chromium based browser items found.
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [9436 Bytes] - [26/12/2016 19:30:46]
C:\AdwCleaner\AdwCleaner[R0].txt - [3820 Bytes] - [17/01/2015 09:27:18]
C:\AdwCleaner\AdwCleaner[R1].txt - [1472 Bytes] - [17/01/2015 09:32:53]
C:\AdwCleaner\AdwCleaner[R2].txt - [1592 Bytes] - [17/01/2015 09:37:54]
C:\AdwCleaner\AdwCleaner[R3].txt - [1652 Bytes] - [17/01/2015 09:44:38]
C:\AdwCleaner\AdwCleaner[R4].txt - [1712 Bytes] - [17/01/2015 09:51:06]
C:\AdwCleaner\AdwCleaner[R5].txt - [1775 Bytes] - [05/02/2015 17:19:45]
C:\AdwCleaner\AdwCleaner[S0].txt - [3998 Bytes] - [17/01/2015 09:29:18]
C:\AdwCleaner\AdwCleaner[S1].txt - [1588 Bytes] - [17/01/2015 09:35:01]
C:\AdwCleaner\AdwCleaner[S4].txt - [8874 Bytes] - [26/12/2016 18:22:52]
C:\AdwCleaner\AdwCleaner[S5].txt - [2014 Bytes] - [26/12/2016 20:12:52]
C:\AdwCleaner\AdwCleaner[S6].txt - [1789 Bytes] - [28/12/2016 11:24:09]
C:\AdwCleaner\AdwCleaner[S7].txt - [2276 Bytes] - [02/12/2015 19:27:30]
C:\AdwCleaner\AdwCleaner[S8].txt - [2157 Bytes] - [02/12/2015 22:21:06]
########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [2008 Bytes] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Home x64
Ran by loriza (Administrator) on Wed 12/28/2016 at 12:53:54.84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


File System: 0


Registry: 0


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 12/28/2016 at 12:58:05.81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
See if you can run RogueKiller now.
If not then...

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015
Ran by loriza (administrator) on LORIZA-PC (29-12-2016 20:55:38)
Running from C:\Users\loriza\Downloads
Loaded Profiles: loriza (Available Profiles: loriza & Jes & lori & DefaultAppPool)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
Failed to access process -> Memory Compression
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
() C:\Program Files\RogueKiller\RogueKiller64.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-28] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3246205657-874441744-2172450925-1001\...\Run: [HP ENVY 4520 series (NET)] => C:\Program Files\HP\HP ENVY 4520 series\Bin\ScanToPCActivationApp.exe [3651080 2015-03-09] (Hewlett-Packard Development Company, LP)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{0a3ea574-a397-460b-9e92-69cdf6848daa}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{5517dfee-42d1-4a66-8dd9-287908231ee9}: [DhcpNameServer] 192.168.42.129
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131272010246096384&GUID=1ABE7358-8B1B-2B25-76A2-A1CD8DC1C838
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131272010250787160&GUID=1ABE7358-8B1B-2B25-76A2-A1CD8DC1C838
HKU\S-1-5-21-3246205657-874441744-2172450925-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131272010247171604&GUID=1ABE7358-8B1B-2B25-76A2-A1CD8DC1C838
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3246205657-874441744-2172450925-1001 -> DefaultScope {7EA37319-9E94-47CA-BE8C-F0246D27EDA0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-3246205657-874441744-2172450925-1001 -> {7EA37319-9E94-47CA-BE8C-F0246D27EDA0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-3246205657-874441744-2172450925-1001 -> {B5CE4609-6ECC-4B56-B6AA-FC068BF6E178} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-12-28] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-28] (Oracle Corporation)
IE Session Restore: HKU\S-1-5-21-3246205657-874441744-2172450925-1001 -> is enabled.
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxps://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1449261703165
DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-09-15] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-09-15] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-09-15] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-09-15] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-09-15] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-09-15] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-09-15] (Microsoft Corporation)
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll [2016-07-16] (Microsoft Corporation)
Handler-x32: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll [2016-07-16] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\loriza\AppData\Roaming\Mozilla\Firefox\Profiles\c4enke4u.default-1459449022379
FF Homepage: hxxps://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-21] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-21] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-12-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll [2010-09-01] (Oberon-Media )
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Extension: DownloadManager - C:\Users\loriza\AppData\Roaming\Mozilla\Firefox\Profiles\c4enke4u.default-1459449022379\Extensions\@DownloadManager.xpi [2016-07-27]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-11-15]
Chrome:
=======
CHR Profile: C:\Users\loriza\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avira Browser Safety) - C:\Users\loriza\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-02-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\loriza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-29]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdvancedSystemCareService5; C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [913752 2012-03-14] (IObit)
R2 AESTFilters; C:\Program Files\IDT\WDM\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation) [File not signed]
S2 CDPUserSvc; C:\Windows\System32\CDPUserSvc.dll [339456 2016-11-11] (Microsoft Corporation)
R2 CDPUserSvc_4ada1; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R2 CDPUserSvc_4ada1; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
S3 FrameServer; C:\Windows\system32\FrameServer.dll [805888 2016-11-02] (Microsoft Corporation)
S3 HvHost; C:\Windows\System32\hvhostsvc.dll [67584 2016-07-16] (Microsoft Corporation)
S3 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe [144008 2016-02-24] (McAfee, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
S3 MessagingService; C:\Windows\System32\MessagingService.dll [52224 2016-07-16] (Microsoft Corporation)
S3 MessagingService_4ada1; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
S3 MessagingService_4ada1; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [26112 2016-09-28] (Microsoft Corporation)
R2 OneSyncSvc_4ada1; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R2 OneSyncSvc_4ada1; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R3 PimIndexMaintenanceSvc_4ada1; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R3 PimIndexMaintenanceSvc_4ada1; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
S3 RmSvc; C:\Windows\System32\RMapi.dll [140800 2016-09-15] (Microsoft Corporation)
S4 shpamsvc; C:\Windows\system32\Windows.SharedPC.AccountManager.dll [161792 2016-07-16] (Microsoft Corporation)
S2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [258048 2010-06-17] (IDT, Inc.) [File not signed]
S3 TieringEngineService; C:\Windows\system32\TieringEngineService.exe [287744 2016-07-16] (Microsoft Corporation)
R3 TimeBrokerSvc; C:\Windows\System32\TimeBrokerServer.dll [177664 2016-07-16] (Microsoft Corporation)
S4 tzautoupdate; C:\Windows\system32\tzautoupdate.dll [95232 2016-09-28] (Microsoft Corporation)
R3 UnistoreSvc_4ada1; C:\WINDOWS\System32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R3 UnistoreSvc_4ada1; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R3 UserDataSvc_4ada1; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R3 UserDataSvc_4ada1; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
S3 vmicrdv; C:\Windows\System32\icsvcext.dll [349696 2016-09-15] (Microsoft Corporation)
S3 vmicvss; C:\Windows\System32\icsvcext.dll [349696 2016-09-15] (Microsoft Corporation)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [83456 2016-09-28] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [568832 2016-09-28] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S3 wisvc; C:\Windows\system32\flightsettings.dll [635904 2016-11-02] (Microsoft Corporation)
S3 WpnUserService; C:\Windows\System32\WpnUserService.dll [74240 2016-07-16] (Microsoft Corporation)
S3 WpnUserService_4ada1; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
S3 WpnUserService_4ada1; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 A2DDA; C:\EEK\bin\a2ddax64.sys [26176 2015-02-07] (Emsisoft GmbH)
S3 AcpiDev; C:\Windows\System32\drivers\AcpiDev.sys [18432 2016-07-16] (Microsoft Corporation)
S3 applockerfltr; C:\Windows\System32\drivers\applockerfltr.sys [15360 2016-07-16] (Microsoft Corporation)
S0 b06bdrv; C:\Windows\System32\drivers\bxvbda.sys [533856 2016-07-16] (QLogic Corporation)
S3 bcmfn; C:\Windows\System32\drivers\bcmfn.sys [9728 2016-07-16] (Windows (R) Win 7 DDK provider)
S3 cht4iscsi; C:\Windows\System32\drivers\cht4sx64.sys [346976 2016-07-16] (Chelsio Communications)
S3 cht4vbd; C:\Windows\System32\drivers\cht4vx64.sys [2104160 2016-07-16] (Chelsio Communications)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-02-07] (Emsisoft GmbH)
R2 clreg; C:\Windows\System32\drivers\registry.sys [70144 2016-07-16] (Microsoft Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2016-12-14] ()
R1 GUBootStartup; C:\Windows\System32\Drivers\GUBootStartup.sys [20160 2015-09-28] (Glarysoft Ltd)
S3 hvservice; C:\Windows\System32\drivers\hvservice.sys [73568 2016-09-28] (Microsoft Corporation)
S3 iagpio; C:\Windows\System32\drivers\iagpio.sys [33280 2016-07-16] (Intel(R) Corporation)
S3 iai2c; C:\Windows\System32\drivers\iai2c.sys [81408 2016-07-16] (Intel(R) Corporation)
S3 iaLPSS2i_GPIO2; C:\Windows\System32\drivers\iaLPSS2i_GPIO2.sys [64512 2016-07-16] (Intel Corporation)
S3 iaLPSS2i_I2C; C:\Windows\System32\drivers\iaLPSS2i_I2C.sys [176384 2016-07-16] (Intel Corporation)
S3 IndirectKmd; C:\Windows\System32\drivers\IndirectKmd.sys [35840 2016-07-16] (Microsoft Corporation)
R0 iorate; C:\Windows\System32\drivers\iorate.sys [48992 2016-11-02] (Microsoft Corporation)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176064 2016-12-26] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [102856 2016-12-28] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2016-12-28] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [250816 2016-12-28] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2016-12-29] (Malwarebytes)
S0 megasas2i; C:\Windows\System32\drivers\MegaSas2i.sys [64352 2016-10-05] (Avago Technologies)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [175616 2016-09-28] (Microsoft Corporation)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S0 percsas2i; C:\Windows\System32\drivers\percsas2i.sys [58720 2016-07-16] (Avago Technologies)
R0 PxHlpa64; C:\Windows\SysWOW64\Drivers\PxHlpa64.sys [26720 2004-09-23] (Sonic Solutions) [File not signed]
S3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
S0 scmbus; C:\Windows\System32\drivers\scmbus.sys [88416 2016-07-16] (Microsoft Corporation)
S3 scmdisk0101; C:\Windows\System32\drivers\scmdisk0101.sys [123904 2016-07-16] (Microsoft Corporation)
S3 SCTDriverV1011; C:\Windows\system32\drivers\SCTDriverV1011.sys [261712 2010-11-09] (Jungo)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-12-28] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 UcmTcpciCx0101; C:\Windows\System32\Drivers\UcmTcpciCx.sys [108544 2016-07-16] (Microsoft Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [45568 2016-07-16] (Microsoft Corporation)
S3 vmgid; C:\Windows\System32\drivers\vmgid.sys [10240 2016-07-16] (Microsoft Corporation)
R0 volume; C:\Windows\System32\drivers\volume.sys [16224 2016-07-16] (Microsoft Corporation)
R2 wcifs; C:\Windows\system32\drivers\wcifs.sys [119648 2016-09-15] (Microsoft Corporation)
R2 wcnfs; C:\Windows\system32\drivers\wcnfs.sys [66560 2016-07-16] (Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U3 idsvc; no ImagePath
S3 PcdrNdisuio; \SystemRoot\syswow64\drivers\pcdrndisuio.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
NETSVC: shpamsvc -> C:\Windows\system32\Windows.SharedPC.AccountManager.dll (Microsoft Corporation)
NETSVC: WpnService -> C:\Windows\system32\WpnService.dll (Microsoft Corporation)
NETSVC: wisvc -> C:\Windows\system32\flightsettings.dll (Microsoft Corporation)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-29 20:48 - 2016-12-29 20:49 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2016-12-29 20:42 - 2016-12-29 20:47 - 180828568 _____ C:\Users\loriza\Desktop\Dell_Backup_and_Recovery_1.9.0.22.exe
2016-12-28 14:04 - 2016-12-28 14:05 - 00737344 _____ (Oracle Corporation) C:\Users\loriza\Downloads\JavaSetup8u111.exe
2016-12-28 12:18 - 2016-12-28 12:19 - 00000000 ____D C:\Users\loriza\Desktop\New folder (5)
2016-12-26 20:28 - 2016-12-28 12:58 - 00000556 _____ C:\Users\loriza\Desktop\JRT.txt
2016-12-26 20:11 - 2016-12-26 20:23 - 01663040 _____ (Malwarebytes) C:\Users\loriza\Downloads\JRT (1).exe
2016-12-26 18:17 - 2016-12-26 20:03 - 03977168 _____ C:\Users\loriza\Desktop\AdwCleaner.exe
2016-12-26 18:12 - 2016-12-26 18:13 - 00001140 _____ C:\Users\loriza\Desktop\malware result2.txt
2016-12-26 18:11 - 2016-12-26 18:11 - 00052780 _____ C:\Users\loriza\Desktop\malware result1.txt
2016-12-26 12:23 - 2016-12-26 12:23 - 00054791 _____ C:\Users\loriza\Desktop\malware results.txt
2016-12-26 09:40 - 2016-12-28 11:56 - 00000000 ____D C:\Users\loriza\AppData\Local\CrashDumps
2016-12-26 09:39 - 2016-12-29 20:54 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2016-12-26 09:39 - 2016-12-28 22:48 - 00250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-12-26 09:39 - 2016-12-28 22:48 - 00102856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2016-12-26 09:39 - 2016-12-28 22:48 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-12-26 09:39 - 2016-12-26 09:41 - 00176064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2016-12-26 09:39 - 2016-12-26 09:41 - 00001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2016-12-26 09:39 - 2016-12-26 09:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2016-12-26 09:39 - 2016-12-14 12:55 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2016-12-26 09:38 - 2016-12-26 09:38 - 00000000 ____D C:\Program Files\Malwarebytes
2016-12-26 09:37 - 2016-12-28 10:58 - 54199488 _____ (Malwarebytes ) C:\Users\loriza\Downloads\mb3-setup-consumer-3.0.5.1299 (1).exe
2016-12-26 09:28 - 2016-12-26 09:28 - 00001831 _____ C:\config.ini
2016-12-26 09:28 - 2016-12-26 09:28 - 00000000 ____D C:\Quarantine
2016-12-26 09:22 - 2016-12-26 09:22 - 34575032 _____ (Adlice Software ) C:\Users\loriza\Downloads\setup (4).exe
2016-12-26 07:53 - 2016-12-26 09:23 - 00000901 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2016-12-26 07:53 - 2016-12-26 09:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-12-26 07:53 - 2016-12-26 09:23 - 00000000 ____D C:\Program Files\RogueKiller
2016-12-26 07:52 - 2016-12-26 07:53 - 34575032 _____ (Adlice Software ) C:\Users\loriza\Downloads\setup (3).exe
2016-12-25 22:47 - 2016-12-25 22:49 - 00001378 _____ C:\Users\loriza\Desktop\Rkill.txt
2016-12-25 20:29 - 2016-12-28 22:49 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-12-25 20:28 - 2016-12-25 23:12 - 00000000 ____D C:\ProgramData\RogueKiller
2016-12-25 20:27 - 2016-12-28 12:53 - 01663040 _____ (Malwarebytes) C:\Users\loriza\Desktop\JRT.exe
2016-12-25 20:26 - 2016-12-26 18:17 - 03977168 _____ C:\Users\loriza\Desktop\adwcleaner_6.041.exe
2016-12-25 20:25 - 2016-12-25 20:25 - 03977168 _____ C:\Users\loriza\Downloads\adwcleaner_6.041.exe
2016-12-25 20:19 - 2016-12-26 09:40 - 54199488 _____ (Malwarebytes ) C:\Users\loriza\Downloads\mb3-setup-consumer-3.0.5.1299.exe
2016-12-25 20:18 - 2016-12-25 23:28 - 34221208 _____ (Adlice Software ) C:\Users\loriza\Downloads\setup (2).exe
2016-12-25 20:15 - 2016-12-25 20:15 - 34221208 _____ (Adlice Software ) C:\Users\loriza\Downloads\setup (1).exe
2016-12-25 19:54 - 2016-12-25 19:54 - 24714940 _____ (Adlice Software ) C:\Users\loriza\Downloads\setup.exe.1ksicwx.partial
2016-12-21 00:33 - 2016-12-21 00:33 - 00000000 __SHD C:\found.001
2016-12-13 23:16 - 2016-12-09 02:01 - 01503544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-12-13 23:16 - 2016-12-09 02:01 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-12-13 23:16 - 2016-12-09 01:57 - 06668040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-12-13 23:16 - 2016-12-09 01:52 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-12-13 23:16 - 2016-12-09 01:40 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-12-13 23:16 - 2016-12-09 01:34 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-12-13 23:16 - 2016-12-09 01:32 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-12-13 23:16 - 2016-12-09 01:30 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-12-13 23:16 - 2016-12-09 01:20 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-12-13 23:16 - 2016-12-09 01:18 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-12-13 23:16 - 2016-12-09 01:18 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-12-13 23:16 - 2016-12-09 01:17 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2016-12-13 23:16 - 2016-12-09 01:16 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-12-13 23:16 - 2016-12-09 01:16 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-12-13 23:16 - 2016-11-11 00:01 - 01969912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2016-12-13 23:16 - 2016-11-11 00:01 - 00167848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2016-12-13 23:16 - 2016-11-10 23:59 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-12-13 23:16 - 2016-11-10 23:54 - 00122208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\migisol.dll
2016-12-13 23:16 - 2016-11-10 23:49 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2016-12-13 23:16 - 2016-11-10 23:47 - 01430720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-12-13 23:16 - 2016-11-10 23:42 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-12-13 23:16 - 2016-11-10 23:42 - 00152416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTWorkQ.dll
2016-12-13 23:16 - 2016-11-10 23:41 - 00157536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudStorageWizard.exe
2016-12-13 23:16 - 2016-11-10 23:38 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-12-13 23:16 - 2016-11-10 23:27 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetCfgNotifyObjectHost.exe
2016-12-13 23:16 - 2016-11-10 23:27 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-12-13 23:16 - 2016-11-10 23:26 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgentc.exe
2016-12-13 23:16 - 2016-11-10 23:24 - 00519168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2016-12-13 23:16 - 2016-11-10 23:24 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-12-13 23:16 - 2016-11-10 23:23 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-12-13 23:16 - 2016-11-10 23:22 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2016-12-13 23:16 - 2016-11-10 23:21 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-12-13 23:16 - 2016-11-10 23:21 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2016-12-13 23:16 - 2016-11-10 23:20 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-12-13 23:16 - 2016-11-10 23:20 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-12-13 23:16 - 2016-11-10 23:20 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2016-12-13 23:16 - 2016-11-10 23:19 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2016-12-13 23:16 - 2016-11-10 23:19 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-12-13 23:16 - 2016-11-10 23:19 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupugc.exe
2016-12-13 23:16 - 2016-11-10 23:18 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2016-12-13 23:16 - 2016-11-10 23:18 - 01336320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2016-12-13 23:16 - 2016-11-10 23:18 - 01196544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2016-12-13 23:16 - 2016-11-10 23:18 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2016-12-13 23:16 - 2016-11-10 23:18 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2016-12-13 23:16 - 2016-11-10 23:18 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscinterop.dll
2016-12-13 23:16 - 2016-11-10 23:17 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe
2016-12-13 23:16 - 2016-11-10 23:16 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-12-13 23:16 - 2016-11-10 23:15 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-12-13 23:16 - 2016-11-10 23:15 - 01357824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-12-13 23:16 - 2016-11-10 23:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2016-12-13 23:16 - 2016-11-10 23:15 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-12-13 23:16 - 2016-11-10 23:12 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcuiu.dll
2016-12-13 23:16 - 2016-11-10 23:06 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-12-13 23:16 - 2016-11-10 23:06 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2016-12-13 23:16 - 2016-11-10 23:06 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxclu.dll
2016-12-13 23:16 - 2016-11-10 23:05 - 03370496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-12-13 23:16 - 2016-11-10 23:04 - 02682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2016-12-13 23:16 - 2016-11-10 23:04 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-12-13 23:16 - 2016-11-10 23:04 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2016-12-13 23:16 - 2016-11-10 23:04 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-12-13 23:16 - 2016-11-10 23:03 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-12-13 23:16 - 2016-11-10 23:03 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-12-13 23:16 - 2016-11-10 23:03 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2016-12-13 23:16 - 2016-11-10 23:02 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-12-13 23:15 - 2016-12-09 02:11 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-12-13 23:15 - 2016-12-09 02:01 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-12-13 23:15 - 2016-12-09 02:00 - 00106896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2016-12-13 23:15 - 2016-12-09 01:59 - 02166752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-12-13 23:15 - 2016-12-09 01:59 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-12-13 23:15 - 2016-12-09 01:57 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-12-13 23:15 - 2016-12-09 01:56 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-12-13 23:15 - 2016-12-09 01:52 - 01415752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2016-12-13 23:15 - 2016-12-09 01:51 - 00117240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2016-12-13 23:15 - 2016-12-09 01:41 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2016-12-13 23:15 - 2016-12-09 01:36 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2016-12-13 23:15 - 2016-12-09 01:34 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2016-12-13 23:15 - 2016-12-09 01:31 - 03689984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-12-13 23:15 - 2016-12-09 01:31 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-12-13 23:15 - 2016-12-09 01:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-12-13 23:15 - 2016-12-09 01:30 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-12-13 23:15 - 2016-12-09 01:28 - 03306496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-12-13 23:15 - 2016-12-09 01:27 - 19417088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-12-13 23:15 - 2016-12-09 01:23 - 12177920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-12-13 23:15 - 2016-12-09 01:20 - 03198464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-12-13 23:15 - 2016-12-09 01:18 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-12-13 23:15 - 2016-12-09 01:17 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2016-12-13 23:15 - 2016-12-09 01:16 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-12-13 23:15 - 2016-12-09 01:15 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-12-13 23:15 - 2016-12-09 01:15 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-12-13 23:15 - 2016-12-09 01:15 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2016-12-13 23:15 - 2016-12-09 00:54 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-12-13 23:15 - 2016-11-11 00:39 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-12-13 23:15 - 2016-11-11 00:01 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2016-12-13 23:15 - 2016-11-11 00:00 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-12-13 23:15 - 2016-11-10 23:49 - 00869848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2016-12-13 23:15 - 2016-11-10 23:49 - 00248480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-12-13 23:15 - 2016-11-10 23:48 - 02277248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-12-13 23:15 - 2016-11-10 23:47 - 05722832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-12-13 23:15 - 2016-11-10 23:47 - 00527880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-12-13 23:15 - 2016-11-10 23:42 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-12-13 23:15 - 2016-11-10 23:42 - 01123912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-12-13 23:15 - 2016-11-10 23:42 - 00952416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-12-13 23:15 - 2016-11-10 23:42 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2016-12-13 23:15 - 2016-11-10 23:42 - 00374448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2016-12-13 23:15 - 2016-11-10 23:42 - 00091936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfaudiocnv.dll
2016-12-13 23:15 - 2016-11-10 23:41 - 04311736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-12-13 23:15 - 2016-11-10 23:28 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2016-12-13 23:15 - 2016-11-10 23:25 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-12-13 23:15 - 2016-11-10 23:25 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-12-13 23:15 - 2016-11-10 23:24 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2016-12-13 23:15 - 2016-11-10 23:24 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-12-13 23:15 - 2016-11-10 23:23 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2016-12-13 23:15 - 2016-11-10 23:22 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-12-13 23:15 - 2016-11-10 23:21 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-12-13 23:15 - 2016-11-10 23:19 - 13868544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-12-13 23:15 - 2016-11-10 23:19 - 01755136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
2016-12-13 23:15 - 2016-11-10 23:19 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2016-12-13 23:15 - 2016-11-10 23:19 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2016-12-13 23:15 - 2016-11-10 23:19 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2016-12-13 23:15 - 2016-11-10 23:17 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2016-12-13 23:15 - 2016-11-10 23:15 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-12-13 23:15 - 2016-11-10 23:14 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2016-12-13 23:15 - 2016-11-10 23:13 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-12-13 23:15 - 2016-11-10 23:10 - 06109184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-12-13 23:15 - 2016-11-10 23:10 - 00746496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcprx.dll
2016-12-13 23:15 - 2016-11-10 23:09 - 05380608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-12-13 23:15 - 2016-11-10 23:09 - 00545280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2016-12-13 23:15 - 2016-11-10 23:08 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xolehlp.dll
2016-12-13 23:15 - 2016-11-10 23:06 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2016-12-13 23:15 - 2016-11-10 23:06 - 02362880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2016-12-13 23:15 - 2016-11-10 23:06 - 02109952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2016-12-13 23:15 - 2016-11-10 23:05 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-12-13 23:15 - 2016-11-10 23:04 - 01992704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-12-13 23:15 - 2016-11-10 23:04 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-12-13 23:15 - 2016-11-10 23:03 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2016-12-13 23:15 - 2016-11-10 23:03 - 01576448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-12-13 23:15 - 2016-11-10 23:03 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-12-13 23:15 - 2016-11-10 23:03 - 00565248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2016-12-13 23:10 - 2016-12-09 02:20 - 01738560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-12-13 23:10 - 2016-12-09 02:19 - 01293152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-12-13 23:10 - 2016-12-09 02:15 - 08168000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-12-13 23:10 - 2016-12-09 02:10 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-12-13 23:10 - 2016-12-09 01:45 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-12-13 23:10 - 2016-12-09 01:37 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-12-13 23:10 - 2016-12-09 01:36 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-12-13 23:10 - 2016-12-09 01:36 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2016-12-13 23:10 - 2016-12-09 01:29 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-12-13 23:10 - 2016-12-09 01:27 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-12-13 23:10 - 2016-12-09 01:26 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-12-13 23:10 - 2016-12-09 01:22 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-12-13 23:10 - 2016-12-09 01:21 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-12-13 23:10 - 2016-12-09 01:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-12-13 23:10 - 2016-12-09 01:21 - 01512960 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-12-13 23:10 - 2016-12-09 01:20 - 00730624 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-12-13 23:10 - 2016-12-09 01:19 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2016-12-13 23:10 - 2016-11-11 02:15 - 00198856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-12-13 23:10 - 2016-11-11 02:15 - 00101216 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceReactivation.dll
2016-12-13 23:10 - 2016-11-11 02:14 - 02186896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2016-12-13 23:10 - 2016-11-11 02:12 - 00128352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-12-13 23:10 - 2016-11-11 02:03 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32
 
\system32\Windows.Storage.ApplicationData.dll
2016-12-13 23:10 - 2016-11-11 02:02 - 00360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-12-13 23:10 - 2016-11-11 02:01 - 01859264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-12-13 23:10 - 2016-11-11 02:00 - 00223584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-12-13 23:10 - 2016-11-11 01:59 - 00433504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-12-13 23:10 - 2016-11-11 01:57 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-12-13 23:10 - 2016-11-11 01:56 - 00163752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll
2016-12-13 23:10 - 2016-11-11 01:55 - 01600624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-12-13 23:10 - 2016-11-11 01:55 - 00882680 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2016-12-13 23:10 - 2016-11-11 01:55 - 00743224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-12-13 23:10 - 2016-11-11 01:54 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-12-13 23:10 - 2016-11-11 01:51 - 00454592 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-12-13 23:10 - 2016-11-11 01:31 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-12-13 23:10 - 2016-11-11 01:28 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-12-13 23:10 - 2016-11-11 01:26 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\modem.sys
2016-12-13 23:10 - 2016-11-11 01:26 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgentc.exe
2016-12-13 23:10 - 2016-11-11 01:25 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-12-13 23:10 - 2016-11-11 01:24 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-12-13 23:10 - 2016-11-11 01:24 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2016-12-13 23:10 - 2016-11-11 01:24 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-12-13 23:10 - 2016-11-11 01:24 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2016-12-13 23:10 - 2016-11-11 01:23 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-12-13 23:10 - 2016-11-11 01:23 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-12-13 23:10 - 2016-11-11 01:22 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-12-13 23:10 - 2016-11-11 01:21 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-12-13 23:10 - 2016-11-11 01:21 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2016-12-13 23:10 - 2016-11-11 01:20 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2016-12-13 23:10 - 2016-11-11 01:20 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-12-13 23:10 - 2016-11-11 01:20 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2016-12-13 23:10 - 2016-11-11 01:20 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2016-12-13 23:10 - 2016-11-11 01:20 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-12-13 23:10 - 2016-11-11 01:20 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-12-13 23:10 - 2016-11-11 01:19 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-12-13 23:10 - 2016-11-11 01:19 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-12-13 23:10 - 2016-11-11 01:19 - 00388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2016-12-13 23:10 - 2016-11-11 01:19 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2016-12-13 23:10 - 2016-11-11 01:19 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-12-13 23:10 - 2016-11-11 01:17 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2016-12-13 23:10 - 2016-11-11 01:17 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-12-13 23:10 - 2016-11-11 01:17 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvSysprep.dll
2016-12-13 23:10 - 2016-11-11 01:16 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2016-12-13 23:10 - 2016-11-11 01:16 - 01477632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2016-12-13 23:10 - 2016-11-11 01:16 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-12-13 23:10 - 2016-11-11 01:16 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2016-12-13 23:10 - 2016-11-11 01:16 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2016-12-13 23:10 - 2016-11-11 01:15 - 00282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-12-13 23:10 - 2016-11-11 01:15 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscinterop.dll
2016-12-13 23:10 - 2016-11-11 01:15 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2016-12-13 23:10 - 2016-11-11 01:14 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-12-13 23:10 - 2016-11-11 01:14 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-12-13 23:10 - 2016-11-11 01:14 - 00615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2016-12-13 23:10 - 2016-11-11 01:14 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppnp.dll
2016-12-13 23:10 - 2016-11-11 01:13 - 00396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-12-13 23:10 - 2016-11-11 01:11 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpoext.dll
2016-12-13 23:10 - 2016-11-11 01:09 - 01366016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2016-12-13 23:10 - 2016-11-11 01:08 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2016-12-13 23:10 - 2016-11-11 01:07 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-12-13 23:10 - 2016-11-11 01:07 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-12-13 23:10 - 2016-11-11 01:07 - 00347648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2016-12-13 23:10 - 2016-11-11 01:06 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-12-13 23:10 - 2016-11-11 01:05 - 04136448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-12-13 23:10 - 2016-11-11 01:05 - 02852864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-12-13 23:10 - 2016-11-11 01:05 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-12-13 23:10 - 2016-11-11 01:04 - 02317312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-12-13 23:10 - 2016-11-11 01:04 - 01709056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-12-13 23:10 - 2016-11-11 01:04 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-12-13 23:10 - 2016-11-11 01:04 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-12-13 23:10 - 2016-11-11 01:04 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2016-12-13 23:10 - 2016-11-11 01:04 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-12-13 23:10 - 2016-11-11 01:03 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-12-13 23:10 - 2016-11-11 01:03 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2016-12-13 23:10 - 2016-11-11 01:02 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-12-13 23:09 - 2016-12-09 02:42 - 01637728 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-12-13 23:09 - 2016-12-09 02:42 - 00137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-12-13 23:09 - 2016-12-09 02:34 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-12-13 23:09 - 2016-12-09 02:34 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-12-13 23:09 - 2016-12-09 02:33 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-12-13 23:09 - 2016-12-09 02:33 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-12-13 23:09 - 2016-12-09 02:32 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-12-13 23:09 - 2016-12-09 02:30 - 00377184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-12-13 23:09 - 2016-12-09 02:29 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-13 23:09 - 2016-12-09 02:27 - 00172528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2016-12-13 23:09 - 2016-12-09 02:20 - 02677544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-12-13 23:09 - 2016-12-09 02:20 - 02189664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-12-13 23:09 - 2016-12-09 02:20 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-12-13 23:09 - 2016-12-09 02:20 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-12-13 23:09 - 2016-12-09 02:19 - 00168424 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2016-12-13 23:09 - 2016-12-09 02:18 - 02913144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-12-13 23:09 - 2016-12-09 02:18 - 01267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-12-13 23:09 - 2016-12-09 02:18 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-12-13 23:09 - 2016-12-09 02:15 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-12-13 23:09 - 2016-12-09 02:14 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-12-13 23:09 - 2016-12-09 02:14 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-12-13 23:09 - 2016-12-09 02:10 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-12-13 23:09 - 2016-12-09 01:47 - 22563328 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-12-13 23:09 - 2016-12-09 01:45 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2016-12-13 23:09 - 2016-12-09 01:42 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-12-13 23:09 - 2016-12-09 01:41 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2016-12-13 23:09 - 2016-12-09 01:37 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-12-13 23:09 - 2016-12-09 01:36 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-12-13 23:09 - 2016-12-09 01:33 - 03777536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-12-13 23:09 - 2016-12-09 01:33 - 01589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2016-12-13 23:09 - 2016-12-09 01:30 - 23677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-12-13 23:09 - 2016-12-09 01:28 - 01004544 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-12-13 23:09 - 2016-12-09 01:27 - 13084160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-12-13 23:09 - 2016-12-09 01:27 - 05114368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-12-13 23:09 - 2016-12-09 01:25 - 00376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
2016-12-13 23:09 - 2016-12-09 01:22 - 02820096 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-12-13 23:09 - 2016-12-09 01:22 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-12-13 23:09 - 2016-12-09 01:20 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-12-13 23:09 - 2016-12-09 01:20 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-12-13 23:09 - 2016-12-09 01:19 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-12-13 23:09 - 2016-12-09 01:19 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-12-13 23:09 - 2016-12-09 01:19 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-12-13 23:09 - 2016-12-09 01:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2016-12-13 23:09 - 2016-11-11 02:14 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2016-12-13 23:09 - 2016-11-11 02:14 - 00603488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2016-12-13 23:09 - 2016-11-11 02:13 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-12-13 23:09 - 2016-11-11 02:13 - 01886344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-12-13 23:09 - 2016-11-11 02:13 - 00352096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-12-13 23:09 - 2016-11-11 02:08 - 00142176 _____ (Microsoft Corporation) C:\WINDOWS\system32\migisol.dll
2016-12-13 23:09 - 2016-11-11 02:03 - 01069720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2016-12-13 23:09 - 2016-11-11 02:03 - 00266544 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-12-13 23:09 - 2016-11-11 02:02 - 02828376 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-12-13 23:09 - 2016-11-11 02:01 - 07219672 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-12-13 23:09 - 2016-11-11 02:01 - 00637400 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-12-13 23:09 - 2016-11-11 01:57 - 04130432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-12-13 23:09 - 2016-11-11 01:57 - 01473048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-12-13 23:09 - 2016-11-11 01:56 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-12-13 23:09 - 2016-11-11 01:56 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-12-13 23:09 - 2016-11-11 01:56 - 00424616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2016-12-13 23:09 - 2016-11-11 01:56 - 00187520 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudStorageWizard.exe
2016-12-13 23:09 - 2016-11-11 01:56 - 00126568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfaudiocnv.dll
2016-12-13 23:09 - 2016-11-11 01:29 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2016-12-13 23:09 - 2016-11-11 01:28 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CbtBackgroundManagerPolicy.dll
2016-12-13 23:09 - 2016-11-11 01:27 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-12-13 23:09 - 2016-11-11 01:27 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpremove.exe
2016-12-13 23:09 - 2016-11-11 01:26 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReportingCSP.dll
2016-12-13 23:09 - 2016-11-11 01:25 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-12-13 23:09 - 2016-11-11 01:25 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-12-13 23:09 - 2016-11-11 01:25 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2016-12-13 23:09 - 2016-11-11 01:25 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-12-13 23:09 - 2016-11-11 01:25 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2016-12-13 23:09 - 2016-11-11 01:24 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2016-12-13 23:09 - 2016-11-11 01:24 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-12-13 23:09 - 2016-11-11 01:23 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-12-13 23:09 - 2016-11-11 01:23 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\EAMProgressHandler.dll
2016-12-13 23:09 - 2016-11-11 01:22 - 00489472 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-12-13 23:09 - 2016-11-11 01:22 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-12-13 23:09 - 2016-11-11 01:21 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-12-13 23:09 - 2016-11-11 01:21 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-12-13 23:09 - 2016-11-11 01:21 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-12-13 23:09 - 2016-11-11 01:20 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-12-13 23:09 - 2016-11-11 01:20 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2016-12-13 23:09 - 2016-11-11 01:20 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2016-12-13 23:09 - 2016-11-11 01:20 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupugc.exe
2016-12-13 23:09 - 2016-11-11 01:20 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-12-13 23:09 - 2016-11-11 01:19 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2016-12-13 23:09 - 2016-11-11 01:19 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2016-12-13 23:09 - 2016-11-11 01:19 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2016-12-13 23:09 - 2016-11-11 01:18 - 17188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-12-13 23:09 - 2016-11-11 01:18 - 02084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2016-12-13 23:09 - 2016-11-11 01:18 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2016-12-13 23:09 - 2016-11-11 01:14 - 07654400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-12-13 23:09 - 2016-11-11 01:13 - 07812096 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-12-13 23:09 - 2016-11-11 01:13 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcuiu.dll
2016-12-13 23:09 - 2016-11-11 01:12 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcprx.dll
2016-12-13 23:09 - 2016-11-11 01:11 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2016-12-13 23:09 - 2016-11-11 01:09 - 00164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
2016-12-13 23:09 - 2016-11-11 01:07 - 03441152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2016-12-13 23:09 - 2016-11-11 01:07 - 02953216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2016-12-13 23:09 - 2016-11-11 01:07 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-12-13 23:09 - 2016-11-11 01:07 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2016-12-13 23:09 - 2016-11-11 01:06 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2016-12-13 23:09 - 2016-11-11 01:06 - 00960000 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-12-13 23:09 - 2016-11-11 01:05 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-12-13 23:09 - 2016-11-11 01:05 - 01031680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-12-13 23:09 - 2016-11-11 01:04 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2016-12-13 23:09 - 2016-11-11 01:04 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2016-12-13 23:09 - 2016-11-11 01:04 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2016-12-13 23:09 - 2016-11-11 01:04 - 01232384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-12-13 23:09 - 2016-11-11 01:04 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-12-13 23:09 - 2016-11-11 01:03 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-12-13 23:09 - 2016-11-11 01:03 - 02669056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-12-13 23:09 - 2016-11-11 01:03 - 02287616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-12-13 23:09 - 2016-11-11 01:03 - 00905216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-12-13 23:09 - 2016-11-11 01:03 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-12-13 23:09 - 2016-11-11 01:03 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-12-13 23:09 - 2016-11-11 01:03 - 00632320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-12-13 23:09 - 2016-11-11 01:02 - 00936448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-12-13 23:08 - 2016-12-09 02:28 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-12-13 23:08 - 2016-12-09 02:18 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2016-12-13 23:08 - 2016-12-09 02:18 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2016-12-13 23:08 - 2016-12-09 02:18 - 00947552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2016-12-13 23:08 - 2016-12-09 02:18 - 00811872 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2016-12-13 23:08 - 2016-12-09 02:09 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2016-12-13 23:08 - 2016-12-09 01:38 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-12-13 23:08 - 2016-12-09 01:37 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-12-13 23:08 - 2016-12-09 01:36 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-12-13 23:08 - 2016-12-09 01:26 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-12-13 23:08 - 2016-12-09 01:24 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-12-13 23:08 - 2016-12-09 01:21 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2016-12-13 23:08 - 2016-11-11 02:22 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-12-13 23:08 - 2016-11-11 02:00 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-12-13 23:08 - 2016-11-11 02:00 - 00219488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2016-12-13 23:08 - 2016-11-11 01:56 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2016-12-13 23:08 - 2016-11-11 01:56 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-12-13 23:08 - 2016-11-11 01:26 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-12-13 23:08 - 2016-11-11 01:26 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2016-12-13 23:08 - 2016-11-11 01:25 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2016-12-13 23:08 - 2016-11-11 01:24 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-12-13 23:08 - 2016-11-11 01:24 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2016-12-13 23:08 - 2016-11-11 01:22 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\EDPCleanup.exe
2016-12-13 23:08 - 2016-11-11 01:21 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2016-12-13 23:08 - 2016-11-11 01:20 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2016-12-13 23:08 - 2016-11-11 01:19 - 00620544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-12-13 23:08 - 2016-11-11 01:19 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-12-13 23:08 - 2016-11-11 01:16 - 00560128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2016-12-13 23:08 - 2016-11-11 01:11 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-12-13 23:08 - 2016-11-11 01:11 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-12-13 23:08 - 2016-11-11 01:07 - 01691136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-12-13 23:08 - 2016-11-11 01:02 - 03542016 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-12-06 00:54 - 2016-12-06 01:05 - 326305224 _____ (Microsoft Corporation) C:\Users\loriza\Downloads\Office_HS_2007_English_x32-1.exe
2016-12-06 00:53 - 2016-12-06 01:06 - 326305224 _____ (Microsoft Corporation) C:\Users\loriza\Downloads\Office_HS_2007_English_x32.exe
2016-12-05 22:54 - 2016-12-05 22:54 - 00000000 ____D C:\Users\loriza\AppData\Local\Deployment
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-29 20:56 - 2015-02-06 23:03 - 00019876 _____ C:\Users\loriza\Downloads\FRST.txt
2016-12-29 20:55 - 2015-02-05 11:28 - 02193920 _____ (Farbar) C:\Users\loriza\Downloads\FRST64.exe
2016-12-29 20:55 - 2014-10-31 22:31 - 00000000 ____D C:\FRST
2016-12-29 20:49 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-12-29 20:47 - 2011-03-26 15:48 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2016-12-29 20:36 - 2016-09-28 21:16 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-12-29 20:36 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\system32\sru
2016-12-28 22:53 - 2016-09-28 21:22 - 01833678 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-12-28 22:50 - 2015-05-12 18:30 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-12-28 22:50 - 2011-03-26 14:50 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2016-12-28 22:47 - 2016-09-28 21:49 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-12-28 22:46 - 2016-09-28 21:23 - 00000000 ____D C:\Users\loriza
2016-12-28 22:46 - 2016-07-15 22:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2016-12-28 20:29 - 2015-07-02 12:18 - 00000000 ____D C:\ProgramData\Oracle
2016-12-28 14:40 - 2016-08-09 19:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-12-28 14:40 - 2011-07-26 23:56 - 00000000 ____D C:\Program Files (x86)\Java
2016-12-28 14:06 - 2016-08-09 19:35 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-12-28 14:01 - 2016-11-15 15:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-28 12:59 - 2016-11-26 23:43 - 00000000 ____D C:\Users\loriza\AppData\LocalLow\Mozilla
2016-12-28 11:24 - 2015-01-17 09:27 - 00000000 ____D C:\AdwCleaner
2016-12-26 19:32 - 2016-10-04 14:09 - 00007098 _____ C:\WINDOWS\PFRO.log
2016-12-26 09:38 - 2015-12-02 19:32 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-12-26 01:44 - 2016-07-25 12:02 - 00000000 ____D C:\Users\loriza\AppData\Local\MicrosoftEdge
2016-12-25 23:07 - 2011-08-03 06:52 - 00000000 ____D C:\Users\loriza\AppData\Local\Google
2016-12-25 22:47 - 2015-12-02 22:25 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\loriza\Downloads\rkill(1).exe
2016-12-25 20:43 - 2016-09-28 21:23 - 00000000 ___RD C:\Users\lori\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2016-12-25 20:43 - 2016-09-28 21:23 - 00000000 ___RD C:\Users\Jes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2016-12-25 20:43 - 2016-09-28 21:23 - 00000000 ___RD C:\Users\DefaultAppPool.IIS APPPOOL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2016-12-25 20:09 - 2016-04-16 07:22 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-12-23 00:25 - 2011-06-29 22:49 - 00000000 ____D C:\Users\loriza\AppData\Roaming\SoftGrid Client
2016-12-21 16:29 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-12-21 16:29 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-12-20 19:03 - 2016-09-28 21:23 - 00000000 ____D C:\Users\DefaultAppPool.IIS APPPOOL
2016-12-20 18:31 - 2016-09-28 21:18 - 00014420 _____ C:\WINDOWS\setupact.log
2016-12-16 18:17 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\rescache
2016-12-16 17:56 - 2016-09-28 21:16 - 00401112 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-12-16 17:53 - 2016-07-16 03:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-12-16 17:53 - 2016-07-16 03:47 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2016-12-16 17:53 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2016-12-16 17:53 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-12-16 17:53 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\system32\sr-Latn-CS
2016-12-16 17:53 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-12-16 17:53 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-12-16 17:53 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-12-16 17:53 - 2016-07-15 22:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-12-16 17:53 - 2016-07-15 22:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-12-16 17:53 - 2016-07-15 22:04 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-12-16 17:53 - 2016-07-15 22:04 - 00000000 ____D C:\WINDOWS\servicing
2016-12-16 12:27 - 2016-07-16 03:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-12-13 23:52 - 2013-08-15 18:19 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-12-13 23:48 - 2011-07-02 19:54 - 135632432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-12-13 22:45 - 2016-07-16 03:42 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-12-13 21:25 - 2016-07-25 11:22 - 00000000 ____D C:\Users\loriza\AppData\Local\Packages
2016-12-11 15:56 - 2016-07-16 03:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-12-11 15:56 - 2016-07-16 03:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-06 00:58 - 2013-12-15 14:27 - 234299824 _____ C:\Users\loriza\Downloads\OJ4500vG510g-m_Full_13_en.exe
2016-12-04 08:20 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-12-02 10:39 - 2016-03-22 09:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
==================== Files in the root of some directories =======
2014-05-09 23:04 - 2014-05-24 09:29 - 0000000 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2011-06-13 16:15 - 2015-02-08 22:38 - 0000000 _____ () C:\Users\loriza\AppData\Roaming\CIOSupport
2011-06-13 16:25 - 2011-06-13 16:25 - 0000268 ___RH () C:\Users\loriza\AppData\Roaming\Galactic Static
2011-06-13 16:25 - 2011-06-13 16:25 - 0000268 ___RH () C:\Users\loriza\AppData\Roaming\Galaxy Swirl
2016-07-11 07:59 - 2016-07-11 07:59 - 0000867 _____ () C:\Users\loriza\AppData\Local\recently-used.xbel
2012-04-03 11:27 - 2012-04-03 11:27 - 0000017 _____ () C:\Users\loriza\AppData\Local\resmon.resmoncfg
2016-11-04 11:14 - 2016-11-04 11:14 - 0000000 _____ () C:\Users\loriza\AppData\Local\rx_image32.Cache
2016-07-29 15:12 - 2016-07-29 15:12 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-02-08 22:38 - 2015-02-08 22:38 - 0000000 _____ () C:\ProgramData\Bass Reduction
2015-02-08 22:38 - 2015-02-08 22:38 - 0000000 _____ () C:\ProgramData\Bundle
2015-02-08 22:38 - 2015-02-08 22:38 - 0000000 _____ () C:\ProgramData\Carbon
2011-06-13 16:25 - 2011-06-13 16:25 - 0000268 ___RH () C:\ProgramData\Grand Piano
2011-06-13 16:25 - 2011-06-13 16:25 - 0000268 ___RH () C:\ProgramData\Grapher
2013-12-21 22:08 - 2013-12-21 22:08 - 0000417 _____ () C:\ProgramData\hpzinstall.log
2011-06-13 16:22 - 2015-02-03 19:38 - 0000020 ____H () C:\ProgramData\PKP_DLbx.DAT
2011-06-13 16:25 - 2011-06-13 16:25 - 0000020 ____H () C:\ProgramData\PKP_DLck.DAT
2011-06-13 16:15 - 2015-02-08 22:38 - 0000000 ____H () C:\ProgramData\PKP_DLdu.DAT
Files to move or delete:
====================
C:\Users\loriza\SETUP.EXE

Some files in TEMP:
====================
C:\Users\loriza\AppData\Local\Temp\dllnt_dump.dll
C:\Users\loriza\AppData\Local\Temp\jre-8u111-windows-au.exe
C:\Users\loriza\AppData\Local\Temp\libeay32.dll
C:\Users\loriza\AppData\Local\Temp\msvcr120.dll
C:\Users\loriza\AppData\Local\Temp\rk.exe
C:\Users\loriza\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-28 23:30
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
Ran by loriza (2016-12-29 20:57:38)
Running from C:\Users\loriza\Downloads
Windows 10 Home (X64) (2016-09-29 05:53:26)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-3246205657-874441744-2172450925-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3246205657-874441744-2172450925-503 - Limited - Disabled)
Guest (S-1-5-21-3246205657-874441744-2172450925-501 - Limited - Disabled)
Jes (S-1-5-21-3246205657-874441744-2172450925-1006 - Limited - Enabled) => C:\Users\Jes
lori (S-1-5-21-3246205657-874441744-2172450925-1008 - Administrator - Enabled) => C:\Users\lori
loriza (S-1-5-21-3246205657-874441744-2172450925-1001 - Administrator - Enabled) => C:\Users\loriza
pat (S-1-5-21-3246205657-874441744-2172450925-1009 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.18) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.18 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Advanced SystemCare 5 (HKLM-x32\...\Advanced SystemCare 5_is1) (Version: 5.2.0 - IObit)
AML Free Registry Cleaner 4.25 (HKLM-x32\...\{315F5FFC-1A5C-4A2A-B8E7-1C5B1174C198}_is1) (Version: - AML SOFT, Inc.)
AVG 2014 (Version: 14.0.3705 - AVG Technologies) Hidden
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MP450 (HKLM\...\{CF23AFD7-3078-4134-8823-EBF6D1FE6FAD}) (Version: - )
Canon MX450 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX450_series) (Version: 1.00 - Canon Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.47 - Dell)
Dell DataSafe Online (HKLM-x32\...\{C53BCCBE-9268-4C09-82E9-611444A73B3F}) (Version: 2.10.1.3 - Dell)
Dell Driver Download Manager (HKU\S-1-5-21-3246205657-874441744-2172450925-1001\...\bd4d3a0508d364f5) (Version: 3.0.0.0 - Dell Inc)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{F336F89D-8C5A-432C-8EA9-DA19377AD591}) (Version: 1.4.162.0 - Fingertapps)
Dell Perks Webslice IE8 (HKLM-x32\...\{CF67ED0C-F85D-4791-AED3-3FE882EDB45D}) (Version: 8.0 - Nextjump Inc)
Dell PhotoStage (HKLM-x32\...\{0D98F04D-11A1-4B64-A406-43292B9EEE90}) (Version: 1.5.0.130 - ArcSoft)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.130 - ArcSoft)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.0.6 - Dell Inc.)
Dell Stage (HKLM-x32\...\{FE182796-F6BA-486A-8590-89B7E8D1D60F}) (Version: 1.7.209.0 - Fingertapps)
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5907.29 - Dell Inc.)
Dell Support Center (Version: 3.1.5907.29 - PC-Doctor, Inc.) Hidden
Dell System Detect (HKU\S-1-5-21-3246205657-874441744-2172450925-1001\...\58d94f3ce2c27db0) (Version: 7.11.0.6 - Dell)
Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.1.1.1408 - CyberLink Corp.)
Dell VideoStage (x32 Version: 1.1.1.1408 - CyberLink Corp.) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
EmailStripper 2.2 (HKLM-x32\...\EmailStripper_is1) (Version: - PaperCut Software Pty Ltd)
File Uploader (HKLM-x32\...\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}) (Version: 1.2.5 - Nikon)
Games Manager (HKU\S-1-5-21-3246205657-874441744-2172450925-1001\...\GamesManager) (Version: 2.13.5.801 - iWin Inc.)
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
Glary Utilities 5.52 (HKLM-x32\...\Glary Utilities 5) (Version: 5.52.0.73 - Glarysoft Ltd)
HP Dropbox Plugin (HKLM-x32\...\{23617173-F935-4C17-A323-EB1207F3ED49}) (Version: 36.0.31.53050 - Hewlett-Packard Co.)
HP ENVY 4520 series Basic Device Software (HKLM\...\{AA543771-C534-4954-831A-9862C626796F}) (Version: 36.0.72.54013 - Hewlett-Packard Co.)
HP Google Drive Plugin (HKLM-x32\...\{AFF80405-E56A-48E7-98FC-8E46E261949F}) (Version: 36.0.31.53050 - Hewlett-Packard Co.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6289.0 - IDT)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2202 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )
Internet Explorer (x32 Version: 8 - Microsoft Corporation) Hidden
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Malwarebytes version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23824 (HKLM-x32\...\{aa0a3183-d329-4308-b8eb-4ed9fbe0a010}) (Version: 14.0.23824.1 - Microsoft Corporation)
Mozilla Firefox 50.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.0.2 (x86 en-US)) (Version: 50.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.0.2.6177 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Photo Explosion Deluxe 3.0 (HKLM-x32\...\{1034BE34-1569-4889-831D-C2C3F2CB2F73}) (Version: 3.0.1.5 - Nova Development)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.)
RogueKiller version 12.9.0.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.9.0.0 - Adlice Software)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
TrustedID (HKLM-x32\...\{C16A92EF-017B-4839-9C75-FBADB5A1FA27}) (Version: 5.0 - TrustedID)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Virtual Pool 4 Online (HKLM-x32\...\{5A6D5262-319B-4E74-A631-8EBF3D3952AC}) (Version: 4.4.9.0 - Celeris)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.1100 - Broadcom Corporation)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17332 - Microsoft Corporation)
Windows Driver Package - Broadcom Corporation (BTHUSB) Bluetooth (03/24/2010 6.3.0.2501) (HKLM\...\AF09E130E2FD4D1BEFD1B9132AE624BAE0364719) (Version: 03/24/2010 6.3.0.2501 - Broadcom Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3246205657-874441744-2172450925-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\loriza\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileCoAuth.exe (Microsoft Corporation)
==================== Restore Points =========================

==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 18:34 - 2016-04-01 01:07 - 00000826 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {03896D04-23AB-4F74-A27D-B1B71EE41E2C} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\MDMMaintenenceTask => C:\Windows\system32\MDMAgent.exe [2016-07-16] (Microsoft Corporation)
Task: {04A88B20-C060-429C-8BA4-ACDB8E187F10} - \SystemToolsDailyTest -> No File <==== ATTENTION
Task: {08FB5EF9-12B9-43D2-BC17-9AC4C8D1C4E4} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {0C55893D-80C3-47CB-A26A-20FA9B99F223} - System32\Tasks\Microsoft\Windows\ErrorDetails\ErrorDetailsUpdate
Task: {0C80B414-3A8D-408E-ACF2-7A23AB47853C} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {0EDAB967-6F8B-49EF-A38C-E85862526B1B} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {0FDB99F5-9073-47D2-B82B-BA1A30DFAAAA} - System32\Tasks\Microsoft\XblGameSave\XblGameSaveTaskLogon => C:\Windows\System32\XblGameSaveTask.exe [2016-07-16] (Microsoft Corporation)
Task: {111293AB-1027-4BBC-89CD-022DD581C38E} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\Pogo Games\PogoDGC.exe
Task: {112EBA34-2ABA-493A-A4EA-B83FAEC59B89} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2016-05-29] (Glarysoft Ltd)
Task: {11EF8237-224D-4CF9-9039-61D08754EA5D} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\system32\compattelrunner.exe [2016-10-14] (Microsoft Corporation)
Task: {132FDE90-9578-4F72-B2FC-FB8CC9AA74E2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {159DAAD7-4383-47BF-9DFA-BE5F6E7027CA} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {16A1238F-97F0-4C87-9211-A17DBD222769} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {16DEA092-FB0C-40D0-AE20-0536BECC21D9} - System32\Tasks\Microsoft\Windows\EDP\EDP App Launch Task
Task: {170E208A-73E5-479E-9882-A0EE89D11D89} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {184784E2-6ACB-4154-BD0F-A955BE13F177} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePolicyChange
Task: {19B28843-F75A-4E36-86F7-FD02AD0383D3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {1B65DD58-D16B-45E8-BEB4-94D7E4D64DF7} - System32\Tasks\Microsoft\Windows\EDP\EDP Auth Task
Task: {23705BBC-33DD-4B07-985E-7C2B9B235C8D} - System32\Tasks\Microsoft\XblGameSave\XblGameSaveTask => C:\Windows\System32\XblGameSaveTask.exe [2016-07-16] (Microsoft Corporation)
Task: {249B2FA8-4EBA-4477-9954-98C0AB804C8A} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {24A8E51B-A51F-4431-984A-BF1B7CD21398} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {29FAE714-33AC-49A1-8631-55671FEA43BD} - \Safer-Networking\Spybot - Search and Destroy\Refresh immunization -> No File <==== ATTENTION
Task: {2B411DAF-58D7-4783-B4DE-E8AB620F5BD5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {311F65D8-BF91-4A34-BD25-E60AE10896FD} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {321438A0-7C98-4792-8E8C-D1B9524E7005} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {382CDF17-36C3-46DE-9881-BB92A3A4B4CE} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {39F93FC2-40F6-4D9F-B55D-78CA24B2C0EF} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {3BF0D639-2133-4278-BB24-FB203CF39299} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {3D39C835-51AA-420D-9361-DC713B8B3041} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {3D60F87C-2E47-42D0-A1A1-7AF6D0F924CD} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {42E85CF5-1942-4BC0-BCBB-522749B68999} - System32\Tasks\{1ED317C3-F12B-4110-9766-0DD17C7E11C1} => pcalua.exe -a C:\Users\lori\Downloads\RegpairSetup(1).exe -d C:\Users\lori\Downloads
Task: {43DF67E8-D733-48FA-98F2-4E6D341E4A79} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattelrunner.exe [2016-10-14] (Microsoft Corporation)
Task: {447C3E03-062E-4B32-8ADD-AE8DFFBDE8AA} - \{7E790447-0C78-0B04-0A11-7F790409110C} -> No File <==== ATTENTION
Task: {4F75758B-9209-4AB1-84C6-FFFE06E659F1} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {51B7FB15-4DCB-400E-9A98-10E802F21FB3} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceScreenOnOff
Task: {5654DFBB-E797-4758-B9A0-8BAE94A91F1D} - System32\Tasks\Microsoft\Windows\DUSM\dusmtask => C:\Windows\System32\dusmtask.exe [2016-07-16] (Microsoft Corporation)
Task: {5FAAF530-ED1B-4F7B-AD7B-1694AA0B202B} - System32\Tasks\Microsoft\Windows\CertificateServicesClient\CryptoPolicyTask
Task: {5FC3EEBD-77ED-4EE0-AC7E-E1963888B904} - System32\Tasks\Microsoft\Windows\Management\Provisioning\Logon => C:\Windows\system32\ProvTool.exe [2016-09-28] (Microsoft Corporation)
Task: {6232090F-3BD0-4E1F-960B-78CBA797F685} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\HandleWnsCommand
Task: {655A3437-0EEF-4D9E-99E6-6D9CADA0EBBC} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {679B8254-E870-403B-BDFB-E8F686EE7664} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {6B1AE720-1359-4B9E-9C0F-60167361EF01} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefreshTask
Task: {6D1C0035-5CAD-4340-A533-D63C9853BCC9} - System32\Tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Management Initialization
Task: {6E8AE752-C5D2-4B34-B351-338B4370A342} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\HandleCommand
Task: {71D585F3-E200-43A1-9A6C-3205D6E0C91D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {73B35DCC-F677-482B-880F-6E7D5ED66720} - \PCDEventLauncher -> No File <==== ATTENTION
Task: {74EA9E59-9012-40E6-BD4B-A6B10EE1ECF8} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {7AC5E1E2-2FD3-40CD-8842-88CE53A3609C} - System32\Tasks\Microsoft\Windows\DiskFootprint\StorageSense
Task: {7CCCF576-ED5A-4A5D-8FCB-00A887B5A12C} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {8079C95C-36D4-41F6-A1A7-8107E296500C} - System32\Tasks\{2C79EBA4-A801-43E9-BFBA-2B0FC7667EDE} => pcalua.exe -a "D:\Oberon Media\Bejeweled 2 Deluxe\Uninstall.exe" -d "D:\Oberon Media\Bejeweled 2 Deluxe"
Task: {820ED441-D60C-4A40-9A8E-1E1834D86B35} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {856A49E6-491F-4916-9F83-6041A52FC534} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {896F741F-F274-49E6-B7E6-46CA2E4BB28B} - System32\Tasks\{8E3C8836-0D6C-4E5D-9CCD-54FC7C7C1A1E} => C:\Users\loriza\Desktop\New folder (4)\VALUEADD\MSFT\USMT\SCANSTATE.EXE
Task: {89746ACB-1E93-4257-8F2D-B380A0FF4784} - \Safer-Networking\Spybot - Search and Destroy\Check for updates -> No File <==== ATTENTION
Task: {8CFFD43F-4DA1-4A78-BA93-A6AEDB0ACD5E} - System32\Tasks\{527855A0-6210-4E53-9F58-73EDD9BC80BD} => C:\Users\loriza\Desktop\New folder (4)\VALUEADD\MSFT\USMT\SCANSTATE.EXE
Task: {8D791FAA-0257-4EBC-A6DD-74E842528806} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceSettingChange
Task: {8DDC8D61-75D1-4366-B183-AAC7DB04E756} - \Microsoft\Windows\Setup\EOONotify -> No File <==== ATTENTION
Task: {8EE5E8D5-008F-4E12-9EE4-02CB8BF79C03} - System32\Tasks\Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate
Task: {8F6EF23F-8403-4D36-9792-898D00D5086B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {91F3C152-6A3D-4AC7-B80C-9A173187979A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {9414956B-0ADE-4F2B-95E4-AA3AFA5B860B} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2016-05-29] (Glarysoft Ltd)
Task: {96E45829-8865-4B72-BF19-55A09A76013B} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {980073F0-2646-4371-A174-6EFACA28795B} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {9851188E-AC07-4F36-BA28-6D00BB2C9C46} - System32\Tasks\Microsoft\Windows\Device Information\Device => C:\Windows\system32\devicecensus.exe [2016-10-14] (Microsoft Corporation)
Task: {9CACAC9C-CAD6-424C-B9AA-C747708ACFB7} - \PCDoctorBackgroundMonitorTask -> No File <==== ATTENTION
Task: {9DB1B030-2175-4A44-8B13-708A62E7828E} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {A03DA689-D42B-4082-8E05-6C610FC9DB5E} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {A1BDA6E9-A89E-484C-B23F-F6ABFAEA91D9} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\loriza\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-08-24] (Microsoft Corporation)
Task: {ACC525D8-8217-4FCD-9102-86C5ACC5F171} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {B092F5C0-E250-4B0F-8E41-3132B3CF83F2} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {B0A54FC9-D722-46B4-9856-8BF5996AC967} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {B320E058-C6FA-413F-876B-0C9B4428AE66} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic6
Task: {B4148E6F-C1DA-4077-8B7A-09AD76DC9718} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {B5A962E6-B80A-40B5-A49A-9870103320ED} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {B6EE76B2-4F82-4E15-9345-C867A29CBAD0} - System32\Tasks\Microsoft\Windows\Speech\SpeechModelDownloadTask => C:\Windows\system32\speech_onecore\common\SpeechModelDownload.exe [2016-09-28] (Microsoft Corporation)
Task: {B88613CE-F282-482E-86E4-10CC668EDA3A} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {BCF1C26D-F788-4102-8FBA-7A4497A3A6C6} - System32\Tasks\Microsoft\Windows\License Manager\TempSignedLicenseExchange
Task: {BDDEF317-2692-422F-AEA2-FFD67DC7CEA3} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterUserDevice
Task: {C125018F-0B81-4B64-B7DC-0E01220E5D0E} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceAccountChange
Task: {C4B16055-4867-44E9-A627-247FCE454594} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {C6B2579B-4962-4D12-883D-BBD420573A6C} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic1
Task: {CC636E49-0109-402B-A40B-A37C29069A95} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\LocateCommandUserSession
Task: {CFE2711D-34D9-4771-AD56-530286465B3B} - System32\Tasks\{0AEC5B87-C828-4CBE-BB92-77294816B574} => pcalua.exe -a C:\Users\loriza\Downloads\HijackThis.exe -d C:\Users\loriza\Downloads
Task: {D14B283E-0074-4CDA-AC11-F4265E7E23C4} - System32\Tasks\{57CFF256-5EC7-409D-A10C-6A4AC90954E9} => pcalua.exe -a D:\OJ4500vG510g-m_Full_13_en.exe -d D:\
Task: {D19A2726-897E-4F7D-9CE4-0773B449CE9E} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceConnectedToNetwork
Task: {D2BA373D-22E7-4C43-A6E0-25CCC65D10A1} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {D394BE25-2E16-45D4-AAB2-3E8861A09351} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitorToastTask
Task: {D3C4106A-D511-42C6-9716-465644534C87} - System32\Tasks\microsoft\windows\applicationdata\appuriverifierinstall => C:\Windows\system32\AppHostRegistrationVerifier.exe [2016-07-16] (Microsoft Corporation)
Task: {D4318E1D-CEE6-4E4F-B223-2F63C38057BE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {D768E53C-6579-4289-867D-C061431198B8} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {D86EA716-02CB-416A-823A-3D9188CB0AAD} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {D941F53F-7907-4FBE-B1E7-69EBD5B3A5D8} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceLocationRightsChange
Task: {DA341AF4-ADCA-4854-BCD0-714CBECCBE7B} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {DDAECFC0-67E3-4062-BF25-CD685F73B394} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\IntegrityCheck
Task: {E490FC15-B2CD-42D9-BCB6-6A79C62279E8} - System32\Tasks\{FF2F81BF-2DA7-4AA9-A303-17D9A7CF8178} => pcalua.exe -a "C:\Users\loriza\Downloads\emailstripper-installer (1).exe" -d C:\Users\loriza\Desktop
Task: {E4AED428-1AB5-4EA5-9C91-DE16E32D1D33} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceManagerTask => C:\Windows\system32\spaceman.exe [2016-09-15] (Microsoft Corporation)
Task: {E71E2B4E-2DFB-4E44-A294-442580B6250E} - \Safer-Networking\Spybot - Search and Destroy\Scan the system -> No File <==== ATTENTION
Task: {E7B04252-97CA-42C6-9920-F58B76B2C3E1} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic24
Task: {EA9BAA00-6604-4A27-8A73-AFA65F0EE1B3} - System32\Tasks\Microsoft\Windows\SharedPC\Account Cleanup => Rundll32.exe %windir%\System32\Windows.SharedPC.AccountManager.dll,StartMaintenance
Task: {EBDC112C-F2D6-4772-BFFF-55BCD4A06490} - System32\Tasks\{6DDFDDB8-DA66-4243-A057-0705885E7C8F} => pcalua.exe -a D:\setup.EXE -d D:\ -c /AUTORUN
Task: {ECEDC57D-8965-4EB1-BD6F-84791D928E23} - System32\Tasks\microsoft\windows\applicationdata\appuriverifierdaily => C:\Windows\system32\AppHostRegistrationVerifier.exe [2016-07-16] (Microsoft Corporation)
Task: {F06DC05C-A7D2-40E8-AFEC-06DCB90E49ED} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {F4E63E6F-4789-4284-BB2F-A78446CFD210} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-21] (Adobe Systems Incorporated)
Task: {F63C1DC5-1AF2-4FD3-860E-42D6B8E26833} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {F8E044D9-014C-4DC8-A86C-270429F9B173} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {FC179A76-641A-437A-9109-15E964852C8F} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (Whitelisted) ==============
2016-07-16 03:42 - 2016-07-16 03:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-13 23:09 - 2016-12-09 02:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-26 09:39 - 2016-12-14 12:55 - 02259232 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2016-12-26 09:39 - 2016-12-14 12:55 - 02813904 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2016-12-26 09:39 - 2016-12-14 12:55 - 02247632 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-12-13 23:09 - 2016-12-09 02:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-28 21:57 - 2016-09-28 21:57 - 01864384 _____ () C:\Users\loriza\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\ClientTelemetry.dll
2014-01-20 13:02 - 2011-11-10 22:43 - 00155480 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCv5ExtMenu_64.dll
2016-09-28 22:08 - 2016-09-28 22:08 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-12-13 23:10 - 2016-12-09 01:41 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-11-09 06:28 - 2016-11-02 02:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-09 06:28 - 2016-11-02 02:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-09 06:28 - 2016-11-02 02:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-09 06:28 - 2016-11-02 02:15 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-11-09 06:28 - 2016-11-02 02:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-09 06:28 - 2016-11-02 02:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2012-11-26 22:54 - 2012-11-26 22:54 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-12-26 07:53 - 2016-12-26 10:18 - 25770568 _____ () C:\Program Files\RogueKiller\RogueKiller64.exe
2016-11-09 06:28 - 2016-11-02 02:13 - 00114176 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Dss.BackgroundTask.dll
2014-01-20 13:02 - 2011-04-21 16:54 - 00347024 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 5\madExcept_.bpl
2014-01-20 13:02 - 2011-04-21 16:54 - 00179088 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 5\madBasic_.bpl
2014-01-20 13:02 - 2011-04-21 16:54 - 00046480 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 5\madDisAsm_.bpl
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Program Files\Dell Support Center:Win32App_1
AlternateDataStreams: C:\Program Files\GIMP 2:Win32App_1
AlternateDataStreams: C:\Program Files\IDT:Win32App_1
AlternateDataStreams: C:\Program Files\Microsoft IntelliPoint:Win32App_1
AlternateDataStreams: C:\Program Files\RogueKiller:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Adobe:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Dell DataSafe Local Backup:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Microsoft Application Virtualization Client:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Microsoft Office:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Microsoft SQL Server Compact Edition:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Mozilla Firefox:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\MSXML 4.0:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Roxio:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\System Registration:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Windows Live:Win32App_1
AlternateDataStreams: C:\WINDOWS\SysWOW64:Win32App_1
AlternateDataStreams: C:\Program Files\Common Files\microsoft shared:Win32App_1
AlternateDataStreams: C:\ProgramData\HP:Win32App_1
AlternateDataStreams: C:\ProgramData\Ulead Systems:Win32App_1
AlternateDataStreams: C:\Users\loriza\Documents\contingency removal.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\loriza\Documents\contingency removal.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52} => ""="Firmware"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52} => ""="Firmware"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-3246205657-874441744-2172450925-1001\...\driversupport.com -> hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-3246205657-874441744-2172450925-1001\...\driversupport.com -> hxxps://apps.driversupport.com
IE restricted site: HKU\S-1-5-21-3246205657-874441744-2172450925-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3246205657-874441744-2172450925-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3246205657-874441744-2172450925-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3246205657-874441744-2172450925-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3246205657-874441744-2172450925-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3246205657-874441744-2172450925-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3246205657-874441744-2172450925-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3246205657-874441744-2172450925-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3246205657-874441744-2172450925-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3246205657-874441744-2172450925-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3246205657-874441744-2172450925-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3246205657-874441744-2172450925-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3246205657-874441744-2172450925-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3246205657-874441744-2172450925-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3246205657-874441744-2172450925-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3246205657-874441744-2172450925-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3246205657-874441744-2172450925-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3246205657-874441744-2172450925-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3246205657-874441744-2172450925-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3246205657-874441744-2172450925-1001\...\1-se.com -> 1-se.com
There are 11404 more restricted sites.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3246205657-874441744-2172450925-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\loriza\Pictures\SPECIAL PICS I LIKE\IM0064~1.JPG
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Online Shield Starter Service => 2
MSCONFIG\Services: QHActiveDefense => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupreg: ACUW09EN => "C:\Program Files\ACD Systems\ACDSee Ultimate\9.0\acdIDInTouch2.exe"
MSCONFIG\startupreg: Dell Registration => C:\Program Files (x86)\System Registration\prodreg.exe /boot
MSCONFIG\startupreg: Desktop Disc Tool => "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: IntelliPoint => "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
MSCONFIG\startupreg: IntelWireless => "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QHSafeTray => "C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe" /start
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe
HKU\S-1-5-21-3246205657-874441744-2172450925-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3246205657-874441744-2172450925-1001\...\StartupApproved\Run: => "HP ENVY 4520 series (NET)"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [WirelessDisplay-Infra-In-TCP] => (Allow) %systemroot%\system32\CastSrv.exe
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{66EC3103-9429-4713-80E8-57748AE42B42}] => (Allow) C:\Program Files\HP\HP ENVY 4520 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{18BF9725-677D-48F4-8318-B7478F8F5EE6}] => (Allow) LPort=5357
FirewallRules: [{69F87508-09ED-4BA3-A990-D695C3F1B0BF}] => (Allow) C:\Program Files\HP\HP ENVY 4520 series\Bin\DeviceSetup.exe
FirewallRules: [{CBAABBF4-1FD3-4574-9667-65AC155236BD}] => (Allow) C:\Program Files (x86)\Dell\VideoStage\VideoStage.exe
FirewallRules: [TCP Query User{5A6C7DBE-4D54-47E5-9560-8668CAA7E317}C:\program files (x86)\dell\dell datasafe online\nobuclient.exe] => (Allow) C:\program files (x86)\dell\dell datasafe online\nobuclient.exe
FirewallRules: [UDP Query User{103A9C22-2326-4762-BA40-E6A199CE8E7B}C:\program files (x86)\dell\dell datasafe online\nobuclient.exe] => (Allow) C:\program files (x86)\dell\dell datasafe online\nobuclient.exe
FirewallRules: [TCP Query User{135DE5C7-170F-482F-B9DE-1116242A4283}C:\program files (x86)\dell\dell datasafe online\nobuclient.exe] => (Allow) C:\program files (x86)\dell\dell datasafe online\nobuclient.exe
FirewallRules: [UDP Query User{80B3C88D-8C0B-4C59-BD76-8005BE8CB1C0}C:\program files (x86)\dell\dell datasafe online\nobuclient.exe] => (Allow) C:\program files (x86)\dell\dell datasafe online\nobuclient.exe
FirewallRules: [TCP Query User{0A9BF242-1BCB-4468-8392-B17EA18680C5}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{2FE3A8C7-D535-48D9-B5F6-48DCAF5271EE}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{2A3F1586-4BB9-4E49-8021-47BA2D9A8A70}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{195270D5-8AF6-484F-891B-72949FF27925}] => (Allow) C:\Program Files (x86)\iWin Games\iWinGames.exe
FirewallRules: [{1D0B0B77-3166-4FBB-A81C-83771AFAC131}] => (Allow) C:\Program Files (x86)\iWin Games\iWinGames.exe
FirewallRules: [{F2CD57A5-726C-4F51-B7D6-366E5A356C37}] => (Allow) C:\Program Files (x86)\iWin Games\WebUpdater.exe
FirewallRules: [{AAD5529F-E109-45BC-8890-4E0E87E03F60}] => (Allow) C:\Program Files (x86)\iWin Games\WebUpdater.exe
FirewallRules: [TCP Query User{E5DA4ED1-A543-4B75-B7BC-46EB22DD586F}C:\program files (x86)\360\total security\safemon\qhsafetray.exe] => (Allow) C:\program files (x86)\360\total security\safemon\qhsafetray.exe
FirewallRules: [UDP Query User{9C1EB4A6-2638-4892-949D-6D8566E6C0A5}C:\program files (x86)\360\total security\safemon\qhsafetray.exe] => (Allow) C:\program files (x86)\360\total security\safemon\qhsafetray.exe
FirewallRules: [{8F0E7764-4C99-4C6A-B36D-7C1910C01A12}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{515E7DC7-0975-4217-8D29-548BB1A0A5BD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (12/29/2016 08:54:52 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LORIZA-PC)
Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (12/29/2016 08:52:57 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LORIZA-PC)
Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (12/29/2016 08:48:53 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.

Operation:
Executing Asynchronous Operation
Context:
Current State: DoSnapshotSet
Error: (12/29/2016 08:48:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (12/28/2016 11:23:28 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (12/28/2016 11:23:20 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{b605aa90-57fa-11e0-ab1b-806e6f6e6963} - 000000000000022C,0x0053c014,000001A17E70C300,0,000001A17E70D330,4096,[0]). hr = 0x80070057, The parameter is incorrect.
.

Operation:
Processing PostCommitSnapshots
Context:
Execution Context: System Provider
Error: (12/28/2016 11:23:16 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP status 403: The client does not have sufficient access rights to the requested server object.
Error: (12/28/2016 10:56:16 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (12/28/2016 10:55:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (12/28/2016 10:47:58 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
The action cannot be completed. Try the action again. If the problem continues, contact Microsoft Product Support.

System errors:
=============
Error: (12/29/2016 08:54:53 PM) (Source: DCOM) (EventID: 10010) (User: LORIZA-PC)
Description: Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider
Error: (12/29/2016 08:54:21 PM) (Source: DCOM) (EventID: 10010) (User: LORIZA-PC)
Description: Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider
Error: (12/29/2016 08:54:21 PM) (Source: volsnap) (EventID: 14) (User: )
Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.
Error: (12/29/2016 08:47:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SoftThinks Agent Service service terminated unexpectedly. It has done this 1 time(s).
Error: (12/28/2016 11:23:57 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070663: Update for Microsoft Office 2010 (KB2881030) 32-Bit Edition.
Error: (12/28/2016 11:21:49 PM) (Source: volsnap) (EventID: 14) (User: )
Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.
Error: (12/28/2016 10:59:57 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {4991D34B-80A1-4291-83B6-3328366B9097}
Error: (12/28/2016 10:56:11 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070663: Update for Microsoft Office 2010 (KB2553347) 32-Bit Edition.
Error: (12/28/2016 10:48:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}{F72671A9-012C-4725-9D2F-2A4D32D65169}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
Error: (12/28/2016 10:47:32 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
%%1058

CodeIntegrity:
===================================
Date: 2016-12-28 23:31:05.360
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-12-28 13:43:57.744
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-12-28 10:53:48.388
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2016-12-28 10:53:48.388
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2016-12-28 10:53:48.388
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2016-12-26 09:39:48.846
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2016-12-26 09:39:48.846
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2016-12-26 09:39:48.846
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2016-12-25 23:39:41.469
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-12-25 20:45:58.585
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz
Percentage of memory in use: 57%
Total physical RAM: 5942.68 MB
Available physical RAM: 2553.13 MB
Total Virtual: 12086.68 MB
Available Virtual: 8865.88 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:581.42 GB) (Free:461.37 GB) NTFS ==>[system with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 59E62B41)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=581.4 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
 
redtarget.gif
I strongly recommend you uninstall Advanced SystemCare.
Registry cleaners/optimizers are not recommended for several reasons:

  • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

    The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


redtarget.gif
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    6.4 KB · Views: 2
No fixlist.txt found.

The fixlist.txt should be in the same folder/directory the tool is located.
When I do a search for either fixlist.txt or fixlog.txt, it finds nothing on computer. I did move the FRST64 program to my desktop.
 
Download "fixlist" one more time and make sure you see it on your Desktop where FRST is.
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 21-12-2016
Ran by loriza (31-12-2016 16:36:31) Run:1
Running from C:\Users\loriza\Desktop
Loaded Profiles: loriza (Available Profiles: loriza & Jes & lori & DefaultAppPool)
Boot Mode: Normal
==============================================
fixlist content:
*****************
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
U3 idsvc; no ImagePath
S3 PcdrNdisuio; \SystemRoot\syswow64\drivers\pcdrndisuio.sys [X]
2014-05-09 23:04 - 2014-05-24 09:29 - 0000000 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2011-06-13 16:15 - 2015-02-08 22:38 - 0000000 _____ () C:\Users\loriza\AppData\Roaming\CIOSupport
2011-06-13 16:25 - 2011-06-13 16:25 - 0000268 ___RH () C:\Users\loriza\AppData\Roaming\Galactic Static
2011-06-13 16:25 - 2011-06-13 16:25 - 0000268 ___RH () C:\Users\loriza\AppData\Roaming\Galaxy Swirl
2016-07-11 07:59 - 2016-07-11 07:59 - 0000867 _____ () C:\Users\loriza\AppData\Local\recently-used.xbel
2012-04-03 11:27 - 2012-04-03 11:27 - 0000017 _____ () C:\Users\loriza\AppData\Local\resmon.resmoncfg
2016-11-04 11:14 - 2016-11-04 11:14 - 0000000 _____ () C:\Users\loriza\AppData\Local\rx_image32.Cache
2016-07-29 15:12 - 2016-07-29 15:12 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-02-08 22:38 - 2015-02-08 22:38 - 0000000 _____ () C:\ProgramData\Bass Reduction
2015-02-08 22:38 - 2015-02-08 22:38 - 0000000 _____ () C:\ProgramData\Bundle
2015-02-08 22:38 - 2015-02-08 22:38 - 0000000 _____ () C:\ProgramData\Carbon
2011-06-13 16:25 - 2011-06-13 16:25 - 0000268 ___RH () C:\ProgramData\Grand Piano
2011-06-13 16:25 - 2011-06-13 16:25 - 0000268 ___RH () C:\ProgramData\Grapher
2013-12-21 22:08 - 2013-12-21 22:08 - 0000417 _____ () C:\ProgramData\hpzinstall.log
2011-06-13 16:22 - 2015-02-03 19:38 - 0000020 ____H () C:\ProgramData\PKP_DLbx.DAT
2011-06-13 16:25 - 2011-06-13 16:25 - 0000020 ____H () C:\ProgramData\PKP_DLck.DAT
2011-06-13 16:15 - 2015-02-08 22:38 - 0000000 ____H () C:\ProgramData\PKP_DLdu.DAT
C:\Users\loriza\SETUP.EXE
C:\Users\loriza\AppData\Local\Temp\dllnt_dump.dll
C:\Users\loriza\AppData\Local\Temp\jre-8u111-windows-au.exe
C:\Users\loriza\AppData\Local\Temp\libeay32.dll
C:\Users\loriza\AppData\Local\Temp\msvcr120.dll
C:\Users\loriza\AppData\Local\Temp\rk.exe
C:\Users\loriza\AppData\Local\Temp\sqlite3.dll
Task: {04A88B20-C060-429C-8BA4-ACDB8E187F10} - \SystemToolsDailyTest -> No File <==== ATTENTION
Task: {08FB5EF9-12B9-43D2-BC17-9AC4C8D1C4E4} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {19B28843-F75A-4E36-86F7-FD02AD0383D3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {29FAE714-33AC-49A1-8631-55671FEA43BD} - \Safer-Networking\Spybot - Search and Destroy\Refresh immunization -> No File <==== ATTENTION
Task: {2B411DAF-58D7-4783-B4DE-E8AB620F5BD5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {39F93FC2-40F6-4D9F-B55D-78CA24B2C0EF} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {3BF0D639-2133-4278-BB24-FB203CF39299} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {447C3E03-062E-4B32-8ADD-AE8DFFBDE8AA} - \{7E790447-0C78-0B04-0A11-7F790409110C} -> No File <==== ATTENTION
Task: {655A3437-0EEF-4D9E-99E6-6D9CADA0EBBC} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {71D585F3-E200-43A1-9A6C-3205D6E0C91D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {73B35DCC-F677-482B-880F-6E7D5ED66720} - \PCDEventLauncher -> No File <==== ATTENTION
Task: {89746ACB-1E93-4257-8F2D-B380A0FF4784} - \Safer-Networking\Spybot - Search and Destroy\Check for updates -> No File <==== ATTENTION
Task: {8DDC8D61-75D1-4366-B183-AAC7DB04E756} - \Microsoft\Windows\Setup\EOONotify -> No File <==== ATTENTION
Task: {8F6EF23F-8403-4D36-9792-898D00D5086B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {91F3C152-6A3D-4AC7-B80C-9A173187979A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {96E45829-8865-4B72-BF19-55A09A76013B} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {980073F0-2646-4371-A174-6EFACA28795B} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {9CACAC9C-CAD6-424C-B9AA-C747708ACFB7} - \PCDoctorBackgroundMonitorTask -> No File <==== ATTENTION
Task: {9DB1B030-2175-4A44-8B13-708A62E7828E} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {B4148E6F-C1DA-4077-8B7A-09AD76DC9718} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {D2BA373D-22E7-4C43-A6E0-25CCC65D10A1} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {DA341AF4-ADCA-4854-BCD0-714CBECCBE7B} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {E71E2B4E-2DFB-4E44-A294-442580B6250E} - \Safer-Networking\Spybot - Search and Destroy\Scan the system -> No File <==== ATTENTION
Task: {F06DC05C-A7D2-40E8-AFEC-06DCB90E49ED} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
AlternateDataStreams: C:\Program Files\Dell Support Center:Win32App_1
AlternateDataStreams: C:\Program Files\GIMP 2:Win32App_1
AlternateDataStreams: C:\Program Files\IDT:Win32App_1
AlternateDataStreams: C:\Program Files\Microsoft IntelliPoint:Win32App_1
AlternateDataStreams: C:\Program Files\RogueKiller:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Adobe:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Dell DataSafe Local Backup:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Microsoft Application Virtualization Client:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Microsoft Office:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Microsoft SQL Server Compact Edition:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Mozilla Firefox:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\MSXML 4.0:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Roxio:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\System Registration:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Windows Live:Win32App_1
AlternateDataStreams: C:\WINDOWS\SysWOW64:Win32App_1
AlternateDataStreams: C:\Program Files\Common Files\microsoft shared:Win32App_1
AlternateDataStreams: C:\ProgramData\HP:Win32App_1
AlternateDataStreams: C:\ProgramData\Ulead Systems:Win32App_1
AlternateDataStreams: C:\Users\loriza\Documents\contingency removal.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\loriza\Documents\contingency removal.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
*****************
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found.
idsvc => service removed successfully
PcdrNdisuio => service removed successfully
C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml => moved successfully
C:\Users\loriza\AppData\Roaming\CIOSupport => moved successfully
C:\Users\loriza\AppData\Roaming\Galactic Static => moved successfully
C:\Users\loriza\AppData\Roaming\Galaxy Swirl => moved successfully
C:\Users\loriza\AppData\Local\recently-used.xbel => moved successfully
C:\Users\loriza\AppData\Local\resmon.resmoncfg => moved successfully
C:\Users\loriza\AppData\Local\rx_image32.Cache => moved successfully
C:\ProgramData\Ament.ini => moved successfully
C:\ProgramData\Bass Reduction => moved successfully
C:\ProgramData\Bundle => moved successfully
C:\ProgramData\Carbon => moved successfully
C:\ProgramData\Grand Piano => moved successfully
C:\ProgramData\Grapher => moved successfully
C:\ProgramData\hpzinstall.log => moved successfully
C:\ProgramData\PKP_DLbx.DAT => moved successfully
C:\ProgramData\PKP_DLck.DAT => moved successfully
C:\ProgramData\PKP_DLdu.DAT => moved successfully
C:\Users\loriza\SETUP.EXE => moved successfully
C:\Users\loriza\AppData\Local\Temp\dllnt_dump.dll => moved successfully
C:\Users\loriza\AppData\Local\Temp\jre-8u111-windows-au.exe => moved successfully
C:\Users\loriza\AppData\Local\Temp\libeay32.dll => moved successfully
C:\Users\loriza\AppData\Local\Temp\msvcr120.dll => moved successfully
C:\Users\loriza\AppData\Local\Temp\rk.exe => moved successfully
C:\Users\loriza\AppData\Local\Temp\sqlite3.dll => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{04A88B20-C060-429C-8BA4-ACDB8E187F10}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04A88B20-C060-429C-8BA4-ACDB8E187F10}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemToolsDailyTest" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{08FB5EF9-12B9-43D2-BC17-9AC4C8D1C4E4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08FB5EF9-12B9-43D2-BC17-9AC4C8D1C4E4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{19B28843-F75A-4E36-86F7-FD02AD0383D3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{19B28843-F75A-4E36-86F7-FD02AD0383D3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{29FAE714-33AC-49A1-8631-55671FEA43BD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{29FAE714-33AC-49A1-8631-55671FEA43BD}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2B411DAF-58D7-4783-B4DE-E8AB620F5BD5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2B411DAF-58D7-4783-B4DE-E8AB620F5BD5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{39F93FC2-40F6-4D9F-B55D-78CA24B2C0EF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{39F93FC2-40F6-4D9F-B55D-78CA24B2C0EF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3BF0D639-2133-4278-BB24-FB203CF39299}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3BF0D639-2133-4278-BB24-FB203CF39299}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{447C3E03-062E-4B32-8ADD-AE8DFFBDE8AA} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7E790447-0C78-0B04-0A11-7F790409110C} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{655A3437-0EEF-4D9E-99E6-6D9CADA0EBBC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{655A3437-0EEF-4D9E-99E6-6D9CADA0EBBC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{71D585F3-E200-43A1-9A6C-3205D6E0C91D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{71D585F3-E200-43A1-9A6C-3205D6E0C91D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{73B35DCC-F677-482B-880F-6E7D5ED66720}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73B35DCC-F677-482B-880F-6E7D5ED66720}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDEventLauncher" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{89746ACB-1E93-4257-8F2D-B380A0FF4784}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{89746ACB-1E93-4257-8F2D-B380A0FF4784}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Check for updates => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8DDC8D61-75D1-4366-B183-AAC7DB04E756}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8DDC8D61-75D1-4366-B183-AAC7DB04E756}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\EOONotify" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8F6EF23F-8403-4D36-9792-898D00D5086B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F6EF23F-8403-4D36-9792-898D00D5086B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{91F3C152-6A3D-4AC7-B80C-9A173187979A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{91F3C152-6A3D-4AC7-B80C-9A173187979A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{96E45829-8865-4B72-BF19-55A09A76013B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{96E45829-8865-4B72-BF19-55A09A76013B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{980073F0-2646-4371-A174-6EFACA28795B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{980073F0-2646-4371-A174-6EFACA28795B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9CACAC9C-CAD6-424C-B9AA-C747708ACFB7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9CACAC9C-CAD6-424C-B9AA-C747708ACFB7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDoctorBackgroundMonitorTask" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9DB1B030-2175-4A44-8B13-708A62E7828E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9DB1B030-2175-4A44-8B13-708A62E7828E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B4148E6F-C1DA-4077-8B7A-09AD76DC9718}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B4148E6F-C1DA-4077-8B7A-09AD76DC9718}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D2BA373D-22E7-4C43-A6E0-25CCC65D10A1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D2BA373D-22E7-4C43-A6E0-25CCC65D10A1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DA341AF4-ADCA-4854-BCD0-714CBECCBE7B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DA341AF4-ADCA-4854-BCD0-714CBECCBE7B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E71E2B4E-2DFB-4E44-A294-442580B6250E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E71E2B4E-2DFB-4E44-A294-442580B6250E}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Scan the system => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F06DC05C-A7D2-40E8-AFEC-06DCB90E49ED}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F06DC05C-A7D2-40E8-AFEC-06DCB90E49ED}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-Weekend" => key removed successfully
C:\Program Files\Dell Support Center => "AlternateDataStreams: C:\Program Files\Dell Support Center:Win32App_1" ADS could not remove.
C:\Program Files\GIMP 2 => "AlternateDataStreams: C:\Program Files\GIMP 2:Win32App_1" ADS could not remove.
C:\Program Files\IDT => "AlternateDataStreams: C:\Program Files\IDT:Win32App_1" ADS could not remove.
C:\Program Files\Microsoft IntelliPoint => "AlternateDataStreams: C:\Program Files\Microsoft IntelliPoint:Win32App_1" ADS could not remove.
C:\Program Files\RogueKiller => "AlternateDataStreams: C:\Program Files\RogueKiller:Win32App_1" ADS could not remove.
C:\Program Files (x86)\Adobe => "AlternateDataStreams: C:\Program Files (x86)\Adobe:Win32App_1" ADS could not remove.
C:\Program Files (x86)\Dell DataSafe Local Backup => "AlternateDataStreams: C:\Program Files (x86)\Dell DataSafe Local Backup:Win32App_1" ADS could not remove.
C:\Program Files (x86)\Microsoft Application Virtualization Client => "AlternateDataStreams: C:\Program Files (x86)\Microsoft Application Virtualization Client:Win32App_1" ADS could not remove.
C:\Program Files (x86)\Microsoft Office => "AlternateDataStreams: C:\Program Files (x86)\Microsoft Office:Win32App_1" ADS could not remove.
C:\Program Files (x86)\Microsoft SQL Server Compact Edition => "AlternateDataStreams: C:\Program Files (x86)\Microsoft SQL Server Compact Edition:Win32App_1" ADS could not remove.
C:\Program Files (x86)\Mozilla Firefox => "AlternateDataStreams: C:\Program Files (x86)\Mozilla Firefox:Win32App_1" ADS could not remove.
C:\Program Files (x86)\MSXML 4.0 => "AlternateDataStreams: C:\Program Files (x86)\MSXML 4.0:Win32App_1" ADS could not remove.
C:\Program Files (x86)\Roxio => "AlternateDataStreams: C:\Program Files (x86)\Roxio:Win32App_1" ADS could not remove.
C:\Program Files (x86)\System Registration => "AlternateDataStreams: C:\Program Files (x86)\System Registration:Win32App_1" ADS could not remove.
C:\Program Files (x86)\Windows Live => "AlternateDataStreams: C:\Program Files (x86)\Windows Live:Win32App_1" ADS could not remove.
C:\WINDOWS\SysWOW64 => "AlternateDataStreams: C:\WINDOWS\SysWOW64:Win32App_1" ADS could not remove.
C:\Program Files\Common Files\microsoft shared => "AlternateDataStreams: C:\Program Files\Common Files\microsoft shared:Win32App_1" ADS could not remove.
C:\ProgramData\HP => "AlternateDataStreams: C:\ProgramData\HP:Win32App_1" ADS could not remove.
C:\ProgramData\Ulead Systems => "AlternateDataStreams: C:\ProgramData\Ulead Systems:Win32App_1" ADS could not remove.
C:\Users\loriza\Documents\contingency removal.jpeg => "AlternateDataStreams: C:\Users\loriza\Documents\contingency removal.jpeg:3or4kl4x13tuuug3Byamue2s4b" ADS could not remove.
C:\Users\loriza\Documents\contingency removal.jpeg => "AlternateDataStreams: C:\Users\loriza\Documents\contingency removal.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS could not remove.
==== End of Fixlog 16:36:36 ====
 
Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 
Thank you, Broni. Happy New Year to you and yours.

Results of screen317's Security Check version 0.99.93
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Java 8 Update 111
Java version 32-bit out of Date!
Adobe Flash Player 24.0.0.186
Adobe Reader XI
Mozilla Firefox (50.1.0)
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamtray.exe
Windows Defender MSASCuiL.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

Farbar Service Scanner Version: 27-01-2016
Ran by loriza (administrator) on 01-01-2017 at 00:02:51
Running from "C:\Users\loriza\Desktop"
Microsoft Windows 10 Home (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================

System Restore:
============
System Restore Policy:
========================

Security Center:
============

Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

Getting user folders.
Stopping running processes.
Emptying Temp folders.
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default.migrated
User: DefaultAppPool
User: DefaultAppPool.IIS APPPOOL
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Jes
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: lori
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: loriza
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 83643 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 137099069 bytes
->Google Chrome cache emptied: 6372078 bytes
->Flash cache emptied: 4772 bytes
User: loriza wixx
User: Public
User: TEMP.IIS APPPOOL
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 50066242 bytes
Emptying RecycleBin. Do not interrupt.
RecycleBin emptied: 1848 bytes
Process complete!
Total Files Cleaned = 185.00 mb
******************************

I included the TFC log. I did have to restart it because it froze up. Also I noticed just when I got your message, that 4 files were added to my desktop. Actually 5.Files are:~$w to apply, ~$cument, ~$ntainer chassis. and 2 desltop.ini files. I did not open them, though I did check out the properties of the desktop.ini files. the firstdesktop.ini file, Object name is C:\Users\Loriza\Desktop\desktop.ini. On the security tab, there are 2 account unknowns (S-1-5-21-3246205657-874441744-2172450925-1003 and one same number but ends on 1004. The account unknown 1003 acct., and the other user names listed of SYSTEM, Loriza Wixx, lori, and the Administrators, have permissions full control, modify, read and write. The account unknown Acct. 1004 has read and execute and read permissions. There also is a group or users names of: WMPNetwork Svc that has permissions of Read only. All of the permissions for this file have checkmarks in the permissions that are grey. When I look at the details tab,folder path C:\Users\Public\Public Desktop, Attibutes: HS, availability: available offline, Shared with::ALL APPLICATION PACKAGES, Owner: Administrators, Computer: LORIZA-PC (this PC).
The other desktop.ini file has an Object name of C.\Users\Public\Desktop\desktop.ini. It has user names: ALL APPLICATION PACKAGES, which has Permissions Read and execute and read, (Checked in Black not grey), SYSTEM, Administrators (Loriza-PC\Administrators) both have permissions Full control, Modify, read and execute, read and write (checked grey). Users Loriza Wixx (elkiesander@hotmail.com) and lori (loriza-PC\lori) have Special Permissions only (checked grey). A User, Users (loriza-PC\Users), has the permissions Read and execute and Read (checked in Black) and User, INTERACTIVE, has permissions Read and execute and read checked in grey.On details tab, folder path C:\Users\loriza\Desktop, Attibutes: HSA, availability: available offline, Shared with: lori, Owner: LORIZA-PC\loriza, Computer: LORIZA-PC (this PC).
 
Thank you, Broni. Happy New Year to you and yours.

Results of screen317's Security Check version 0.99.93
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Java 8 Update 111
Java version 32-bit out of Date!
Adobe Flash Player 24.0.0.186
Adobe Reader XI
Mozilla Firefox (50.1.0)
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamtray.exe
Windows Defender MSASCuiL.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

Farbar Service Scanner Version: 27-01-2016
Ran by loriza (administrator) on 01-01-2017 at 00:02:51
Running from "C:\Users\loriza\Desktop"
Microsoft Windows 10 Home (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================

System Restore:
============
System Restore Policy:
========================

Security Center:
============

Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

Getting user folders.
Stopping running processes.
Emptying Temp folders.
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default.migrated
User: DefaultAppPool
User: DefaultAppPool.IIS APPPOOL
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Jes
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: lori
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: loriza
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 83643 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 137099069 bytes
->Google Chrome cache emptied: 6372078 bytes
->Flash cache emptied: 4772 bytes
User: loriza wixx
User: Public
User: TEMP.IIS APPPOOL
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 50066242 bytes
Emptying RecycleBin. Do not interrupt.
RecycleBin emptied: 1848 bytes
Process complete!
Total Files Cleaned = 185.00 mb
******************************

I included the TFC log. I did have to restart it because it froze up. Also I noticed just when I got your message, that 4 files were added to my desktop. Actually 5.Files are:~$w to apply, ~$cument, ~$ntainer chassis. and 2 desltop.ini files. I did not open them, though I did check out the properties of the desktop.ini files. the firstdesktop.ini file, Object name is C:\Users\Loriza\Desktop\desktop.ini. On the security tab, there are 2 account unknowns (S-1-5-21-3246205657-874441744-2172450925-1003 and one same number but ends on 1004. The account unknown 1003 acct., and the other user names listed of SYSTEM, Loriza Wixx, lori, and the Administrators, have permissions full control, modify, read and write. The account unknown Acct. 1004 has read and execute and read permissions. There also is a group or users names of: WMPNetwork Svc that has permissions of Read only. All of the permissions for this file have checkmarks in the permissions that are grey. When I look at the details tab,folder path C:\Users\Public\Public Desktop, Attibutes: HS, availability: available offline, Shared with::ALL APPLICATION PACKAGES, Owner: Administrators, Computer: LORIZA-PC (this PC).
The other desktop.ini file has an Object name of C.\Users\Public\Desktop\desktop.ini. It has user names: ALL APPLICATION PACKAGES, which has Permissions Read and execute and read, (Checked in Black not grey), SYSTEM, Administrators (Loriza-PC\Administrators) both have permissions Full control, Modify, read and execute, read and write (checked grey). Users Loriza Wixx (elkiesander@hotmail.com) and lori (loriza-PC\lori) have Special Permissions only (checked grey). A User, Users (loriza-PC\Users), has the permissions Read and execute and Read (checked in Black) and User, INTERACTIVE, has permissions Read and execute and read checked in grey.On details tab, folder path C:\Users\loriza\Desktop, Attibutes: HSA, availability: available offline, Shared with: lori, Owner: LORIZA-PC\loriza, Computer: LORIZA-PC (this PC).
Sophos iscoming.
 
Open File Explorer, go View>Options>Change Folder and Search options>View tab and checkmark "Hide protected operating system files"
 
You must log in or register to reply here.

Similar threads

E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back