Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is Cryptowall 3.0 done with me yet?


  • This topic is locked This topic is locked
38 replies to this topic

#1 Shock2DC

Shock2DC

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:40 PM

Posted 09 March 2016 - 11:20 AM

On Sunday evening I went to look for a particular photo a friend had asked for.  I don't recall the name, but it was part of a day's photos from a specific event so it would be easy to determine if a particular one was missing.  Of course, it had to be the one she was asking for, say 0640.jpg.  I could find 0639 and 0641 but not 0640.  I have multiple (okay four) drives attached to my computer (yes, I know one SHOULD have been offline - but - moving on), and it seemed odd.  I did a search for 0640 across ALL of my attached drives and found it on a thumb drive that I had been using to make a backup boot drive for recovery purposes (another mistake - but I am learning).  Anyway, when I went to open 0640, it would not open.  In fact, I saw the the screenshots that you have posted saying your files have been encrypted... blah, blah, blah, go to tor-something, etc.  Holy cow, I thought I was going to have a heart attack - pics, videos and DECADES of work are on those drives.  I booted off, and quickly unplugged all my drives, in case this was a process that was active.  Over the next couple of days I downloaded and ran malwarebytes, malwarebytes anti-ransom (beta), total commander, hitman pro, uninstalled/disabled a couple security programs (webroot, being one) which clearly were not doing all they should be, and replaced them with ccleaner and avast which should now work much better with my recently upgraded memory.  

 

After searching my computer for the help_decrypt files, and not finding them on my hard drive, and malwarebytes finding a single cryptowall reference in one of my users profiles, and removing it; I am wondering if I am done, safe?  I also deleted that single user's profile and all their files from my hard drive.  They did not have administrative rights.  Using Total Commander, I have scanned each hard drive individually for encrypted files, and the only one that seems to have them is the thumb drive - which I am terrified to open.  In my absolute panic and horror, thinking my computer was going to implode if I didn't get this done within 72 hours, I didn't read the instructions about how to ask for help until after I had run malwarebytes, so I am hoping I haven't caused anything to go underground(?) because I know you say not to make any changes until you have looked over my log which is below.

 

I know I made mistakes, but I am going to learn from this lesson.  I have previously tried to backup to DVDs, only to find a couple years later they had lost their data, so I believed that multiple drives was the answer.  The one I had for offline use had been put in a fireproof safe and wouldn't fire up when needed.  My mistake was not keeping two.  :-(

 

At any rate, right now the question is if my computer is sufficiently cleaned and can I safely reattach the a drive or two for backup?  Can you still help me, am I safe, and are the photos and documents on the drives that do not show any encryption safe?  

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Onion (administrator) on Onion (09-03-2016 08:18:06)
Running from C:\Users\Onion\Desktop
Loaded Profiles: Onion &  (Available Profiles: Onion & Gust & JMan & BigD & Gusty & Down & Administrator & Guest)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Ransomware\MBAMService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Ransomware\mbarw.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-09] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139768 2016-03-09] (AVAST Software)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000\...\Run: [GoogleChromeAutoLaunch_5CCE98D184A9CD2E9E1B9882307A0074] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [741704 2015-12-10] (Google Inc.)
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8641240 2016-02-12] (Piriform Ltd)
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_5CCE98D184A9CD2E9E1B9882307A0074] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [741704 2015-12-10] (Google Inc.)
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8641240 2016-02-12] (Piriform Ltd)
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-21-1508894382-1957078712-2432733024-1012-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1508894382-1957078712-2432733024-1012-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1508894382-1957078712-2432733024-1013-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1508894382-1957078712-2432733024-1013-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1508894382-1957078712-2432733024-1013-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {48fa7541-be1f-11e3-b1ab-806e6f6e6963} - D:\MInst.exe
HKU\S-1-5-21-1508894382-1957078712-2432733024-1013-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {d2518b10-6250-11e5-ab1d-7427ead949a0} - K:\LaunchU3.exe -a
HKU\S-1-5-21-1508894382-1957078712-2432733024-1014-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1508894382-1957078712-2432733024-1014-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1508894382-1957078712-2432733024-1014-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {48fa7541-be1f-11e3-b1ab-806e6f6e6963} - D:\MInst.exe
HKU\S-1-5-21-1508894382-1957078712-2432733024-1014-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {d2518b10-6250-11e5-ab1d-7427ead949a0} - K:\LaunchU3.exe -a
HKU\S-1-5-21-1508894382-1957078712-2432733024-1015-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1508894382-1957078712-2432733024-1015-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1508894382-1957078712-2432733024-1015-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {48fa7541-be1f-11e3-b1ab-806e6f6e6963} - D:\MInst.exe
HKU\S-1-5-21-1508894382-1957078712-2432733024-1016-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SendAnywhere] => C:\Program Files (x86)\Send Anywhere\sendanywhere.exe [5091512 2016-02-18] ()
HKU\S-1-5-21-1508894382-1957078712-2432733024-1016-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1508894382-1957078712-2432733024-1016-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1508894382-1957078712-2432733024-1016-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {d2518b10-6250-11e5-ab1d-7427ead949a0} - K:\LaunchU3.exe -a
HKU\S-1-5-21-1508894382-1957078712-2432733024-1017-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1508894382-1957078712-2432733024-1017-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1508894382-1957078712-2432733024-1019-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_58B6F8ECAF76F56F8565A106D625FE62] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [741704 2015-12-10] (Google Inc.)
HKU\S-1-5-21-1508894382-1957078712-2432733024-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1508894382-1957078712-2432733024-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1508894382-1957078712-2432733024-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {48fa7541-be1f-11e3-b1ab-806e6f6e6963} - D:\install.exe /A
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
IFEO\Memeo.Helper.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
IFEO\MemeoDashboard.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
IFEO\MemeoLauncher.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
IFEO\MemeoUpdater.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
IFEO\SeagateDashboardService.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-03-09] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Onion\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Onion\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Onion\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Onion\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Onion\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Onion\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Onion\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Onion\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Malwarebytes Anti-Ransomware.lnk [2016-03-08]
ShortcutTarget: Malwarebytes Anti-Ransomware.lnk -> C:\Program Files\Malwarebytes\Anti-Ransomware\mbarw.exe (Malwarebytes)
GroupPolicyUsers\S-1-5-21-1508894382-1957078712-2432733024-1017\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1508894382-1957078712-2432733024-1016\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1508894382-1957078712-2432733024-1015\User: Restriction - Chrome <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1508894382-1957078712-2432733024-1014\User: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6CC10B5C-1289-49CD-989D-D8A7E36CB13A}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{DF3D9C22-B0F8-49B9-BAA3-94126DFB7F79}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F26D6E2B-53F4-456D-AEEC-B290BEF169FD}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01
SearchScopes: HKLM -> DefaultScope {26A6BAA9-2E0B-457C-A960-9EF17C4F00E6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {26A6BAA9-2E0B-457C-A960-9EF17C4F00E6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {26A6BAA9-2E0B-457C-A960-9EF17C4F00E6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-1508894382-1957078712-2432733024-1000 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-1508894382-1957078712-2432733024-1000 -> {26A6BAA9-2E0B-457C-A960-9EF17C4F00E6} URL = 
SearchScopes: HKU\S-1-5-21-1508894382-1957078712-2432733024-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-1508894382-1957078712-2432733024-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-1508894382-1957078712-2432733024-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {26A6BAA9-2E0B-457C-A960-9EF17C4F00E6} URL = 
SearchScopes: HKU\S-1-5-21-1508894382-1957078712-2432733024-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-1508894382-1957078712-2432733024-1012-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {26A6BAA9-2E0B-457C-A960-9EF17C4F00E6} URL = 
SearchScopes: HKU\S-1-5-21-1508894382-1957078712-2432733024-1013-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {26A6BAA9-2E0B-457C-A960-9EF17C4F00E6} URL = 
SearchScopes: HKU\S-1-5-21-1508894382-1957078712-2432733024-1013-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {26A6BAA9-2E0B-457C-A960-9EF17C4F00E6} URL = 
SearchScopes: HKU\S-1-5-21-1508894382-1957078712-2432733024-1014-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {26A6BAA9-2E0B-457C-A960-9EF17C4F00E6} URL = 
SearchScopes: HKU\S-1-5-21-1508894382-1957078712-2432733024-1014-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {26A6BAA9-2E0B-457C-A960-9EF17C4F00E6} URL = 
SearchScopes: HKU\S-1-5-21-1508894382-1957078712-2432733024-1015-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {26A6BAA9-2E0B-457C-A960-9EF17C4F00E6} URL = 
SearchScopes: HKU\S-1-5-21-1508894382-1957078712-2432733024-1015-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1508894382-1957078712-2432733024-1016-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {26A6BAA9-2E0B-457C-A960-9EF17C4F00E6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1508894382-1957078712-2432733024-1016-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {26A6BAA9-2E0B-457C-A960-9EF17C4F00E6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-11-12] (IObit)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-03-09] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-03-09] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2015-07-09] (IObit)
 
FireFox:
========
FF ProfilePath: C:\Users\Onion\AppData\Roaming\Mozilla\Firefox\Profiles\mmkwnrc6.default-1456941019132
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-11] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-08-12] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.80.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-04-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.80.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-04-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-02-09] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1508894382-1957078712-2432733024-1013-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @nsroblox.roblox.com/launcher -> C:\Users\Sara\AppData\Local\Roblox\Versions\version-8559dcf342a3424a\\NPRobloxProxy.dll [2012-12-31] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-1508894382-1957078712-2432733024-1013-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @nsroblox.roblox.com/launcher64 -> C:\Users\Sara\AppData\Local\Roblox\Versions\version-8559dcf342a3424a\\NPRobloxProxy64.dll [2012-12-31] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-1508894382-1957078712-2432733024-1015-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @nsroblox.roblox.com/launcher -> C:\Users\JMan\AppData\Local\Roblox\Versions\version-e1544481252d4990\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-1508894382-1957078712-2432733024-1015-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @nsroblox.roblox.com/launcher64 -> C:\Users\JMan\AppData\Local\Roblox\Versions\version-e1544481252d4990\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-1508894382-1957078712-2432733024-1015-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\JMan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-06-10] (Unity Technologies ApS)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-03-09]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKU\S-1-5-21-1508894382-1957078712-2432733024-1016-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi => not found
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://search.conduit.com/?gd=&ctid=CT3323878&octid=EB_ORIGINAL_CTID&ISID=M1DA442E4-8B03-4868-8AF3-0F84E3D6FCFB&SearchSource=55&CUI=&UM=5&UP=SP9A8A6418-E099-41EC-B663-2D8FE173582D&SSPV=
CHR StartupUrls: Default -> "hxxp://gmail.com/","hxxp://www.facebook.com/","hxxp://www.trovi.com/?gd=&ctid=CT3320418&octid=EB_ORIGINAL_CTID&ISID=MEB5CEFA7-EC07-430F-BF1A-5A792952324F&SearchSource=55&CUI=&UM=8&UP=SP46C28545-6113-4B66-9930-70595583335D&SSPV=","hxxp://www.google.com"
CHR DefaultSearchKeyword: Default -> google.com_
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Onion\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\pdf.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll => No File
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.550.14) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 7 U55) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll => No File
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll => No File
CHR Profile: C:\Users\Onion\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (BIODIGITAL HUMAN) - C:\Users\Onion\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2014-11-05]
CHR Extension: (Mahjong Words 2) - C:\Users\Onion\AppData\Local\Google\Chrome\User Data\Default\Extensions\akoaibgodkfmengiiainfdbjmmamfall [2015-03-17]
CHR Extension: (Google Docs) - C:\Users\Onion\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-07]
CHR Extension: (Google Drive) - C:\Users\Onion\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Onion\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-02]
CHR Extension: (Math Mahjong) - C:\Users\Onion\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbcfbhpnngegochhbdlanodnmijfplal [2015-03-17]
CHR Extension: (SaaSt Personal Finance) - C:\Users\Onion\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgcpbhfnpmkmgafdbdchmibfkebamfdj [2014-04-06]
CHR Extension: (Google Search) - C:\Users\Onion\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-04]
CHR Extension: (Word Search) - C:\Users\Onion\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnjkggjhcbohgnikmegjkodmakmimlkj [2015-03-17]
CHR Extension: (Gmail Offline) - C:\Users\Onion\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2014-04-06]
CHR Extension: (Google Calendar) - C:\Users\Onion\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-10-19]
CHR Extension: (Box) - C:\Users\Onion\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnkaeblpdcamcioiiabclakabcbjmbl [2015-05-13]
CHR Extension: (Google Docs Offline) - C:\Users\Onion\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (KIDO'Z Games) - C:\Users\Onion\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghlcchaakmfckfnadbjemimebhpfgmdc [2014-04-06]
CHR Extension: (Pin It Button) - C:\Users\Onion\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-09-27]
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\Onion\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak [2014-04-13] [UpdateUrl: hxxp://www.interoperabilitybridges.com/ChromeWMP/wmpChromeupdates.xml] <==== ATTENTION
CHR Extension: (Crackle) - C:\Users\Onion\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic [2015-09-14]
CHR Extension: (Typing Test - KeyHero) - C:\Users\Onion\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkcieoaeooeidmpaopkpjpjfakidlabm [2014-07-31]
CHR Extension: (Cargo Bridge) - C:\Users\Onion\AppData\Local\Google\Chrome\User Data\Default\Extensions\keembkgclppcbilkekfgpobhldjjhpmn [2014-04-06]
CHR Extension: (Image to PDF Converter - Smallpdf.com) - C:\Users\Onion\AppData\Local\Google\Chrome\User Data\Default\Extensions\kflcghnbgimnchdeclacccpgembnigmb [2016-02-20]
CHR Extension: (Webroot Filtering Extension) - C:\Users\Onion\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2016-01-19]
CHR Extension: (The Great Suspender) - C:\Users\Onion\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2014-10-21]
CHR Extension: (Merge PDF - Smallpdf.com) - C:\Users\Onion\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhibnjbbdkflfklbdpgbifkhcielgcm [2016-02-20]
CHR Extension: (PDF Merge - PDF Files Merger) - C:\Users\Onion\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndolbcaghkmhjhgggldkgjibdilpbdbm [2016-02-20]
CHR Extension: (Mahjong Solitaire) - C:\Users\Onion\AppData\Local\Google\Chrome\User Data\Default\Extensions\neojceinbonpjjcokpokpeobkhcpiloc [2015-04-25]
CHR Extension: (Merge PDF - Split PDF - Sejda.com) - C:\Users\Onion\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhcknfplofcnpdjalbhnjognbpncojbi [2016-02-20]
CHR Extension: (Goodbudget) - C:\Users\Onion\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkhffmghajhedigppmcgiefaddneijge [2014-04-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Onion\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-26]
CHR Extension: (Webroot Password Manager) - C:\Users\Onion\AppData\Local\Google\Chrome\User Data\Default\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab [2015-04-10]
CHR Extension: (Cash Organizer) - C:\Users\Onion\AppData\Local\Google\Chrome\User Data\Default\Extensions\okkjkiblnfijflcgekcbefmekkljcopp [2014-08-13]
CHR Extension: (Tab Hibernation) - C:\Users\Onion\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha [2014-10-21]
CHR Extension: (Psykopaint) - C:\Users\Onion\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil [2015-04-03]
CHR Extension: (Gmail) - C:\Users\Onion\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-03]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-03-09]
CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx <not found>
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 AdobeActiveFileMonitor13.0; C:\Program Files\Adobe\Elements 13 Organizer\PhotoshopElementsFileAgent.exe [231120 2015-01-30] (Adobe Systems Incorporated)
R2 AdvancedSystemCareService9; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [446240 2016-01-05] (IObit)
R3 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-03-09] (AVAST Software)
S4 btwdins; C:\Program Files\ASUS\Bluetooth Software\btwdins.exe [1005944 2012-12-06] (Broadcom Corporation.)
S4 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
S4 FreeAgentGoFlex Service; C:\Program Files (x86)\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe [91432 2011-02-10] (Seagate Technology LLC)
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-03-07] (SurfRight B.V.)
S4 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-03-22] (Intel Corporation)
S4 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344168 2016-03-02] (Intel Corporation)
S4 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [950048 2016-02-01] (IObit)
S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2945312 2016-01-14] (IObit)
R2 MB3Service; C:\Program Files\Malwarebytes\Anti-Ransomware\MBAMService.exe [3125728 2016-02-11] (Malwarebytes)
S2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [740832 2016-01-29] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S4 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S4 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S4 UsbService; C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe [334848 2010-08-10] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-03-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-03-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-03-09] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-03-09] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065720 2016-03-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-03-09] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-03-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-03-09] (AVAST Software)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [172760 2015-04-26] (Broadcom Corporation.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [66080 2016-01-29] ()
R3 farflt; C:\Windows\system32\drivers\farflt.sys [56704 2016-03-09] (Malwarebytes)
S4 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [22208 2015-12-22] (IObit)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [31144 2016-03-02] (Intel Corporation)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2015-10-05] (Malwarebytes)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [217328 2016-03-09] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [179456 2016-03-02] (Intel Corporation)
S0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [154024 2016-03-09] (AVAST Software)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2015-07-28] (CACE Technologies, Inc.)
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-09-03] (Corel Corporation)
S3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2015-03-25] (IObit.com)
R3 RTSUER; C:\Windows\System32\Drivers\RtsUer.sys [404184 2016-03-01] (Realsil Semiconductor Corporation)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
S3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33448 2015-08-12] (Synaptics Incorporated)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]
R3 vuhub; C:\Windows\System32\DRIVERS\vuhub.sys [47616 2007-12-16] ()
S1 HWiNFO32; \??\C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [X]
U0 SR; no ImagePath
U2 srservice; no ImagePath
R0 WRkrn; System32\drivers\WRkrn.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-09 08:15 - 2016-03-09 08:15 - 00001150 _____ C:\Users\Public\Desktop\DriveImage XML.lnk
2016-03-09 08:15 - 2016-03-09 08:15 - 00001150 _____ C:\ProgramData\Desktop\DriveImage XML.lnk
2016-03-09 08:15 - 2016-03-09 08:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Runtime Software
2016-03-09 08:15 - 2016-03-09 08:15 - 00000000 ____D C:\Program Files (x86)\Runtime Software
2016-03-09 08:14 - 2016-03-09 08:14 - 02026456 _____ C:\Users\Onion\Desktop\dixmlsetup.exe
2016-03-09 07:16 - 2016-03-09 07:17 - 00069088 _____ C:\Users\Onion\Desktop\Addition.txt
2016-03-09 07:15 - 2016-03-09 08:18 - 00060710 _____ C:\Users\Onion\Desktop\FRST.txt
2016-03-09 07:15 - 2016-03-09 08:18 - 00000000 ____D C:\FRST
2016-03-09 07:14 - 2016-03-09 07:14 - 02374144 _____ (Farbar) C:\Users\Onion\Desktop\FRST64.exe
2016-03-09 06:17 - 2016-03-09 06:17 - 00001752 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-03-09 06:17 - 2016-03-09 06:17 - 00001752 _____ C:\ProgramData\Desktop\iTunes.lnk
2016-03-09 06:17 - 2016-03-09 06:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-03-09 06:16 - 2016-03-09 06:17 - 00000000 ____D C:\Program Files\iTunes
2016-03-09 06:16 - 2016-03-09 06:16 - 00000000 ____D C:\Program Files\iPod
2016-03-09 06:16 - 2016-03-09 06:16 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-03-09 06:11 - 2016-03-09 06:11 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2016-03-09 06:11 - 2016-03-09 06:11 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-03-09 06:09 - 2016-03-09 06:09 - 00000000 ____D C:\Program Files\Bonjour
2016-03-09 06:09 - 2016-03-09 06:09 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-03-09 06:03 - 2016-03-09 06:13 - 00003770 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-03-09 06:03 - 2016-03-09 06:13 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-09 06:03 - 2016-03-09 06:03 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-03-09 06:03 - 2016-03-09 06:03 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-09 06:02 - 2016-03-09 06:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-03-09 05:43 - 2016-03-09 05:43 - 00154024 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys
2016-03-09 05:43 - 2016-03-09 05:41 - 00463744 _____ (AVAST Software) C:\Windows\system32\Drivers\asw38E4.tmp
2016-03-09 05:43 - 2016-03-09 05:41 - 00287016 _____ (AVAST Software) C:\Windows\system32\Drivers\asw3CEB.tmp
2016-03-09 05:43 - 2016-03-09 05:39 - 01065720 _____ (AVAST Software) C:\Windows\system32\Drivers\asw1826.tmp
2016-03-09 05:43 - 2016-03-09 05:39 - 00398152 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-03-09 05:43 - 2016-03-09 05:39 - 00165344 _____ (AVAST Software) C:\Windows\system32\Drivers\asw3F8A.tmp
2016-03-09 05:43 - 2016-03-09 05:39 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\asw300C.tmp
2016-03-09 05:43 - 2016-03-09 05:39 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\asw265A.tmp
2016-03-09 05:43 - 2016-03-09 05:39 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\asw353B.tmp
2016-03-09 05:43 - 2016-03-09 05:39 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\asw281F.tmp
2016-03-09 05:41 - 2016-03-09 05:41 - 00001921 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-03-09 05:41 - 2016-03-09 05:41 - 00001921 _____ C:\ProgramData\Desktop\Avast Free Antivirus.lnk
2016-03-09 05:41 - 2016-03-09 05:41 - 00000000 ____D C:\Users\Onion\AppData\Roaming\AVAST Software
2016-03-09 05:41 - 2016-03-09 05:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-03-09 05:40 - 2016-03-09 05:44 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-03-09 05:40 - 2016-03-09 05:41 - 00463744 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-03-09 05:40 - 2016-03-09 05:41 - 00287016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys.1457523663668
2016-03-09 05:40 - 2016-03-09 05:41 - 00287016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-03-09 05:40 - 2016-03-09 05:40 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-03-09 05:40 - 2016-03-09 05:40 - 00000000 ____D C:\Program Files\Common Files\AV
2016-03-09 05:40 - 2016-03-09 05:39 - 01065720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-03-09 05:40 - 2016-03-09 05:39 - 00463744 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1457523669878
2016-03-09 05:40 - 2016-03-09 05:39 - 00286440 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys.1457523661156
2016-03-09 05:40 - 2016-03-09 05:39 - 00165344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-03-09 05:40 - 2016-03-09 05:39 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-03-09 05:40 - 2016-03-09 05:39 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-03-09 05:40 - 2016-03-09 05:39 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-03-09 05:40 - 2016-03-09 05:39 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-03-09 05:39 - 2016-03-09 05:39 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-03-09 05:37 - 2016-03-09 05:37 - 00000000 ____D C:\ProgramData\AVAST Software
2016-03-09 05:37 - 2016-03-09 05:37 - 00000000 ____D C:\Program Files\AVAST Software
2016-03-09 05:35 - 2016-03-09 05:35 - 00199240 _____ C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2016-03-09 05:34 - 2016-03-09 05:34 - 00000000 ____D C:\IObit
2016-03-09 04:46 - 2016-03-09 04:46 - 00001668 _____ C:\cc_20160309_044641.reg
2016-03-09 04:32 - 2016-03-09 04:32 - 00000000 ____H C:\asc_rdflag
2016-03-09 03:06 - 2016-03-09 03:06 - 05066104 _____ (AVAST Software) C:\Users\Onion\Downloads\avast_free_antivirus_setup_online_cnet1.exe
2016-03-08 17:55 - 2016-03-08 17:55 - 00525824 _____ C:\Users\Onion\Documents\Google Maps.pdf
2016-03-08 17:38 - 2016-03-08 17:38 - 01780781 _____ C:\Users\Down\Desktop\St. Patrick's Day Parade Run Details - St.pdf
2016-03-08 16:38 - 2016-03-08 16:38 - 00004976 _____ C:\Users\Down\Downloads\Restore_Run-as-administrator.reg
2016-03-08 15:32 - 2016-03-09 05:35 - 00056704 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2016-03-08 15:31 - 2016-03-08 15:33 - 00001900 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Ransomware.lnk
2016-03-08 15:31 - 2016-03-08 15:33 - 00001900 _____ C:\ProgramData\Desktop\Malwarebytes Anti-Ransomware.lnk
2016-03-08 15:31 - 2016-03-08 15:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2016-03-08 15:31 - 2016-03-08 15:31 - 37537616 _____ (Malwarebytes ) C:\Users\Onion\Downloads\MBARW_Setup.exe
2016-03-08 15:31 - 2016-03-08 15:31 - 00000000 ____D C:\Program Files\Malwarebytes
2016-03-08 15:08 - 2016-03-08 15:08 - 00017725 _____ C:\Users\Onion\Documents\3-6-16.txt
2016-03-07 13:25 - 2016-03-07 13:25 - 00000000 ____D C:\Windows\CheckSur
2016-03-07 13:19 - 2016-03-07 13:24 - 564744309 _____ C:\Users\Onion\Desktop\Windows6.1-KB947821-v34-x64.msu
2016-03-07 11:28 - 2016-03-07 11:28 - 00011404 _____ C:\cc_20160307_112801.reg
2016-03-07 11:01 - 2016-03-07 11:01 - 00002792 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-03-07 09:24 - 2016-03-07 09:24 - 00000671 _____ C:\Users\Public\Desktop\Total Commander.lnk
2016-03-07 09:24 - 2016-03-07 09:24 - 00000671 _____ C:\ProgramData\Desktop\Total Commander.lnk
2016-03-07 09:24 - 2016-03-07 09:24 - 00000000 ____D C:\Users\Down\AppData\Roaming\GHISLER
2016-03-07 09:24 - 2016-03-07 09:24 - 00000000 ____D C:\totalcmd
2016-03-07 09:24 - 2016-03-07 09:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Commander
2016-03-07 09:24 - 2014-04-30 08:51 - 00000545 _____ C:\Windows\UC.PIF
2016-03-07 09:24 - 2014-04-30 08:51 - 00000545 _____ C:\Windows\RAR.PIF
2016-03-07 09:24 - 2014-04-30 08:51 - 00000545 _____ C:\Windows\PKZIP.PIF
2016-03-07 09:24 - 2014-04-30 08:51 - 00000545 _____ C:\Windows\PKUNZIP.PIF
2016-03-07 09:24 - 2014-04-30 08:51 - 00000545 _____ C:\Windows\LHA.PIF
2016-03-07 09:24 - 2014-04-30 08:51 - 00000545 _____ C:\Windows\ARJ.PIF
2016-03-07 09:23 - 2016-03-07 09:23 - 03788928 _____ (Ghisler Software GmbH) C:\Users\Down\Downloads\tcmd851ax32.exe
2016-03-07 09:15 - 2016-03-07 09:15 - 00000000 ____D C:\Users\Down\Documents\My PageManager
2016-03-07 09:15 - 2016-03-07 09:15 - 00000000 ____D C:\Users\Down\AppData\Roaming\Adobe
2016-03-07 09:15 - 2016-03-07 09:15 - 00000000 ____D C:\Users\Down\AppData\Roaming\.oit
2016-03-07 09:15 - 2016-03-07 09:15 - 00000000 ____D C:\Users\Down\AppData\LocalLow\IObit
2016-03-07 09:15 - 2016-03-07 09:15 - 00000000 ____D C:\Users\Down\AppData\Local\NewSoft
2016-03-07 09:14 - 2016-03-07 09:14 - 00000000 __SHD C:\Users\Down\IntelGraphicsProfiles
2016-03-07 09:14 - 2016-03-07 09:14 - 00000000 ____D C:\Users\Down\AppData\Roaming\ProductData
2016-03-07 09:14 - 2016-03-07 09:14 - 00000000 ____D C:\Users\Down\AppData\Local\VirtualStore
2016-03-07 09:13 - 2016-03-07 09:14 - 00000258 __RSH C:\Users\Down\ntuser.pol
2016-03-07 08:58 - 2016-03-07 09:04 - 00000000 _____ C:\Users\Down\Desktop\Encrypted_FIle_list_all.txt
2016-03-07 08:52 - 2016-03-07 08:52 - 00248714 _____ C:\Users\Down\Downloads\OCF_20131025.zip
2016-03-07 08:46 - 2016-03-07 08:46 - 00000000 ____D C:\Users\Down\AppData\Roaming\Key Metric Software
2016-03-07 08:38 - 2016-03-07 09:15 - 00000000 ____D C:\Users\Down\AppData\Roaming\IObit
2016-03-07 08:38 - 2016-03-07 08:38 - 00000000 _____ C:\Users\Down\Desktop\Encrypted-Files.txt
2016-03-07 08:05 - 2016-03-07 08:06 - 00002552 _____ C:\Users\Down\Desktop\Rkill.txt
2016-03-07 08:05 - 2016-03-07 08:05 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Down\Downloads\rkill.exe
2016-03-07 07:54 - 2016-03-07 07:54 - 00452424 _____ (Bleeping Computer, LLC) C:\Users\Down\Downloads\ListCWall.exe
2016-03-07 07:34 - 2016-03-07 08:10 - 00000000 ____D C:\Users\Down\AppData\Local\Google
2016-03-07 07:34 - 2016-03-07 07:34 - 00000000 ____D C:\Users\Down\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2016-03-07 07:22 - 2016-03-07 09:15 - 00001416 _____ C:\Users\Down\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-03-07 07:22 - 2016-03-07 09:14 - 00000000 ____D C:\Users\Down
2016-03-07 07:22 - 2016-03-07 07:22 - 00000000 _SHDL C:\Users\Down\My Documents
2016-03-07 07:22 - 2016-03-07 07:22 - 00000000 _SHDL C:\Users\Down\Documents\My Videos
2016-03-07 07:22 - 2016-03-07 07:22 - 00000000 _SHDL C:\Users\Down\Documents\My Pictures
2016-03-07 07:22 - 2016-03-07 07:22 - 00000000 _SHDL C:\Users\Down\Documents\My Music
2016-03-07 07:22 - 2014-04-25 02:12 - 00000000 ____D C:\Users\Down\AppData\Local\Microsoft Help
2016-03-07 07:22 - 2013-08-29 03:34 - 00001518 _____ C:\Users\Down\Desktop\PowerSpec Support.lnk
2016-03-07 07:22 - 2013-08-29 02:42 - 00002103 _____ C:\Users\Down\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2016-03-07 07:22 - 2010-11-20 20:50 - 00000020 ___SH C:\Users\Down\ntuser.ini
2016-03-07 05:38 - 2016-03-07 05:52 - 00000000 ____D C:\ProgramData\HitmanPro
2016-03-07 05:38 - 2016-03-07 05:38 - 00001864 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2016-03-07 05:38 - 2016-03-07 05:38 - 00001864 _____ C:\ProgramData\Desktop\HitmanPro.lnk
2016-03-07 05:38 - 2016-03-07 05:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2016-03-07 05:38 - 2016-03-07 05:38 - 00000000 ____D C:\Program Files\HitmanPro
2016-03-07 05:37 - 2016-03-07 05:37 - 11441744 _____ (SurfRight B.V.) C:\Users\Onion\Desktop\HitmanPro_x64.exe
2016-03-07 04:57 - 2016-03-07 14:30 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-03-07 04:57 - 2016-03-07 04:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2016-03-07 04:57 - 2016-03-07 04:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2016-03-07 04:56 - 2016-03-07 04:56 - 01856936 _____ (Malwarebytes ) C:\Users\Onion\Desktop\mbae-setup-1.08.1.1189.exe
2016-03-07 04:04 - 2016-03-07 04:04 - 00000252 _____ C:\Windows\Tasks\Driver Booster SkipUAC (Onion).job
2016-03-07 03:59 - 2016-03-07 04:00 - 00078322 _____ C:\cc_20160307_035926.reg
2016-03-07 03:57 - 2016-03-07 03:57 - 00000789 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-03-07 03:57 - 2016-03-07 03:57 - 00000789 _____ C:\ProgramData\Desktop\CCleaner.lnk
2016-03-07 03:57 - 2016-03-07 03:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-03-07 03:57 - 2016-03-07 03:57 - 00000000 ____D C:\Program Files\CCleaner
2016-03-07 03:56 - 2016-03-07 03:56 - 06837784 _____ (Piriform Ltd) C:\Users\Onion\Desktop\ccsetup515.exe
2016-03-07 03:21 - 2016-03-07 03:21 - 00001216 _____ C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2016-03-07 03:21 - 2016-03-07 03:21 - 00001216 _____ C:\ProgramData\Desktop\IObit Malware Fighter.lnk
2016-03-07 03:21 - 2016-03-07 03:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2016-03-07 03:20 - 2016-03-07 03:20 - 41445968 _____ (IObit ) C:\Users\Onion\Desktop\imfv4-setup.exe
2016-03-07 03:20 - 2016-03-07 03:20 - 00000000 ____D C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}
2016-03-07 03:05 - 2016-03-07 03:05 - 00199240 _____ C:\Windows\system32\GDIPFONTCACHEV1.DAT
2016-03-06 23:38 - 2016-03-06 23:38 - 00028980 _____ C:\03-6-16.txt
2016-03-06 23:12 - 2016-03-06 23:12 - 00000020 _____ C:\Windows\Àø(
2016-03-06 21:58 - 2016-03-06 21:58 - 00001145 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-06 21:58 - 2016-03-06 21:58 - 00001145 _____ C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-06 21:57 - 2016-03-06 21:57 - 22908888 ____R (Malwarebytes ) C:\Users\Onion\Desktop\mbam-setup-2.2.0.1024.exe
2016-03-05 22:15 - 2016-03-05 22:15 - 00297678 ____R C:\Users\Onion\Desktop\12-en-REV_AdQ_22_062015.pdf
2016-03-05 22:01 - 2016-03-05 22:01 - 00041992 ____R C:\Users\Onion\Desktop\Settings_RT-N66W03-05-16.CFG
2016-03-05 22:00 - 2016-03-05 22:00 - 00043016 ____R C:\Users\Onion\Downloads\B97C.tmp
2016-03-03 01:29 - 2016-03-03 01:29 - 00536087 ____R C:\Users\Onion\Desktop\ABA-SAT-057_DRAW.PDF.PDF
2016-03-02 18:56 - 2016-03-02 18:56 - 00139813 ____R C:\Users\Onion\Desktop\wELLSfARGO.pdf
2016-03-02 16:37 - 2016-03-02 16:37 - 72203792 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2016-03-02 16:37 - 2016-03-02 16:37 - 14057256 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek64.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 13120760 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO3064.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 12986520 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO4064.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 10521552 _____ (Intel Corporation) C:\Windows\system32\IntelSSTAPO.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 07172920 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 07096192 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 06264640 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64AF3.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 05776688 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICV2apo.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 05338936 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv211.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 05289952 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOlfx.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 04705536 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2016-03-02 16:37 - 2016-03-02 16:37 - 04486133 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2016-03-02 16:37 - 2016-03-02 16:37 - 03299832 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE2.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 03282032 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 03271912 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 03195648 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 03152591 _____ C:\Windows\system32\Drivers\rtkSSTsetting.dat
2016-03-02 16:37 - 2016-03-02 16:37 - 03052880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 02893568 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2016-03-02 16:37 - 2016-03-02 16:37 - 02823280 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO7064.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 02437144 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv201.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 02190992 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 02110600 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 02050184 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 02030208 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 01965816 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 01959608 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64AF3.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 01928632 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 01780624 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 01601952 _____ (Conexant Systems Inc.) C:\Windows\system32\CX64APO.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 01591064 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 01508936 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 01435144 _____ (Synopsys, Inc.) C:\Windows\system32\SRRPTR64.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 01421104 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO6064.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 01382240 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 01356512 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 01334384 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxSpeechAPO64.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 01286152 _____ (DTS, Inc.) C:\Windows\system32\slcnt64.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 01211840 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 01186168 _____ (Intel Corporation) C:\Windows\system32\IntelSstCApoPropPage.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 01164336 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 01008360 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 01003864 _____ (Nahimic Inc) C:\Windows\system32\NahimicAPONSControl.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 00998032 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO2064.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 00965032 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 00952984 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOProp.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 00933640 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDRA64.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 00931624 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 00923752 _____ (Sony Corporation) C:\Windows\system32\MISS_APO.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 00888472 _____ (TOSHIBA Corporation) C:\Windows\system32\tossaeapo64.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 00873472 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 00743968 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 00727440 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 00716112 _____ (Sound Research, Corp.) C:\Windows\system32\SECOMN64.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 00708320 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 00689888 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 00678192 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 00677680 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 00618192 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 00596120 _____ (TOSHIBA Corporation) C:\Windows\system32\tosasfapo64.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 00574760 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 00532384 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 00514528 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 00504312 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 00500560 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 00467168 _____ (Synopsys, Inc.) C:\Windows\system32\SRAPO64.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 00448592 _____ (Sound Research, Corp.) C:\Windows\system32\SEAPO64.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 00447728 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 00445408 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 00441272 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 00428232 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 00387320 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 00381416 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM64.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 00369304 _____ (Dolby Laboratories) C:\Windows\system32\HiFiDAX2API.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 00362056 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64AF3.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 00343712 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 00341160 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 00340648 _____ (ICEpower a/s) C:\Windows\system32\ICEsoundAPO64.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 00330568 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 00327464 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 00321720 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 00321720 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 00310424 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64F3.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 00272720 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 00258504 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 00253904 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 00253872 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 00252880 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 00231920 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 00224264 _____ (TOSHIBA Corporation) C:\Windows\system32\tossaemaxapo64.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 00221976 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 00214840 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 00209544 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 00192992 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 00172584 _____ (TOSHIBA Corporation) C:\Windows\system32\toseaeapo64.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 00166208 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 00158704 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 00151792 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 00134208 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 00122328 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 00118600 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 00118592 _____ C:\Windows\system32\AcpiServiceVnA64.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 00110992 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 00105312 _____ C:\Windows\system32\audioLibVc.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 00090920 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 00088352 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 00088328 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 00084616 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 00075544 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2016-03-02 16:37 - 2016-03-02 16:37 - 00023696 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2016-03-02 14:06 - 2016-03-02 14:06 - 00480520 _____ (Intel® Corporation) C:\Windows\system32\Drivers\IntcDAud.sys
2016-03-02 14:06 - 2016-03-02 14:06 - 00179456 _____ (Intel Corporation) C:\Windows\system32\Drivers\TeeDriverx64.sys
2016-03-02 14:04 - 2016-03-02 14:04 - 01462720 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorA.sys
2016-03-02 14:04 - 2016-03-02 14:04 - 00031144 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorF.sys
2016-03-02 12:58 - 2016-03-02 12:58 - 24929600 _____ (Intel Corporation) C:\Windows\system32\igdumdim64.dll
2016-03-02 12:58 - 2016-03-02 12:58 - 17888008 _____ C:\Windows\system32\igd11dxva64.dll
2016-03-02 12:58 - 2016-03-02 12:58 - 15984640 _____ (Intel Corporation) C:\Windows\system32\igdfcl64.dll
2016-03-02 12:58 - 2016-03-02 12:58 - 09533440 _____ (Intel Corporation) C:\Windows\system32\ig75icd64.dll
2016-03-02 12:58 - 2016-03-02 12:58 - 09483192 _____ (Intel Corporation) C:\Windows\system32\igd10iumd64.dll
2016-03-02 12:58 - 2016-03-02 12:58 - 06725162 _____ C:\Windows\system32\igdclbif.bin
2016-03-02 12:58 - 2016-03-02 12:58 - 06194432 _____ (Intel Corporation) C:\Windows\system32\igdusc64.dll
2016-03-02 12:58 - 2016-03-02 12:58 - 04924304 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd64.sys
2016-03-02 12:58 - 2016-03-02 12:58 - 03597824 _____ (Intel Corporation) C:\Windows\system32\igdrcl64.dll
2016-03-02 12:58 - 2016-03-02 12:58 - 01480128 _____ (Intel Corporation) C:\Windows\system32\igdmd64.dll
2016-03-02 12:58 - 2016-03-02 12:58 - 01402336 _____ (Intel Corporation) C:\Windows\system32\iglhsip64.dll
2016-03-02 12:58 - 2016-03-02 12:58 - 01370624 _____ (Intel Corporation) C:\Windows\system32\igfxcmjit64.dll
2016-03-02 12:58 - 2016-03-02 12:58 - 01131008 _____ (Intel Corporation) C:\Windows\system32\GfxResources.dll
2016-03-02 12:58 - 2016-03-02 12:58 - 01039976 _____ (Intel Corporation) C:\Windows\system32\Gfxv4_0.exe
2016-03-02 12:58 - 2016-03-02 12:58 - 01036392 _____ (Intel Corporation) C:\Windows\system32\Gfxv2_0.exe
2016-03-02 12:58 - 2016-03-02 12:58 - 00609280 _____ (Intel Corporation) C:\Windows\system32\MetroIntelGenericUIFramework.dll
2016-03-02 12:58 - 2016-03-02 12:58 - 00448104 _____ (Intel Corporation) C:\Windows\system32\GfxUIEx.exe
2016-03-02 12:58 - 2016-03-02 12:58 - 00425472 _____ (Intel Corporation) C:\Windows\system32\igdbcl64.dll
2016-03-02 12:58 - 2016-03-02 12:58 - 00372224 _____ (Intel Corporation) C:\Windows\system32\IntelOpenCL64.dll
2016-03-02 12:58 - 2016-03-02 12:58 - 00371712 _____ (Intel Corporation) C:\Windows\system32\igfxOSP.dll
2016-03-02 12:58 - 2016-03-02 12:58 - 00339048 _____ (Intel Corporation) C:\Windows\system32\DPTopologyApp.exe
2016-03-02 12:58 - 2016-03-02 12:58 - 00338536 _____ (Intel Corporation) C:\Windows\system32\DPTopologyAppv2_0.exe
2016-03-02 12:58 - 2016-03-02 12:58 - 00282696 _____ (Intel Corporation) C:\Windows\system32\igd10idpp64.dll
2016-03-02 12:58 - 2016-03-02 12:58 - 00256000 _____ C:\Windows\system32\igfxCPL.cpl
2016-03-02 12:58 - 2016-03-02 12:58 - 00220432 _____ (Intel Corporation) C:\Windows\system32\iglhcp64.dll
2016-03-02 12:58 - 2016-03-02 12:58 - 00219648 _____ (Intel Corporation) C:\Windows\system32\igfxDTCM.dll
2016-03-02 12:58 - 2016-03-02 12:58 - 00218728 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe
2016-03-02 12:58 - 2016-03-02 12:58 - 00209408 _____ (Intel Corporation) C:\Windows\system32\igfx11cmrt64.dll
2016-03-02 12:58 - 2016-03-02 12:58 - 00208048 _____ (Intel Corporation) C:\Windows\system32\igfxcmrt64.dll
2016-03-02 12:58 - 2016-03-02 12:58 - 00192000 _____ C:\Windows\system32\igdde64.dll
2016-03-02 12:58 - 2016-03-02 12:58 - 00188928 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v4332.dll
2016-03-02 12:58 - 2016-03-02 12:58 - 00174080 _____ (Intel Corporation) C:\Windows\system32\igdail64.dll
2016-03-02 12:58 - 2016-03-02 12:58 - 00156264 _____ (Intel Corporation) C:\Windows\system32\difx64.exe
2016-03-02 12:58 - 2016-03-02 12:58 - 00094208 _____ C:\Windows\system32\IccLibDll_x64.dll
2016-03-02 12:58 - 2016-03-02 12:58 - 00086528 _____ C:\Windows\system32\igfxCUIServicePS.dll
2016-03-02 12:58 - 2016-03-02 12:58 - 00082432 _____ (Khronos Group) C:\Windows\system32\Intel_OpenCL_ICD64.dll
2016-03-02 12:58 - 2016-03-02 12:58 - 00073728 _____ ( ) C:\Windows\system32\igfxDHLibv2_0.dll
2016-03-02 12:58 - 2016-03-02 12:58 - 00060928 _____ ( ) C:\Windows\system32\igfxDHLib.dll
2016-03-02 12:58 - 2016-03-02 12:58 - 00036616 _____ (Intel Corporation) C:\Windows\system32\igfxexps.dll
2016-03-02 12:58 - 2016-03-02 12:58 - 00011264 _____ ( ) C:\Windows\system32\igfxDILib.dll
2016-03-02 12:58 - 2016-03-02 12:58 - 00010752 _____ ( ) C:\Windows\system32\igfxDILibv2_0.dll
2016-03-02 12:58 - 2016-03-02 12:58 - 00010240 _____ ( ) C:\Windows\system32\igfxEMLibv2_0.dll
2016-03-02 12:58 - 2016-03-02 12:58 - 00010240 _____ ( ) C:\Windows\system32\igfxEMLib.dll
2016-03-02 12:58 - 2016-03-02 12:58 - 00005120 _____ ( ) C:\Windows\system32\igfxLHMLibv2_0.dll
2016-03-02 12:58 - 2016-03-02 12:58 - 00005120 _____ ( ) C:\Windows\system32\igfxLHMLib.dll
2016-03-02 12:58 - 2016-03-02 12:58 - 00004052 _____ C:\Windows\system32\iglhxs64.vp
2016-03-02 09:06 - 2016-03-02 09:06 - 04161536 _____ (Qualcomm Atheros Communications, Inc.) C:\Windows\system32\Drivers\athrx.sys
2016-03-01 23:07 - 2016-03-01 23:07 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-03-01 23:07 - 2016-03-01 23:07 - 02610688 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-03-01 23:07 - 2016-03-01 23:07 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-03-01 23:07 - 2016-03-01 23:07 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-03-01 23:07 - 2016-03-01 23:07 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-03-01 23:07 - 2016-03-01 23:07 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-03-01 23:07 - 2016-03-01 23:07 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-03-01 23:07 - 2016-03-01 23:07 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-03-01 23:07 - 2016-03-01 23:07 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-03-01 23:07 - 2016-03-01 23:07 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-03-01 23:07 - 2016-03-01 23:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-03-01 23:07 - 2016-03-01 23:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-03-01 23:07 - 2016-03-01 23:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-03-01 23:07 - 2016-03-01 23:07 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-03-01 23:07 - 2016-03-01 23:07 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-03-01 23:07 - 2016-03-01 23:07 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-03-01 23:00 - 2016-03-01 23:00 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2016-03-01 23:00 - 2016-03-01 23:00 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2016-03-01 23:00 - 2016-03-01 23:00 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2016-03-01 23:00 - 2016-03-01 23:00 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2016-03-01 23:00 - 2016-03-01 23:00 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2016-03-01 23:00 - 2016-03-01 23:00 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2016-03-01 23:00 - 2016-03-01 23:00 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2016-03-01 22:59 - 2016-03-01 22:59 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2016-03-01 18:54 - 2016-03-01 18:54 - 01026304 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2016-03-01 18:54 - 2016-03-01 18:54 - 00404184 _____ (Realsil Semiconductor Corporation) C:\Windows\system32\Drivers\RtsUer.sys
2016-03-01 18:54 - 2016-03-01 18:54 - 00083160 _____ (Realtek Semiconductor.) C:\Windows\system32\RtCRX64.dll
2016-03-01 18:54 - 2016-03-01 18:54 - 00082544 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2016-03-01 13:34 - 2016-03-01 13:34 - 00167531 ____R C:\Users\Onion\Desktop\Ch. 4 Study Guide.pdf
2016-02-29 09:19 - 2016-02-29 09:19 - 00021802 ____R C:\Users\Onion\Desktop\TeacherPlacement.pdf
2016-02-29 09:11 - 2016-02-29 09:11 - 00000000 ____D C:\Users\Onion\Documents\Outlook Files
2016-02-28 23:27 - 2016-02-28 23:27 - 00000000 ____D C:\Users\Gust\AppData\Local\Macromedia
2016-02-28 23:12 - 2016-02-28 23:12 - 00000000 ____D C:\Users\Gust\AppData\Roaming\Mozilla
2016-02-28 23:12 - 2016-02-28 23:12 - 00000000 ____D C:\Users\Gust\AppData\Local\Mozilla
2016-02-28 11:02 - 2016-02-28 11:01 - 00093880 ____R C:\Users\Onion\Desktop\SixFlagsTickets.pdf
2016-02-27 01:16 - 2016-02-27 01:16 - 00000000 ____D C:\Windows\appcompat
2016-02-26 16:50 - 2013-10-01 20:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2016-02-26 16:50 - 2013-10-01 20:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2016-02-26 16:50 - 2013-10-01 20:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2016-02-26 16:50 - 2013-10-01 19:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2016-02-26 16:50 - 2013-10-01 19:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2016-02-26 16:50 - 2013-10-01 19:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2016-02-26 16:50 - 2013-10-01 18:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2016-02-26 16:50 - 2013-10-01 18:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2016-02-26 16:50 - 2013-10-01 17:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2016-02-26 16:50 - 2013-10-01 16:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2016-02-26 16:38 - 2016-02-06 04:48 - 25839104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-02-26 16:38 - 2016-02-06 04:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-02-26 16:38 - 2016-02-06 04:24 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-02-26 16:38 - 2016-02-06 04:11 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-02-26 16:38 - 2016-02-06 04:10 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-02-26 16:38 - 2016-02-06 04:01 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-02-26 16:38 - 2016-02-06 03:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-02-26 16:38 - 2016-02-06 03:43 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-02-26 16:38 - 2016-02-06 03:38 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-02-26 16:38 - 2016-02-06 03:37 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-02-26 16:38 - 2016-02-06 03:32 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-02-26 16:38 - 2016-02-06 03:16 - 12857856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-02-26 16:38 - 2016-02-06 03:09 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-02-26 16:38 - 2016-02-06 02:54 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-02-26 16:38 - 2016-01-16 13:06 - 00025024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-02-26 16:38 - 2016-01-16 12:54 - 01162240 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-02-26 16:38 - 2016-01-11 08:08 - 01362944 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-02-26 16:38 - 2016-01-11 08:08 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-02-26 16:38 - 2016-01-11 08:08 - 00677376 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-02-26 16:38 - 2016-01-11 08:08 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-02-26 16:38 - 2016-01-11 08:08 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-02-26 16:38 - 2015-11-16 14:17 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-02-26 16:37 - 2015-12-16 12:55 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2016-02-26 16:37 - 2015-12-16 12:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2016-02-26 16:37 - 2015-12-16 12:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2016-02-26 16:37 - 2015-12-16 12:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2016-02-26 16:37 - 2015-12-16 12:48 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2016-02-26 16:37 - 2015-12-16 12:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2016-02-26 16:37 - 2015-12-16 12:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2016-02-26 16:37 - 2015-12-16 12:47 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2016-02-24 09:59 - 2016-03-04 19:07 - 00000000 ____D C:\Users\Sara\AppData\Roaming\.oit
2016-02-24 09:59 - 2016-02-24 09:59 - 00000000 ____D C:\Users\Sara\Documents\My PageManager
2016-02-24 09:59 - 2016-02-24 09:59 - 00000000 ____D C:\Users\Sara\AppData\Local\NewSoft
2016-02-23 15:14 - 2016-02-23 15:14 - 01684416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2016-02-23 15:13 - 2016-02-23 15:13 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-02-23 15:13 - 2016-02-23 15:13 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-02-23 15:13 - 2016-02-23 15:13 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-02-23 15:13 - 2016-02-23 15:13 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-02-23 15:13 - 2016-02-23 15:13 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-02-23 15:13 - 2016-02-23 15:13 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-02-23 15:13 - 2016-02-23 15:13 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-02-23 15:13 - 2016-02-23 15:13 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-02-23 15:13 - 2016-02-23 15:13 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-02-23 15:13 - 2016-02-23 15:13 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-02-23 15:13 - 2016-02-23 15:13 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-02-23 15:13 - 2016-02-23 15:13 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-02-23 15:13 - 2016-02-23 15:13 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-02-23 15:13 - 2016-02-23 15:13 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-02-23 15:13 - 2016-02-23 15:13 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-02-23 15:13 - 2016-02-23 15:13 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-02-23 15:13 - 2016-02-23 15:13 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-02-23 15:13 - 2016-02-23 15:13 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-02-23 15:13 - 2016-02-23 15:13 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-02-23 15:13 - 2016-02-23 15:13 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-02-23 15:13 - 2016-02-23 15:13 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-02-23 15:13 - 2016-02-23 15:13 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-02-23 15:13 - 2016-02-23 15:13 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-02-23 15:13 - 2016-02-23 15:13 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-02-23 15:13 - 2016-02-23 15:13 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-02-23 15:13 - 2016-02-23 15:13 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-02-23 15:13 - 2016-02-23 15:13 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-02-23 15:13 - 2016-02-23 15:13 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-02-23 15:13 - 2016-02-23 15:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-02-23 15:13 - 2016-02-23 15:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-02-23 15:13 - 2016-02-23 15:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-02-23 15:13 - 2016-02-23 15:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-02-23 15:13 - 2016-02-23 15:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-02-23 15:13 - 2016-02-23 15:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-02-23 15:13 - 2016-02-23 15:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-02-23 15:13 - 2016-02-23 15:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-02-23 15:13 - 2016-02-23 15:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-02-23 15:13 - 2016-02-23 15:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-02-23 15:13 - 2016-02-23 15:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-02-23 15:13 - 2016-02-23 15:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-02-23 15:13 - 2016-02-23 15:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-02-23 15:13 - 2016-02-23 15:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-02-23 15:13 - 2016-02-23 15:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-02-23 15:13 - 2016-02-23 15:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-02-23 15:13 - 2016-02-23 15:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-02-23 15:13 - 2016-02-23 15:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-02-23 15:12 - 2016-02-23 15:12 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-02-23 15:12 - 2016-02-23 15:12 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-02-23 15:12 - 2016-02-23 15:12 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-02-23 15:12 - 2016-02-23 15:12 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-02-23 15:12 - 2016-02-23 15:12 - 02120704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-02-23 15:12 - 2016-02-23 15:12 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-02-23 15:12 - 2016-02-23 15:12 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-02-23 15:12 - 2016-02-23 15:12 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-02-23 15:12 - 2016-02-23 15:12 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-02-23 15:12 - 2016-02-23 15:12 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-02-23 15:12 - 2016-02-23 15:12 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-02-23 15:12 - 2016-02-23 15:12 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-02-23 15:12 - 2016-02-23 15:12 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-02-23 15:12 - 2016-02-23 15:12 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-02-23 15:12 - 2016-02-23 15:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-02-23 15:12 - 2016-02-23 15:12 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-02-23 15:12 - 2016-02-23 15:12 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-02-23 15:12 - 2016-02-23 15:12 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-02-23 15:12 - 2016-02-23 15:12 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-02-23 15:12 - 2016-02-23 15:12 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-02-23 15:12 - 2016-02-23 15:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-02-23 15:12 - 2016-02-23 15:12 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-02-23 15:12 - 2016-02-23 15:12 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-02-23 15:12 - 2016-02-23 15:12 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-02-23 15:12 - 2016-02-23 15:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-02-23 15:12 - 2016-02-23 15:12 - 00341200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-02-23 15:12 - 2016-02-23 15:12 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-02-23 15:12 - 2016-02-23 15:12 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-02-23 15:12 - 2016-02-23 15:12 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-02-23 15:12 - 2016-02-23 15:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-02-23 15:12 - 2016-02-23 15:12 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-02-23 15:12 - 2016-02-23 15:12 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-02-23 15:12 - 2016-02-23 15:12 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-02-23 15:12 - 2016-02-23 15:12 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-02-23 15:12 - 2016-02-23 15:12 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-02-23 15:12 - 2016-02-23 15:12 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-02-23 15:12 - 2016-02-23 15:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-02-23 15:12 - 2016-02-23 15:12 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-02-23 15:12 - 2016-02-23 15:12 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-02-23 15:12 - 2016-02-23 15:12 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-02-23 15:12 - 2016-02-23 15:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-02-23 15:12 - 2016-02-23 15:12 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-02-23 15:12 - 2016-02-23 15:12 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-02-23 15:12 - 2016-02-23 15:12 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-02-23 15:12 - 2016-02-23 15:12 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-02-23 15:12 - 2016-02-23 15:12 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-02-23 15:12 - 2016-02-23 15:12 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-02-23 15:12 - 2016-02-23 15:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-02-23 15:12 - 2016-02-23 15:12 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-02-23 15:12 - 2016-02-23 15:12 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-02-23 15:12 - 2016-02-23 15:12 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-02-23 15:12 - 2016-02-23 15:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-02-23 15:07 - 2016-02-23 15:07 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-02-23 15:04 - 2016-02-23 15:04 - 02085888 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-02-23 15:04 - 2016-02-23 15:04 - 01413632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 05573056 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-02-23 14:57 - 2016-02-23 14:57 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-02-23 14:57 - 2016-02-23 14:57 - 03938752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-02-23 14:57 - 2016-02-23 14:57 - 01733592 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 01314328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-02-23 14:57 - 2016-02-23 14:57 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-02-23 14:57 - 2016-02-23 14:57 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-02-23 14:57 - 2016-02-23 14:57 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-02-23 14:57 - 2016-02-23 14:57 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-02-23 14:57 - 2016-02-23 14:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-02-23 14:57 - 2016-02-23 14:57 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-02-23 14:57 - 2016-02-23 14:57 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-02-23 14:57 - 2016-02-23 14:57 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-02-23 14:57 - 2016-02-23 14:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-02-23 14:57 - 2016-02-23 14:57 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-02-23 14:57 - 2016-02-23 14:57 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-02-23 14:57 - 2016-02-23 14:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-02-23 14:57 - 2016-02-23 14:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-02-23 14:57 - 2016-02-23 14:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-02-23 14:55 - 2016-02-23 14:55 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-02-23 14:55 - 2016-02-23 14:55 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-02-23 14:55 - 2016-02-23 14:55 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-02-23 14:55 - 2016-02-23 14:55 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-02-23 14:55 - 2016-02-23 14:55 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2016-02-23 14:51 - 2016-02-23 14:51 - 03211776 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-02-22 09:15 - 2016-02-22 09:15 - 00000000 ____D C:\Users\Gust\AppData\Roaming\TaxCut
2016-02-20 23:23 - 2016-02-28 11:02 - 00000000 ____D C:\Users\Onion\Documents\BibleStudy
2016-02-20 16:52 - 2016-02-20 16:52 - 00000000 ____D C:\Users\Onion\AppData\Roaming\BatchPdfMerger
2016-02-20 16:44 - 2016-02-20 16:44 - 00000000 ____R C:\Users\Onion\Documents\magick-KyfOFUvy
2016-02-20 16:44 - 2016-02-20 16:44 - 00000000 ____R C:\Users\Onion\Documents\magick-9DNoc5nD
2016-02-20 16:27 - 2016-02-20 16:27 - 00288397 ____R C:\Users\Onion\Downloads\12-en-REV_AdQ_20_062015.pdf
2016-02-20 14:21 - 2016-02-20 14:22 - 00231760 ____R C:\Users\Onion\Downloads\CrucialScan(1).exe
2016-02-19 09:43 - 2016-02-19 09:43 - 00231760 ____R C:\Users\Onion\Downloads\CrucialScan (1).exe
2016-02-18 23:53 - 2016-02-18 23:53 - 00000000 ____D C:\Users\Onion\AppData\Roaming\MysticCoder
2016-02-18 23:53 - 2016-02-18 23:53 - 00000000 ____D C:\Program Files (x86)\gs
2016-02-18 23:49 - 2016-02-18 23:50 - 20434288 ____R (MysticCoder) C:\Users\Onion\Downloads\MysticThumbs408.exe
2016-02-18 23:39 - 2016-02-20 18:10 - 05167104 ____R C:\Users\Onion\AppData\Local\SageThumbs.db3
2016-02-18 23:33 - 2016-02-18 23:33 - 02228364 ____R (Cherubic Software) C:\Users\Onion\Downloads\sagethumbs_2.0.0.22_setup.exe
2016-02-16 21:16 - 2016-02-16 21:16 - 00000000 ____D C:\Users\Onion\AppData\Local\CEF
2016-02-16 13:51 - 2016-02-22 18:22 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-02-16 13:51 - 2016-02-16 13:51 - 00002086 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-02-16 13:51 - 2016-02-16 13:51 - 00002086 _____ C:\ProgramData\Desktop\Acrobat Reader DC.lnk
2016-02-16 13:51 - 2016-02-16 13:51 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-02-16 13:48 - 2016-02-16 13:48 - 00000000 ____D C:\Users\Onion\AppData\Roaming\NewSoft
2016-02-15 22:15 - 2016-02-15 22:15 - 00000000 ____D C:\Users\Onion\ScannedDocuments
2016-02-12 11:38 - 2016-02-12 11:38 - 00000000 ____D C:\Users\Onion\Intel
2016-02-12 11:33 - 2016-02-12 11:33 - 00000662 ____R C:\Users\Onion\Documents\CompatibilityReport.txt
2016-02-12 01:10 - 2016-02-12 01:10 - 00000000 ____D C:\Users\Onion\Downloads\win10fix_full
2016-02-12 01:09 - 2016-02-12 01:09 - 00002446 ____R C:\Users\Onion\Downloads\win10fix_full.zip
2016-02-12 01:00 - 2016-02-12 01:00 - 07635472 ____R (Microsoft Corporation) C:\Users\Onion\Downloads\GetWindows10-Web_Default_Attr.exe
2016-02-11 15:15 - 2016-02-11 15:16 - 00231760 ____R C:\Users\Onion\Downloads\CrucialScan.exe
2016-02-11 14:32 - 2016-02-11 14:32 - 00001539 ____R C:\Users\Onion\Desktop\Lazesoft Disk Image & Clone Home Edition.lnk
2016-02-11 14:32 - 2016-02-11 14:32 - 00000000 ____D C:\Users\Onion\AppData\Local\CrashRpt
2016-02-11 14:32 - 2016-02-11 14:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lazesoft Disk Image & Clone
2016-02-11 14:31 - 2016-02-11 15:40 - 00000000 ____D C:\Program Files (x86)\Lazesoft Disk Image & Clone
2016-02-11 14:31 - 2016-02-11 14:31 - 31520768 ____R (Lazesoft ) C:\Users\Onion\Downloads\lsdichsetup.exe
2016-02-11 14:31 - 2016-02-11 14:31 - 00001447 _____ C:\Users\Public\Desktop\Lazesoft Recovery Suite Home Edition.lnk
2016-02-11 14:31 - 2016-02-11 14:31 - 00001447 _____ C:\ProgramData\Desktop\Lazesoft Recovery Suite Home Edition.lnk
2016-02-11 14:31 - 2016-02-11 14:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lazesoft Recovery Suite
2016-02-11 14:31 - 2016-02-11 14:31 - 00000000 ____D C:\Program Files (x86)\Lazesoft Recovery Suite
2016-02-11 12:23 - 2016-02-11 12:23 - 00002072 _____ C:\Users\Public\Desktop\H&R Block 2015.lnk
2016-02-11 12:23 - 2016-02-11 12:23 - 00002072 _____ C:\ProgramData\Desktop\H&R Block 2015.lnk
2016-02-11 11:54 - 2016-02-22 09:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\H&R Block 2015
2016-02-11 11:54 - 2016-02-11 11:54 - 00000000 ____D C:\Program Files (x86)\HRBlock2015
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-09 08:16 - 2009-07-13 22:45 - 00016976 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-09 08:16 - 2009-07-13 22:45 - 00016976 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-09 06:16 - 2014-06-14 14:24 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2016-03-09 06:16 - 2014-04-07 00:38 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-03-09 06:13 - 2014-12-23 18:14 - 00003888 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-03-09 06:11 - 2014-04-07 00:38 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-03-09 06:10 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\inf
2016-03-09 06:02 - 2014-04-11 14:13 - 00000000 ____D C:\Program Files (x86)\QuickTime
2016-03-09 06:00 - 2015-04-09 23:40 - 00000000 ____D C:\Program Files\Webroot
2016-03-09 05:59 - 2015-04-09 23:41 - 00000000 ____D C:\Users\Onion\AppData\Local\lptmp603563100
2016-03-09 05:59 - 2015-04-09 23:39 - 00000000 ____D C:\ProgramData\WRData
2016-03-09 05:40 - 2009-07-13 23:13 - 00788876 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-09 05:35 - 2015-04-25 12:39 - 00217328 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-09 05:34 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-09 05:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\Setup
2016-03-09 05:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\oobe
2016-03-09 05:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\MUI
2016-03-09 05:29 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\com
2016-03-09 05:24 - 2014-04-06 22:48 - 00000632 __RSH C:\Users\Onion\ntuser.pol
2016-03-09 05:24 - 2014-04-06 21:47 - 00000000 ____D C:\Users\Onion
2016-03-09 04:32 - 2015-09-21 14:18 - 44204032 _____ C:\Windows\system32\config\components.iodefrag.bak
2016-03-09 04:32 - 2015-08-28 13:27 - 101380096 _____ C:\Windows\system32\config\software.iodefrag.bak
2016-03-09 04:32 - 2015-08-28 13:27 - 01810432 _____ C:\Windows\system32\config\default.iodefrag.bak
2016-03-09 04:32 - 2015-08-28 13:27 - 00286720 _____ C:\Windows\system32\config\sam.iodefrag.bak
2016-03-09 04:32 - 2015-08-28 13:27 - 00032768 _____ C:\Windows\system32\config\security.iodefrag.bak
2016-03-09 03:44 - 2015-12-06 17:12 - 00002299 _____ C:\Users\Public\Desktop\Advanced SystemCare 9.lnk
2016-03-09 03:44 - 2015-12-06 17:12 - 00002299 _____ C:\ProgramData\Desktop\Advanced SystemCare 9.lnk
2016-03-09 03:33 - 2014-04-09 20:18 - 00000000 ____D C:\Windows\system32\MRT
2016-03-09 02:52 - 2014-04-09 20:18 - 143659408 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-03-08 17:57 - 2009-07-13 23:08 - 00032596 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-03-08 15:32 - 2015-04-25 12:39 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-08 15:13 - 2015-04-25 12:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-07 14:23 - 2016-02-04 15:16 - 00000000 ____D C:\Users\Onion\AppData\Roaming\.oit
2016-03-07 14:21 - 2014-04-06 23:20 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-03-07 14:21 - 2014-04-06 23:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-03-07 13:55 - 2009-07-13 20:34 - 00000513 _____ C:\Windows\win.ini
2016-03-07 13:54 - 2014-04-06 23:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-03-07 12:50 - 2015-12-15 10:52 - 00002906 _____ C:\Windows\System32\Tasks\Uninstaller_SkipUac_Onion
2016-03-07 12:22 - 2015-10-30 03:42 - 00000000 ___HD C:\$WINDOWS.~BT
2016-03-07 11:59 - 2013-08-23 05:30 - 00000000 ____D C:\Windows\Panther
2016-03-07 09:08 - 2015-04-25 13:47 - 00000000 ____D C:\ProgramData\ProductData
2016-03-07 09:07 - 2009-07-13 21:20 - 00000000 ___HD C:\Windows\system32\GroupPolicyUsers
2016-03-07 07:21 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\schemas
2016-03-07 03:44 - 2016-02-04 15:16 - 00000000 ____D C:\Users\Onion\Documents\My PageManager
2016-03-07 03:27 - 2015-04-26 17:41 - 00002876 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (Onion)
2016-03-07 03:20 - 2015-04-25 13:47 - 00000000 ____D C:\ProgramData\IObit
2016-03-07 01:19 - 2015-04-26 20:13 - 00000000 __SHD C:\Users\Onion\IntelGraphicsProfiles
2016-03-06 23:13 - 2015-08-08 15:44 - 00001344 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2016-03-06 23:12 - 2013-08-29 02:47 - 00001413 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2016-03-06 23:10 - 2013-08-29 02:46 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2016-03-06 23:09 - 2015-07-07 15:49 - 01114624 __RSH C:\Users\Onion\Desktop\Thumbs.db
2016-03-06 22:36 - 2015-05-29 15:02 - 00230400 __RSH C:\Users\Onion\Downloads\Thumbs.db
2016-03-06 21:58 - 2015-04-25 12:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-06 21:24 - 2014-04-10 14:58 - 00000000 ____D C:\Users\Sara
2016-03-04 19:07 - 2015-05-05 16:49 - 00000000 __SHD C:\Users\Sara\IntelGraphicsProfiles
2016-03-02 17:47 - 2015-05-13 06:21 - 00000401 _____ C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2016-03-02 16:38 - 2015-08-12 15:16 - 00000000 ____D C:\Windows\system32\DAX2
2016-03-02 12:58 - 2015-04-26 19:03 - 02039808 _____ (Intel Corporation) C:\Windows\system32\igfxLHM.dll
2016-03-02 12:58 - 2015-04-26 19:03 - 00699392 _____ (Intel Corporation) C:\Windows\system32\igfxDH.dll
2016-03-02 12:58 - 2015-04-26 19:03 - 00344168 _____ (Intel Corporation) C:\Windows\system32\igfxCUIService.exe
2016-03-02 12:58 - 2015-04-26 19:03 - 00313448 _____ (Intel Corporation) C:\Windows\system32\igfxEM.exe
2016-03-02 12:58 - 2015-04-26 19:03 - 00288256 _____ (Intel Corporation) C:\Windows\system32\igfxDI.dll
2016-03-02 12:58 - 2015-04-26 19:03 - 00248424 _____ (Intel Corporation) C:\Windows\system32\igfxHK.exe
2016-03-02 12:58 - 2013-08-28 04:30 - 00382056 _____ C:\Windows\system32\igfxTray.exe
2016-03-02 12:58 - 2013-08-23 05:16 - 00082432 _____ (Khronos Group) C:\Windows\system32\OpenCL.DLL
2016-03-02 11:50 - 2015-12-22 14:57 - 00000000 ____D C:\Users\Onion\Desktop\Old Firefox Data
2016-03-02 09:56 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2016-03-02 09:15 - 2014-04-13 12:35 - 00000000 ____D C:\Users\Gust
2016-03-01 18:54 - 2013-08-23 05:08 - 00116304 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2016-03-01 12:40 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\NDF
2016-02-29 09:19 - 2014-04-20 22:54 - 00000000 ____D C:\Users\Onion\AppData\Local\CutePDF Writer
2016-02-28 21:58 - 2014-04-25 16:16 - 00000000 ____D C:\Users\Gust\AppData\Local\Microsoft Help
2016-02-28 18:47 - 2016-02-07 10:24 - 00000000 ____D C:\Users\Gust\AppData\Roaming\.oit
2016-02-28 18:47 - 2015-04-27 17:58 - 00000000 __SHD C:\Users\Gust\IntelGraphicsProfiles
2016-02-27 01:26 - 2014-06-16 14:59 - 00000000 ____D C:\Users\Onion\Desktop\Donations
2016-02-27 00:55 - 2015-05-02 13:09 - 00000000 ____D C:\Users\Onion\Desktop\FB
2016-02-27 00:08 - 2009-07-13 22:45 - 05277832 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-26 23:42 - 2015-04-15 03:01 - 00000000 ____D C:\Windows\system32\appraiser
2016-02-26 23:42 - 2015-04-05 02:05 - 00000000 ____D C:\Windows\SysWOW64\GWX
2016-02-26 23:42 - 2015-04-05 02:04 - 00000000 ___SD C:\Windows\system32\GWX
2016-02-26 23:42 - 2014-05-06 02:00 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-02-26 23:34 - 2015-05-29 15:01 - 00003172 _____ C:\Windows\System32\Tasks\{848C81C3-272E-4F19-B280-4EED79CCB691}
2016-02-26 23:34 - 2014-10-15 22:40 - 00003034 _____ C:\Windows\System32\Tasks\{9E21800A-CB78-42BD-BBE0-D01097F28ACD}
2016-02-26 23:34 - 2014-06-09 12:03 - 00003126 _____ C:\Windows\System32\Tasks\{3C3782F1-AC00-4736-9944-611E4B69085C}
2016-02-26 23:34 - 2014-05-01 16:18 - 00003172 _____ C:\Windows\System32\Tasks\{368FC7C3-15FD-44EE-8F4A-2AAF58A3C337}
2016-02-26 23:34 - 2014-04-25 12:54 - 00003150 _____ C:\Windows\System32\Tasks\{A748C729-2988-4895-A47C-B07DACE51CA7}
2016-02-26 23:01 - 2014-04-07 00:30 - 00000000 ____D C:\Users\Onion\Documents\Quicken
2016-02-26 19:10 - 2016-02-07 08:01 - 00000000 ____D C:\Users\BigD\AppData\Roaming\.oit
2016-02-26 19:10 - 2015-05-01 09:46 - 00000000 __SHD C:\Users\BigD\IntelGraphicsProfiles
2016-02-23 13:34 - 2015-01-09 13:32 - 00000000 ____D C:\Program Files (x86)\Send Anywhere
2016-02-22 10:10 - 2015-06-30 08:11 - 00001205 _____ C:\Users\Public\Desktop\Send Anywhere.lnk
2016-02-22 10:10 - 2015-06-30 08:11 - 00001205 _____ C:\ProgramData\Desktop\Send Anywhere.lnk
2016-02-22 10:10 - 2015-01-09 13:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Send Anywhere
2016-02-22 10:05 - 2015-10-15 11:33 - 00000000 ____D C:\Users\Onion\Documents\Banking
2016-02-20 23:28 - 2015-12-22 12:03 - 00122880 __RSH C:\Users\Onion\Documents\Thumbs.db
2016-02-20 23:26 - 2016-02-04 09:51 - 00000000 ____D C:\Users\Onion\Downloads\BibleStudy
2016-02-20 23:26 - 2014-04-07 18:40 - 00000000 ___RD C:\Users\Onion\Dropbox
2016-02-18 23:53 - 2014-04-07 00:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ghostscript
2016-02-18 23:51 - 2014-04-07 05:20 - 00000000 ____D C:\Users\Onion\AppData\Local\Adobe
2016-02-18 14:21 - 2014-04-07 10:58 - 00000000 ____D C:\Users\Onion\AppData\Local\ElevatedDiagnostics
2016-02-16 13:51 - 2013-08-23 04:36 - 00000000 ____D C:\ProgramData\Adobe
2016-02-16 12:45 - 2009-07-13 23:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-02-15 22:20 - 2014-04-07 16:49 - 00000000 ___RD C:\Users\Onion\Documents\Scanned Documents
2016-02-12 02:47 - 2014-10-21 12:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-11 12:49 - 2015-03-06 13:17 - 00000000 ____D C:\Users\Onion\Documents\HRBlock
2016-02-11 12:24 - 2015-03-06 13:19 - 00000000 ____D C:\Users\Onion\AppData\Roaming\TaxCut
2016-02-11 11:54 - 2015-03-06 13:17 - 00000000 ____D C:\Program Files (x86)\PDF995
2016-02-11 11:49 - 2015-03-06 13:15 - 00000000 ____D C:\ProgramData\TaxCut
 
==================== Files in the root of some directories =======
 
2015-07-26 23:34 - 2015-08-12 01:56 - 0001456 ____R () C:\Users\Onion\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-04-29 15:29 - 2014-04-29 15:29 - 0003584 ____R () C:\Users\Onion\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-08-28 15:18 - 2015-08-28 15:18 - 0003234 ____R () C:\Users\Onion\AppData\Local\recently-used.xbel
2014-07-09 21:06 - 2015-12-20 23:08 - 0007614 ____R () C:\Users\Onion\AppData\Local\Resmon.ResmonCfg
2016-02-18 23:39 - 2016-02-20 18:10 - 5167104 ____R () C:\Users\Onion\AppData\Local\SageThumbs.db3
2015-05-13 03:10 - 2015-05-13 03:10 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-04-14 17:47 - 2015-04-14 17:48 - 0000298 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2015-07-26 13:28 - 2015-09-21 07:50 - 2095618 _____ () C:\ProgramData\StreamingMediaTechnologyLog.txt
 
Files to move or delete:
====================
C:\Users\Onion\PM_Platinum_6.0.6_update.exe
 
 
Some files in TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\iv_uninstall.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-02-28 00:30
 
==================== End of FRST.txt ============================

 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,883 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:40 AM

Posted 10 March 2016 - 09:29 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove this program via the Control Panel > Programs and Features applet.
Extended Update (HKU\S-1-5-21-1508894382-1957078712-2432733024-1015-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Digital Sites) (Version: - Extended Update) <==== ATTENTION

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to the a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Winlogon\Notify\igfxcui: igfxdev.dll [X]
IFEO\Memeo.Helper.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
IFEO\MemeoDashboard.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
IFEO\MemeoLauncher.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
IFEO\MemeoUpdater.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
IFEO\SeagateDashboardService.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
GroupPolicyUsers\S-1-5-21-1508894382-1957078712-2432733024-1017\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1508894382-1957078712-2432733024-1016\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1508894382-1957078712-2432733024-1015\User: Restriction - Chrome <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1508894382-1957078712-2432733024-1014\User: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-1508894382-1957078712-2432733024-1015-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HomePage: Default -> hxxp://search.conduit.com/?gd=&ctid=CT3323878&octid=EB_ORIGINAL_CTID&ISID=M1DA442E4-8B03-4868-8AF3-0F84E3D6FCFB&SearchSource=55&CUI=&UM=5&UP=SP9A8A6418-E099-41EC-B663-2D8FE173582D&SSPV=
CHR StartupUrls: Default -> "hxxp://gmail.com/","hxxp://www.facebook.com/","hxxp://www.trovi.com/?gd=&ctid=CT3320418&octid=EB_ORIGINAL_CTID&ISID=MEB5CEFA7-EC07-430F-BF1A-5A792952324F&SearchSource=55&CUI=&UM=8&UP=SP46C28545-6113-4B66-9930-70595583335D&SSPV=","hxxp://www.google.com"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Onion\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\pdf.dll => No File
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll => No File
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-03-09]
CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx <not found>
S1 HWiNFO32; \??\C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [X]
U0 SR; no ImagePath
U2 srservice; no ImagePath
CustomCLSID: HKU\S-1-5-21-1508894382-1957078712-2432733024-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{1C19EA82-9A98-3F85-C1B4-0F4F8A7182F24}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1508894382-1957078712-2432733024-1000_Classes\CLSID\{1C19EA82-9A98-3F85-C1B4-0F4F8A7182F24}\InprocServer32 -> no filepath
R0 WRkrn; System32\drivers\WRkrn.sys [X]
Extended Update (HKU\S-1-5-21-1508894382-1957078712-2432733024-1015-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Digital Sites) (Version: - Extended Update) <==== ATTENTION
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java via the Control Panel > Programs and Features applet.
Java 7 Update 80 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217080FF}) (Version: 7.0.800 - Oracle)


Please let me know what problem persists with this computer.

p.s.
To answer your question.

This is the infection - CryptoWall and HELP_DECRYPT Ransomware Information Guide
Read about it.
http://www.bleepingcomputer.com/virus-removal/cryptowall-ransomware-information

am I safe, and are the photos and documents on the drives that do not show any encryption safe?

In the article have a look at this section.
How to use the CryptoPrevent Tool:
It may be to your advantage to install this protection before you start restoring your files.

Edited by nasdaq, 10 March 2016 - 01:10 PM.


#3 Shock2DC

Shock2DC
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:40 PM

Posted 10 March 2016 - 10:03 AM

I am a little confused as to how to find the program you are saying to remove.  I opened the remove panel but cannot find it by the numbers you referenced. When I do a file search, I am not certain what name to search for.



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,883 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:40 AM

Posted 10 March 2016 - 01:10 PM

Just forget about for now.

Continue with the fix.

#5 Shock2DC

Shock2DC
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:40 PM

Posted 10 March 2016 - 01:55 PM

It hung the first time on the local data for JMan, so I rebooted into safe mode and ran it.
 
 
Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Onion (2016-03-10 12:40:22) Run:2
Running from C:\Users\Onion\Desktop
Loaded Profiles: Onion (Available Profiles: Onion & Gust & JMan & BigD & Gusty & Down & Administrator & Guest)
Boot Mode: Safe Mode (with Networking)
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
Winlogon\Notify\igfxcui: igfxdev.dll [X]
IFEO\Memeo.Helper.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
IFEO\MemeoDashboard.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
IFEO\MemeoLauncher.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
IFEO\MemeoUpdater.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
IFEO\SeagateDashboardService.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
GroupPolicyUsers\S-1-5-21-1508894382-1957078712-2432733024-1017\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1508894382-1957078712-2432733024-1016\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1508894382-1957078712-2432733024-1015\User: Restriction - Chrome <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1508894382-1957078712-2432733024-1014\User: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-1508894382-1957078712-2432733024-1015-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HomePage: Default -> hxxp://search.conduit.com/?gd=&ctid=CT3323878&octid=EB_ORIGINAL_CTID&ISID=M1DA442E4-8B03-4868-8AF3-0F84E3D6FCFB&SearchSource=55&CUI=&UM=5&UP=SP9A8A6418-E099-41EC-B663-2D8FE173582D&SSPV=
CHR StartupUrls: Default -> "hxxp://gmail.com/","hxxp://www.facebook.com/","hxxp://www.trovi.com/?gd=&ctid=CT3320418&octid=EB_ORIGINAL_CTID&ISID=MEB5CEFA7-EC07-430F-BF1A-5A792952324F&SearchSource=55&CUI=&UM=8&UP=SP46C28545-6113-4B66-9930-70595583335D&SSPV=","hxxp://www.google.com"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Onion\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\pdf.dll => No File
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll => No File
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-03-09]
CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx <not found>
S1 HWiNFO32; \??\C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [X]
U0 SR; no ImagePath
U2 srservice; no ImagePath
CustomCLSID: HKU\S-1-5-21-1508894382-1957078712-2432733024-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{1C19EA82-9A98-3F85-C1B4-0F4F8A7182F24}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1508894382-1957078712-2432733024-1000_Classes\CLSID\{1C19EA82-9A98-3F85-C1B4-0F4F8A7182F24}\InprocServer32 -> no filepath
R0 WRkrn; System32\drivers\WRkrn.sys [X]
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION
 
End
*****************
 
Error: Restore point can only be created in normal mode.
Processes closed successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui => key not found. 
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Memeo.Helper.exe => key not found. 
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MemeoDashboard.exe => key not found. 
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MemeoLauncher.exe => key not found. 
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MemeoUpdater.exe => key not found. 
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SeagateDashboardService.exe => key not found. 
"C:\Windows\system32\GroupPolicyUsers\S-1-5-21-1508894382-1957078712-2432733024-1017\User" => not found.
"C:\Windows\system32\GroupPolicyUsers\S-1-5-21-1508894382-1957078712-2432733024-1016\User" => not found.
"C:\Windows\system32\GroupPolicyUsers\S-1-5-21-1508894382-1957078712-2432733024-1015\User" => not found.
"C:\Windows\system32\GroupPolicyUsers\S-1-5-21-1508894382-1957078712-2432733024-1014\User" => not found.
"C:\Windows\system32\GroupPolicy\Machine" => not found.
"C:\Windows\system32\GroupPolicy\User" => not found.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. 
HKU\S-1-5-21-1508894382-1957078712-2432733024-1015-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9} => key not found. 
HKCR\CLSID\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF} => key not found. 
HKCR\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF} => key not found. 
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key not found. 
HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer => key not found. 
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key not found. 
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
C:\Users\Onion\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\pdf.dll => not found.
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll => not found.
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll => not found.
C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll => not found.
C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll => not found.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll => not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => key not found. 
"C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab => key not found. 
HWiNFO32 => service not found.
SR => service not found.
srservice => service not found.
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{1C19EA82-9A98-3F85-C1B4-0F4F8A7182F24} => key not found. 
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000_Classes\CLSID\{1C19EA82-9A98-3F85-C1B4-0F4F8A7182F24} => key not found. 
WRkrn => service not found.
HKU\.DEFAULT\Software\Classes\.exe => key not found. 
HKU\.DEFAULT\Software\Classes\exefile => key not found. 
HKU\S-1-5-19\Software\Classes\.exe => key not found. 
HKU\S-1-5-19\Software\Classes\exefile => key not found. 
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Classes\.exe => key not found. 
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Classes\exefile => key not found. 
HKU\S-1-5-20\Software\Classes\.exe => key not found. 
HKU\S-1-5-20\Software\Classes\exefile => key not found. 
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Classes\.exe => key not found. 
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Classes\exefile => key not found. 
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000\Software\Classes\.exe => key not found. 
HKU\S-1-5-21-1508894382-1957078712-2432733024-1000\Software\Classes\exefile => key not found. 
EmptyTemp: => 1.6 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 12:41:27 ====


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,883 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:40 AM

Posted 10 March 2016 - 02:02 PM

An remaining issues?

#7 Shock2DC

Shock2DC
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:40 PM

Posted 10 March 2016 - 02:21 PM

I cannot get java to download, even with the antivirus temporarily from disabled.  I cannot open several of my programs.  They flash the splash screen and then close right away.  I wouldn't have a problem going to a backup, but I am not sure when the malware got on the computer and if the backup is clean since it was attached to the computer at the time of the encryption, even though the scan shows that there are no encrypted files on the backup drive.



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,883 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:40 AM

Posted 11 March 2016 - 08:25 AM

We may be dealing with a new version of this infection.

Do you remember what were the extensions of the files you deleted.
It way help finding our what we are dealing with.
---

You System restore is disable before you proceed with this scan make sure it's enabled.
Turn System Restore ON - Windows Help
http://windows.microsoft.com/en-ca/windows/turn-system-restore-on-off#1TC=windows-7


Please Download Tweaking.com - Windows Repair from Here

  • Install and then run the program
  • Execute the instructions on Step 1 Important
  • Click Next on Step 2 Optional, do the Pre Scan skip Step 3 and 4 Optional for now.
  • On Step 5 Backup System Restore Do a Registry backup. When you have completed this click Next
  • Click on Repairs
  • Click Repairs - Open Repairs in the bottom right corner
  • Click the Unselect All button then select just the item(s) listed below

  • 01 - Repair Registry Permissions
    02 - Reset File Permissions (2)
    .. 02.01 File Permissions C:\
    .. 02.02 File Permissions D:\
    03 - Reset Service permissions
    04 - Register System Files
    05 - Repair WMI
    10 - Remove Policies Set By Infections
    15 - Repair Proxy Settings
    16 - Unhide Non System Files (2)
    .. 16.01 Unhide C:\
    .. 16.02 Unhide D:\
    17 - Repair Windows Updates
    19 - Repair Volume Shadow Copy Service
    21 - Repair MSI (Windows Installer)
    23 - Repair File Associations (12)
    .. 23.06 - Repair exe Associations
    26 - Restore Important Windows Services
    27 - Set Windows Service to Default Startup
    
  • Click the Start button and let the process run to completion. Copy any error messages into Notepad, Save it on your Desktop. ( Reboot if asked to do so)
  • Please copy and paste the Contents of this file on your next reply.

  • ===

    Restart the computer normally.

    How is the computer running now?


#9 Shock2DC

Shock2DC
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:40 PM

Posted 11 March 2016 - 03:56 PM

No, I am do not remember what the file names were.  I found them in a user profile and the antivirus deleted them.  Would there be a log for that?
 
This is my windows repair log.  If there were errors, it did not show up, so I found this for you.  Not sure if this is what you need.
 
My profile is the one having issues.  I have created another one and having some luck opening some files, but not all.  Could it have corrupted my profile and some of my programs.  I don't mind reinstalling, if that is what it takes, but I would like for my computer to be clean again.
 
 
Tweaking.com - Windows Repair v3.8.4
--------------------------------------------------------------------------------
 
System Variables
--------------------------------------------------------------------------------
OS: Windows 7 Professional
OS Architecture: 64-bit
OS Version: 6.1.7601
OS Service Pack: Service Pack 1
Computer Name: Onion
Windows Drive: C:\
Windows Path: C:\Windows
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile: C:\Users\Down
Current Profile SID: S-1-5-21-1508894382-1957078712-2432733024-1019
Current Profile Classes: S-1-5-21-1508894382-1957078712-2432733024-1019_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\Windows\ServiceProfiles
Local Settings AppData: C:\Users\Down\AppData\Local
--------------------------------------------------------------------------------
 
System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 00:07:32
 
Process Count: 28
Commit Total: 1.43 GB
Commit Limit: 89.07 GB
Commit Peak: 1.52 GB
Handle Count: 7624
Kernel Total: 306.12 MB
Kernel Paged: 212.89 MB
Kernel Non Paged: 93.23 MB
System Cache: 717.97 MB
Thread Count: 371
--------------------------------------------------------------------------------
 
Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 15.83 GB
Memory Used: 1.46 GB(9.2427%)
Memory Avail.: 14.37 GB
--------------------------------------------------------------------------------
 
Cleaning Memory Before Starting Repairs...
 
Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 15.83 GB
Memory Used: 1.32 GB(8.3401%)
Memory Avail.: 14.51 GB
--------------------------------------------------------------------------------
 
Starting Repairs...
   Started at (3/11/2016 1:26:12 PM)
 
Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 141
 
01 - Reset Registry Permissions
   Restore Windows 7/8/10 Default Registry Permissions
   Start (3/11/2016 1:26:15 PM)
 
 
Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\7\hku.7z
Done,  0.17 seconds.
 
 
Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\7\hklm.7z
Done,  1.28 seconds.
 
   Running Repair Under System Account
   Done (3/11/2016 1:31:49 PM)
 
Reset File Permissions: C:
   C: & Sub Folders
   Start (3/11/2016 1:31:49 PM)
 
   Running Repair Under Current User Account
   Done (3/11/2016 1:47:16 PM)
 
Reset File Permissions
   Restore Windows 7/8/10 Default File Permissions
   Start (3/11/2016 1:47:16 PM)
 
 
Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\7\default.7z
Done,  0.13 seconds.
 
 
Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\7\profile.7z
Done,  0.14 seconds.
 
 
Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\7\program_files.7z
Done,  0.13 seconds.
 
 
Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\7\program_files_x86.7z
Done,  0.13 seconds.
 
 
Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\7\programdata.7z
Done,  0.11 seconds.
 
 
Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\7\windows.7z
Done,  1.06 seconds.
 
   Running Repair Under Current User Account
   Done (3/11/2016 1:50:07 PM)
 
Reset File Permissions: Cleanup
   Repairing Restricted Folders Permissions To Avoid Infinite Loops
   Start (3/11/2016 1:50:07 PM)
 
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/11/2016 1:50:10 PM)
 
03 - Reset Service Permissions
   Start (3/11/2016 1:50:10 PM)
 
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/11/2016 1:51:21 PM)
 
04 - Register System Files
   Start (3/11/2016 1:51:21 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/11/2016 1:51:50 PM)
 
05 - Repair WMI
   Start (3/11/2016 1:51:50 PM)
 
   Starting Security Center So We Can Export The Security Info.
 
   Exporting Antivirus Info...
   IObit Malware Fighter Exported.
   avast! Antivirus Exported.
 
   Exporting AntiSpyware Info...
   Windows Defender Exported.
   IObit Malware Fighter Exported.
   avast! Antivirus Exported.
 
   Exporting 3rd Party Firewall Info...
   No Firewall Products Reported.
 
   Running Repair Under Current User Account
   Done (3/11/2016 1:54:41 PM)
 
10 - Remove Policies Set By Infections
   Start (3/11/2016 1:54:41 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/11/2016 1:54:45 PM)
 
15 - Repair Proxy Settings
   Start (3/11/2016 1:54:45 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/11/2016 1:54:47 PM)
 
Unhide Non System Files
   Start (3/11/2016 1:54:47 PM)
   C:\ - Total Files Unhidden: 1349 out of 679155 searched. - Check Unhidden_Files.txt for list of files unhidden
   Done (3/11/2016 1:55:00 PM)
 
17 - Repair Windows Updates
   Start (3/11/2016 1:55:00 PM)
 
Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\7\services.7z
Done,  0.14 seconds.
 
   Running Repair Under Current User Account
   Running Repair Under System Account
   Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
   Done (3/11/2016 1:55:25 PM)
 
19 - Repair Volume Shadow Copy Service
   Start (3/11/2016 1:55:25 PM)
 
Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\7\services.7z
Done,  0.13 seconds.
 
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/11/2016 1:55:47 PM)
 
21 - Repair MSI (Windows Installer)
   Start (3/11/2016 1:55:47 PM)
 
Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\7\services.7z
Done,  0.13 seconds.
 
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/11/2016 1:56:01 PM)
 
23.06 - Repair exe Association
   Start (3/11/2016 1:56:01 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/11/2016 1:56:03 PM)
 
27 - Set Windows Services To Default Startup
   Start (3/11/2016 1:56:03 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/11/2016 1:56:23 PM)
 
Cleaning up empty logs...
 
All Selected Repairs Done.
   Done at (3/11/2016 1:56:23 PM)
   Total Repair Time: 00:30:12
 
 
...YOU MUST RESTART YOUR SYSTEM...


#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,883 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:40 AM

Posted 12 March 2016 - 08:33 AM

I found them in a user profile and the antivirus deleted them. Would there be a log for that?


The files should be in the Virus Chest.
https://blog.avast.com/2015/03/19/how-to-use-the-avast-virus-chest/

Do not restore any of them but you may be able to find examples of the filenames.
===

I have created another one and having some luck opening some files, but not all. Could it have corrupted my profile and some of my programs.


The programs could have been corrupted.
Reinstall one of the programs you need.
Open one of the files previously saved. Find out if the file(s) can now be opened.

If not the the files is corrupted.

If you get any error message trying to open them let me know what it is.

#11 Shock2DC

Shock2DC
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:40 PM

Posted 13 March 2016 - 07:35 AM

I cannot find it in the log.  I am thinking that I manually searched and deleted it.  It was in a local, non-administrator profile.

 

Reinstalling has helped with much of the software, but my original profile still seems wonky and I still need to reinstall my quicken if I can find the disk.  Should I remove the iobit stuff.  Is it safe to use the update feature within Avast to update the outdated programs or should I manually go to the websites myself?

 

Is the user profile just corrupted and if so, is it safe to copy my documents to my new user profile (and delete the old) or are they the problem?  I noticed that the user profile that I thought I deleted, that had the cyrptowall hiding in the local app, is still showing up - at least it's associated files are.  Are they safe to remove? I thought I had told it to but they are still there.  



#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,883 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:40 AM

Posted 13 March 2016 - 08:51 AM

Should I remove the iobit stuff.

 
I would.
IObit programs are not recommended. Advance System Care and others are known to cause system problems and that had stolen material from other computer security companies to use in their own program.
The program has also been seen to cause numerous system problems that tend to go away after uninstalling their software.
 
Go to Start > Control Panel > Add or Remove Programs from IObit.
===
 

Is it safe to use the update feature within Avast to update the outdated programs

Yes. But I would reinstsll the application. May be it was compromised also.
 
===
 

Is the user profile just corrupted and if so, is it safe to copy my documents to my new user profile (and delete the old) or are they the problem?

If you have no problems running these files then yes copy them to the new profile.
 
Do not delete any old profile until you have a stable system.


#13 Shock2DC

Shock2DC
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:40 PM

Posted 13 March 2016 - 09:43 PM

It seems like almost every program is having some kind of blip - so one by one I have been reinstalling.  That seems to get things back to "normal" function for that program.  Thinking that perhaps some of the errors were caused by overzealous removing of cookies and tinkering of settings by antivirus, malware and iobit.  Had three programs looking for malware in succession because there is a lot to lose if I cannot get my computer and drives back safely.  It is frustrating but causing me to rethink what I do and don't want installed and if it's really necessary.  I am running Malware Bytes Anti-Ransom, Malware Bytes Anti-Malware Home, Avast Internet Security and the Avast SafeZone Browswer.  I also have hitman pro and ccleaner monitoring, but I keep wondering if it's not doing more harm than good, because I keep having to rekey my passwords for frequently used sites, like my email.  I have Java set on high security.  Had an issue with a visual basic error in Excel when working with macros.  So, that's where I am at right now.

 

I am still reluctant to hook up the drives in case there is an issue in any of them.  Besides disabling auto run, which I have already done, is there a way to sandbox the drive until I know it is safe?  I have Total Commander to scan the drive, but want to make sure that if I plug it in to my computer to access the damage, I won't be reinfecting it by looking surveying the carnage. Ultimately, I would like to scrub the backup drives, one by one, and centralize the files onto disks that I switch out for backup and take offline when the backup is done.  Of course, I need to get this mess cleaned up first.  So, what should my next step be?



#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,883 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:40 AM

Posted 14 March 2016 - 07:57 AM

I am running Malware Bytes Anti-Ransom, Malware Bytes Anti-Malware Home, Avast Internet Security and the Avast SafeZone Browswer.
 I also have hitman pro and ccleaner monitoring, but I keep wondering if it's not doing more harm than good

 
I suggest you disable all these programs except Avast.
 
===
 

I keep having to rekey my passwords for frequently used sites, like my email.

Is this with all browsers?
How is it now that only Avast is enabled?
 
==
 

I am still reluctant to hook up the drives in case there is an issue in any of them.  Besides disabling auto run, which I have already done, is there a way to sandbox the drive until I know it is safe?

This Cryptowall infection is not a worm.
What ever damaged was done it does not leave the payload on the system.
Connecting the drive with the Auto-run disabled should be  no problems.
 
One way to clean everything might be to restore you system and reinstall the applications.
Any chance of doing this?

#15 Shock2DC

Shock2DC
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:40 PM

Posted 14 March 2016 - 09:36 AM

Cryptowall infected my rescue drive.  That is the one that has all the encrypted pics on it.  I can only assume one of the kids thought it was theirs and used it.  At this point, I have given up trying to figure out how and am working on the immediate stuff.  Right now, they are not allowed on the affected computer or to use thumb drives on any of them.  I know I read that usually crytopwall deletes itself after it does it's damage, but I am still concerned there could be a harmful executable on that drive that would reinfect my computer.  How could I safely check for that?

 

I am eligible for the Windows 10 upgrade.  So, I am considering doing a clean install of windows 10 and just taking the whole drive down to bare bones and rebuilding.  My folks have the same operating system (Windows 7PE) as I have, but not the same computer.  If I just want windows 7PE, which I am used to, can I use their computer to create a clean rescue drive? They are not even connected to the web, so I am extremely doubtful that there are safety issues.  I usually have a rescue disk, but my backups were all connected...  What else would I need? Would I copy the files from the users onto that drive also?  Is there a way to test each file for corruption without me having to open each one?  I don't want to do a clean install and then transfer corrupt files onto it.  Such a mess! 






1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users