Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

All data files have crypt extension


  • This topic is locked This topic is locked
2 replies to this topic

#1 jakkwb

jakkwb

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:12:46 PM

Posted 19 April 2016 - 04:30 PM

Hello, my PC has been infected. Don't know the name, but all data files have the .crypt extension. Typical desktop screen about paying using bitcoins.

 

I cannot identify which variation this is. Any help would be appreciated.

 

Here are frst logs

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-04-2016
Ran by Owner (administrator) on OWNER-PC (19-04-2016 16:32:07)
Running from C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NVXVS640
Loaded Profiles: Owner (Available Profiles: Owner & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(Intel Corporation) C:\WINDOWS\System32\igfxCUIService.exe
(Invincea, Inc.) C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe
(Invincea, Inc.) C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\WINDOWS\System32\igfxEM.exe
(Intel Corporation) C:\WINDOWS\System32\igfxHK.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
() C:\WINDOWS\System32\igfxTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\wbem\WmiPrvSE.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRSync.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\WINDOWS\System32\MsSpellCheckingFacility.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8464600 2015-04-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1392856 2015-03-20] (Realtek Semiconductor)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-04-10] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-17] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [186640 2016-04-14] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3930384 2016-04-06] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-2582492385-2996337470-3751110407-1000\...\Run: [WinResSync] => C:\Windows\system32\regsvr32.exe /s "C:\Users\Owner\AppData\Roaming\Microsoft\Protect\e141b1be8ffc11fc26fd.rs"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2016-03-31]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.10.10.1 12.165.234.130
Tcpip\..\Interfaces\{F46E74A2-EFD3-4DF8-B01A-A7BCCD446273}: [DhcpNameServer] 10.10.10.1 12.165.234.130

Internet Explorer:
==================
HKU\S-1-5-21-2582492385-2996337470-3751110407-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com/?pc=DCTE
HKU\S-1-5-21-2582492385-2996337470-3751110407-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCTE
URLSearchHook: HKU\S-1-5-21-2582492385-2996337470-3751110407-1000 - (No Name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2582492385-2996337470-3751110407-1000 -> DefaultScope {1617F941-D7D5-47C4-9991-F72FAA3785CC} URL =
SearchScopes: HKU\S-1-5-21-2582492385-2996337470-3751110407-1000 -> {1617F941-D7D5-47C4-9991-F72FAA3785CC} URL =
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21] (Hewlett-Packard Co.)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.)

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-11-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-11-10] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-02-27] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2016-04-18] [not signed]
FF HKU\S-1-5-21-2582492385-2996337470-3751110407-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [638456 2016-04-06] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3993088 2016-04-06] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1074448 2016-04-14] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [593880 2016-04-06] (AVG Technologies CZ, s.r.o.)
S2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [92528 2015-05-05] (Dell)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [232152 2015-05-20] (Dell Inc.)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344168 2015-04-13] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel® Corporation)
R2 InvProtectSvc; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [2672328 2014-07-30] (Invincea, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [158496 2014-11-10] (Intel Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [291032 2014-08-18] (Realtek Semiconductor)
R2 SboxSvc; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [173256 2014-07-30] (Invincea, Inc.)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [2065808 2016-01-04] (SoftThinks SAS)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2015-10-21] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162592 2016-02-16] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [306976 2016-03-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272304 2016-01-26] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [246560 2016-03-07] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-12-04] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [302000 2015-10-08] (AVG Technologies CZ, s.r.o.)
R0 avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [71456 2016-03-08] (AVG Technologies CZ, s.r.o.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [2740056 2015-04-07] (Realtek Semiconductor Corp.)
R3 InvProtectDrv; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [50696 2014-07-30] (Invincea, Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2014-11-10] (Intel Corporation)
R3 SboxDrv; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [183304 2014-07-30] (Invincea, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-19 16:31 - 2016-04-19 16:32 - 00000000 ____D C:\FRST
2016-04-19 16:03 - 2016-04-19 16:01 - 00201728 _____ (Cisco Systems Inc.) C:\TeslaDecrypter.exe
2016-04-19 09:37 - 2016-04-19 09:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-04-19 09:28 - 2016-04-19 09:28 - 00000862 _____ C:\Users\Public\Desktop\AVG.lnk
2016-04-19 09:28 - 2016-04-19 09:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2016-04-18 16:44 - 2016-03-17 18:04 - 05551336 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-04-18 16:44 - 2016-03-17 18:04 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-04-18 16:44 - 2016-03-17 18:04 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-04-18 16:44 - 2016-03-17 18:04 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-04-18 16:44 - 2016-03-17 18:01 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-04-18 16:44 - 2016-03-17 18:01 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-04-18 16:44 - 2016-03-17 17:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-04-18 16:44 - 2016-03-17 17:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-04-18 16:44 - 2016-03-17 17:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-04-18 16:44 - 2016-03-17 17:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-04-18 16:44 - 2016-03-17 17:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-04-18 16:44 - 2016-03-17 17:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-04-18 16:44 - 2016-03-17 17:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-04-18 16:44 - 2016-03-17 17:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-04-18 16:44 - 2016-03-17 17:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-04-18 16:44 - 2016-03-17 17:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-04-18 16:44 - 2016-03-17 17:57 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-04-18 16:44 - 2016-03-17 17:57 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-04-18 16:44 - 2016-03-17 17:57 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-04-18 16:44 - 2016-03-17 17:57 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-04-18 16:44 - 2016-03-17 17:57 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-04-18 16:44 - 2016-03-17 17:56 - 02084864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-04-18 16:44 - 2016-03-17 17:56 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-04-18 16:44 - 2016-03-17 17:54 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-04-18 16:44 - 2016-03-17 17:54 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-04-18 16:44 - 2016-03-17 17:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-04-18 16:44 - 2016-03-17 17:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-04-18 16:44 - 2016-03-17 17:53 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-04-18 16:44 - 2016-03-17 17:53 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-04-18 16:44 - 2016-03-17 17:53 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-04-18 16:44 - 2016-03-17 17:53 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-04-18 16:44 - 2016-03-17 17:50 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-04-18 16:44 - 2016-03-17 17:50 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-04-18 16:44 - 2016-03-17 17:50 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-04-18 16:44 - 2016-03-17 17:50 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-04-18 16:44 - 2016-03-17 17:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-04-18 16:44 - 2016-03-17 17:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-04-18 16:44 - 2016-03-17 17:50 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-04-18 16:44 - 2016-03-17 17:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-04-18 16:44 - 2016-03-17 17:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-04-18 16:44 - 2016-03-17 17:50 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-04-18 16:44 - 2016-03-17 17:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-04-18 16:44 - 2016-03-17 17:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-18 16:44 - 2016-03-17 17:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-18 16:44 - 2016-03-17 17:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-18 16:44 - 2016-03-17 17:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-04-18 16:44 - 2016-03-17 17:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-18 16:44 - 2016-03-17 17:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-04-18 16:44 - 2016-03-17 17:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-18 16:44 - 2016-03-17 17:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-18 16:44 - 2016-03-17 17:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-18 16:44 - 2016-03-17 17:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-04-18 16:44 - 2016-03-17 17:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-04-18 16:44 - 2016-03-17 17:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-18 16:44 - 2016-03-17 17:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-04-18 16:44 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-04-18 16:44 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-04-18 16:44 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-04-18 16:44 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-04-18 16:44 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-04-18 16:44 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-18 16:44 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-04-18 16:44 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-04-18 16:44 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-18 16:44 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-04-18 16:44 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-04-18 16:44 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-04-18 16:44 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-04-18 16:44 - 2016-03-17 17:36 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-04-18 16:44 - 2016-03-17 17:36 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-04-18 16:44 - 2016-03-17 17:33 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-04-18 16:44 - 2016-03-17 17:31 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-04-18 16:44 - 2016-03-17 17:31 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-04-18 16:44 - 2016-03-17 17:31 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-04-18 16:44 - 2016-03-17 17:31 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-04-18 16:44 - 2016-03-17 17:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-04-18 16:44 - 2016-03-17 17:30 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-04-18 16:44 - 2016-03-17 17:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-04-18 16:44 - 2016-03-17 17:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-04-18 16:44 - 2016-03-17 17:29 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-04-18 16:44 - 2016-03-17 17:29 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-04-18 16:44 - 2016-03-17 17:29 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-04-18 16:44 - 2016-03-17 17:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-04-18 16:44 - 2016-03-17 17:27 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-04-18 16:44 - 2016-03-17 17:27 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-04-18 16:44 - 2016-03-17 17:27 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-04-18 16:44 - 2016-03-17 17:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-04-18 16:44 - 2016-03-17 17:26 - 00553984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-04-18 16:44 - 2016-03-17 17:25 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-04-18 16:44 - 2016-03-17 17:24 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-04-18 16:44 - 2016-03-17 17:24 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-04-18 16:44 - 2016-03-17 17:24 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-04-18 16:44 - 2016-03-17 17:24 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-04-18 16:44 - 2016-03-17 17:24 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-04-18 16:44 - 2016-03-17 17:24 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-04-18 16:44 - 2016-03-17 17:24 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-18 16:44 - 2016-03-17 17:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-18 16:44 - 2016-03-17 17:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-04-18 16:44 - 2016-03-17 17:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-04-18 16:44 - 2016-03-17 17:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-18 16:44 - 2016-03-17 17:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-04-18 16:44 - 2016-03-17 17:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-18 16:44 - 2016-03-17 17:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-18 16:44 - 2016-03-17 17:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-04-18 16:44 - 2016-03-17 17:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-18 16:44 - 2016-03-17 17:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-18 16:44 - 2016-03-17 17:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-04-18 16:44 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-04-18 16:44 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-18 16:44 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-04-18 16:44 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-04-18 16:44 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-04-18 16:44 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-04-18 16:44 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-18 16:44 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-04-18 16:44 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-04-18 16:44 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-04-18 16:44 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-04-18 16:44 - 2016-03-17 16:53 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-04-18 16:44 - 2016-03-17 16:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-04-18 16:44 - 2016-03-17 16:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-04-18 16:44 - 2016-03-17 16:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-04-18 16:44 - 2016-03-17 16:44 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-04-18 16:44 - 2016-03-17 16:43 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-04-18 16:44 - 2016-03-17 16:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-04-18 16:44 - 2016-03-17 16:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-04-18 16:44 - 2016-03-17 16:37 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-04-18 16:44 - 2016-03-17 16:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-04-18 16:44 - 2016-03-17 16:35 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-04-18 16:44 - 2016-03-17 16:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-04-18 16:44 - 2016-03-17 16:30 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-04-18 16:44 - 2016-03-17 16:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-04-18 16:44 - 2016-03-17 16:30 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-04-18 16:44 - 2016-03-17 16:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-04-18 16:44 - 2016-03-17 16:29 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-04-18 16:44 - 2016-03-17 16:29 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-04-18 16:44 - 2016-03-17 16:29 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-18 16:44 - 2016-03-17 16:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-04-18 16:44 - 2016-03-17 16:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-04-18 16:44 - 2016-03-06 13:53 - 01885696 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-04-18 16:44 - 2016-03-06 13:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2016-04-18 16:44 - 2016-03-06 13:38 - 01240576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2016-04-18 16:44 - 2016-03-06 13:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2016-04-18 16:38 - 2016-03-29 12:53 - 03216896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-04-18 16:38 - 2016-03-15 19:16 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-04-18 16:38 - 2016-03-15 19:16 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-04-18 16:38 - 2016-03-15 18:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2016-04-18 15:58 - 2016-03-11 13:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-04-18 15:58 - 2016-03-11 13:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-04-18 15:55 - 2016-03-31 14:25 - 00394952 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-04-18 15:55 - 2016-03-31 13:41 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-04-18 15:55 - 2016-03-30 19:54 - 25817600 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-04-18 15:55 - 2016-03-30 19:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-04-18 15:55 - 2016-03-30 19:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-04-18 15:55 - 2016-03-30 19:31 - 02892800 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-04-18 15:55 - 2016-03-30 19:28 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-04-18 15:55 - 2016-03-30 19:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-04-18 15:55 - 2016-03-30 19:27 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-04-18 15:55 - 2016-03-30 19:27 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-04-18 15:55 - 2016-03-30 19:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-04-18 15:55 - 2016-03-30 19:25 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-04-18 15:55 - 2016-03-30 19:22 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-04-18 15:55 - 2016-03-30 19:21 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-04-18 15:55 - 2016-03-30 19:19 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-04-18 15:55 - 2016-03-30 19:17 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-04-18 15:55 - 2016-03-30 19:17 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-04-18 15:55 - 2016-03-30 19:17 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-04-18 15:55 - 2016-03-30 19:17 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-04-18 15:55 - 2016-03-30 19:11 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-04-18 15:55 - 2016-03-30 19:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-04-18 15:55 - 2016-03-30 19:03 - 20352512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-04-18 15:55 - 2016-03-30 19:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-04-18 15:55 - 2016-03-30 19:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-04-18 15:55 - 2016-03-30 18:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-04-18 15:55 - 2016-03-30 18:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-04-18 15:55 - 2016-03-30 18:56 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-04-18 15:55 - 2016-03-30 18:55 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-04-18 15:55 - 2016-03-30 18:53 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-04-18 15:55 - 2016-03-30 18:53 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-04-18 15:55 - 2016-03-30 18:52 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-04-18 15:55 - 2016-03-30 18:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-04-18 15:55 - 2016-03-30 18:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-04-18 15:55 - 2016-03-30 18:52 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-04-18 15:55 - 2016-03-30 18:51 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-04-18 15:55 - 2016-03-30 18:48 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-04-18 15:55 - 2016-03-30 18:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-04-18 15:55 - 2016-03-30 18:46 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-04-18 15:55 - 2016-03-30 18:45 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-04-18 15:55 - 2016-03-30 18:45 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-04-18 15:55 - 2016-03-30 18:45 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-04-18 15:55 - 2016-03-30 18:45 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-04-18 15:55 - 2016-03-30 18:43 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-04-18 15:55 - 2016-03-30 18:43 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-04-18 15:55 - 2016-03-30 18:42 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-04-18 15:55 - 2016-03-30 18:42 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-04-18 15:55 - 2016-03-30 18:39 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-04-18 15:55 - 2016-03-30 18:38 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-04-18 15:55 - 2016-03-30 18:34 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-04-18 15:55 - 2016-03-30 18:33 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-04-18 15:55 - 2016-03-30 18:31 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-04-18 15:55 - 2016-03-30 18:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-04-18 15:55 - 2016-03-30 18:30 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-04-18 15:55 - 2016-03-30 18:30 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-04-18 15:55 - 2016-03-30 18:30 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-04-18 15:55 - 2016-03-30 18:29 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-04-18 15:55 - 2016-03-30 18:24 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-04-18 15:55 - 2016-03-30 18:23 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-04-18 15:55 - 2016-03-30 18:23 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-04-18 15:55 - 2016-03-30 18:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-04-18 15:55 - 2016-03-30 18:21 - 13811712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-04-18 15:55 - 2016-03-30 18:18 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-04-18 15:55 - 2016-03-30 18:06 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-04-18 15:55 - 2016-03-30 18:05 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-04-18 15:55 - 2016-03-30 18:02 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-04-18 15:55 - 2016-03-30 18:00 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-04-18 09:34 - 2016-04-18 09:34 - 00000000 ____D C:\Users\Owner\AppData\Roaming\gnupg
2016-04-18 09:33 - 2016-04-18 14:52 - 00000000 ____D C:\Users\Owner\Desktop\Distrib
2016-04-18 09:33 - 2016-04-18 14:44 - 00002684 _____ C:\ScatterDecryptor.2.0.0.1_18.04.2016_09.33.28_log.txt
2016-04-15 16:28 - 2016-04-15 16:28 - 00000000 ____D C:\Users\Owner\AppData\Roaming\TuneUp Software
2016-04-15 16:28 - 2016-04-15 16:28 - 00000000 ____D C:\Users\Owner\AppData\Roaming\AVG
2016-04-15 16:28 - 2016-04-15 16:28 - 00000000 ____D C:\Program Files\Common Files\AV
2016-04-15 16:27 - 2016-04-15 16:27 - 00000000 ___HD C:\$AVG
2016-04-15 16:26 - 2016-04-19 15:01 - 00000000 ____D C:\ProgramData\MFAData
2016-04-15 16:26 - 2016-04-15 16:26 - 00000000 ____D C:\Users\Owner\AppData\Local\MFAData
2016-04-15 16:25 - 2016-04-15 16:27 - 00000000 ____D C:\ProgramData\Avg
2016-04-15 16:25 - 2016-04-15 16:27 - 00000000 ____D C:\Program Files (x86)\AVG
2016-04-15 16:24 - 2016-04-19 09:28 - 00000000 ____D C:\Users\Owner\AppData\Local\AvgSetupLog
2016-04-15 16:24 - 2016-04-15 16:28 - 00000000 ____D C:\Users\Owner\AppData\Local\Avg
2016-04-12 07:00 - 2016-04-12 07:00 - 00000000 ____D C:\Users\Owner\AppData\Local\softthinks
2016-04-12 07:00 - 2016-01-06 17:04 - 00000107 ____H C:\DBAR_Ver.txt
2016-04-11 09:05 - 2016-04-11 09:05 - 00000000 ____D C:\Users\Owner\AppData\Local\CrashDumps
2016-04-11 09:03 - 2016-04-19 09:42 - 00000000 ___HD C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2016-04-11 09:03 - 2016-04-19 08:59 - 00000000 ____D C:\ProgramData\FawgUlmoy
2016-04-11 08:17 - 2016-04-11 08:17 - 01551174 ____T C:\de_crypt_readme.bmp
2016-04-11 08:17 - 2016-04-11 08:17 - 00003074 _____ C:\de_crypt_readme.html
2016-04-11 08:17 - 2016-04-11 08:17 - 00001689 _____ C:\de_crypt_readme.txt
2016-04-11 08:14 - 2016-04-11 08:14 - 01551174 ____T C:\Users\Owner\Downloads\de_crypt_readme.bmp
2016-04-11 08:14 - 2016-04-11 08:14 - 00003074 _____ C:\Users\Owner\Downloads\de_crypt_readme.html
2016-04-11 08:14 - 2016-04-11 08:14 - 00001689 _____ C:\Users\Owner\Downloads\de_crypt_readme.txt
2016-04-11 08:14 - 2016-04-11 08:14 - 00001689 _____ C:\Users\Owner\Documents\de_crypt_readme.txt
2016-04-11 08:13 - 2016-04-11 08:13 - 00000003 _____ C:\ProgramData\450D798071F6.dat
2016-04-11 07:15 - 2016-04-19 10:36 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\{A532195B-CFFB-4B7A-B8D7-278BA98F2400}
2016-04-11 07:15 - 2016-04-11 08:26 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\{FDBAC137-BE7A-4B04-887F-36388CBD2740}
2016-04-11 07:15 - 2016-04-11 07:16 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\{A50DD39A-26F1-4CAC-9441-1E15A7140D7C}
2016-04-06 12:24 - 2016-04-06 12:24 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2016-04-05 12:00 - 2016-04-18 14:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2016-04-04 11:34 - 2016-04-04 11:34 - 00001230 _____ C:\Users\Owner\Desktop\I.R.I.S. Resource Center.lnk
2016-04-01 14:36 - 2016-04-11 08:14 - 00012931 _____ C:\Users\Owner\Documents\APRIL 2016 OTHER.ods.crypt
2016-04-01 14:35 - 2016-04-11 08:14 - 00012939 _____ C:\Users\Owner\Documents\APRIL 2016.ods.crypt
2016-04-01 11:57 - 2016-04-01 11:57 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\Adobe
2016-04-01 11:57 - 2016-04-01 11:57 - 00000000 ____D C:\Users\Owner\AppData\Local\Adobe
2016-04-01 10:23 - 2016-04-18 14:47 - 00000000 ____D C:\Users\Owner\AppData\Roaming\OpenOffice
2016-04-01 10:16 - 2016-04-18 14:47 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Thunderbird
2016-04-01 10:16 - 2016-04-11 08:14 - 00000000 ____D C:\ProgramData\WEBREG
2016-04-01 10:16 - 2016-04-05 17:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-01 10:16 - 2016-04-01 10:16 - 00001215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2016-04-01 10:16 - 2016-04-01 10:16 - 00001203 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2016-04-01 10:16 - 2016-04-01 10:16 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Mozilla
2016-04-01 10:16 - 2016-04-01 10:16 - 00000000 ____D C:\Users\Owner\AppData\Local\Thunderbird
2016-04-01 10:11 - 2016-04-05 09:40 - 00000000 ____D C:\Users\Owner\AppData\Roaming\HP
2016-04-01 10:11 - 2016-04-01 10:11 - 00000000 ____D C:\Users\Owner\AppData\Local\HP
2016-03-31 14:25 - 2016-03-31 14:25 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2016-03-31 13:19 - 2016-04-11 15:25 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\HPAppData
2016-03-31 12:13 - 2015-07-30 08:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2016-03-31 12:13 - 2015-07-30 08:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-03-31 11:19 - 2016-03-31 11:19 - 00002329 _____ C:\Users\Public\Desktop\Add a Device - Officejet 4500 G510a-f.lnk
2016-03-31 11:16 - 2016-04-19 03:39 - 00000000 ____D C:\Windows\system32\MRT
2016-03-31 11:16 - 2016-04-19 03:24 - 135176864 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-03-31 11:13 - 2014-06-30 17:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2016-03-31 11:13 - 2014-06-30 17:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2016-03-31 11:13 - 2014-06-06 01:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2016-03-31 11:13 - 2014-06-06 01:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2016-03-31 11:13 - 2014-03-09 16:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2016-03-31 11:13 - 2014-03-09 16:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2016-03-31 11:13 - 2014-03-09 16:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2016-03-31 11:13 - 2014-03-09 16:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2016-03-31 11:11 - 2015-09-23 08:18 - 00459344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-03-31 11:11 - 2015-09-23 08:18 - 00298192 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-03-31 11:11 - 2015-09-23 08:08 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-03-31 11:11 - 2015-09-14 16:40 - 00634432 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-03-31 11:11 - 2015-07-15 13:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2016-03-31 11:11 - 2015-07-15 13:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2016-03-31 11:11 - 2015-07-15 13:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2016-03-31 11:10 - 2016-02-12 13:52 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-03-31 11:10 - 2016-02-12 13:52 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-03-31 11:10 - 2016-02-12 13:52 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-03-31 11:10 - 2016-02-12 13:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-03-31 11:10 - 2016-02-12 13:39 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-03-31 11:10 - 2016-02-12 13:22 - 02610688 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-03-31 11:10 - 2016-02-12 13:19 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-03-31 11:10 - 2016-02-12 13:18 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-03-31 11:10 - 2016-02-12 13:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-03-31 11:10 - 2016-02-12 13:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-03-31 11:10 - 2016-02-12 13:18 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-03-31 11:10 - 2016-02-12 13:18 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-03-31 11:10 - 2016-02-12 13:06 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-03-31 11:10 - 2016-02-12 13:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-03-31 11:10 - 2016-02-12 13:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-03-31 11:10 - 2016-02-12 13:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-03-31 11:10 - 2015-12-08 16:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-03-31 11:10 - 2015-12-08 16:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-03-31 11:10 - 2015-12-08 16:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-03-31 11:10 - 2015-12-08 16:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-03-31 11:10 - 2015-12-08 16:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-03-31 11:10 - 2015-12-08 16:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-03-31 11:10 - 2015-12-08 16:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2016-03-31 11:10 - 2015-12-08 16:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-03-31 11:10 - 2015-12-08 16:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-03-31 11:10 - 2015-12-08 16:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-03-31 11:10 - 2015-12-08 16:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-03-31 11:10 - 2015-12-08 16:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-03-31 11:10 - 2015-12-08 16:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-03-31 11:10 - 2015-12-08 16:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-03-31 11:10 - 2015-12-08 16:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-03-31 11:10 - 2015-12-08 16:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2016-03-31 11:10 - 2015-12-08 16:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-03-31 11:10 - 2015-12-08 16:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-03-31 11:10 - 2015-12-08 16:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-03-31 11:10 - 2015-12-08 16:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-03-31 11:10 - 2015-12-08 16:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-03-31 11:10 - 2015-12-08 16:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-03-31 11:10 - 2015-12-08 16:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-03-31 11:10 - 2015-12-08 16:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-03-31 11:10 - 2015-12-08 16:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2016-03-31 11:10 - 2015-12-08 16:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-03-31 11:10 - 2015-12-08 16:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-03-31 11:10 - 2015-12-08 16:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-03-31 11:10 - 2015-12-08 16:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-03-31 11:10 - 2015-12-08 16:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-03-31 11:10 - 2015-12-08 16:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-03-31 11:10 - 2015-12-08 16:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-03-31 11:10 - 2015-12-08 16:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-03-31 11:10 - 2015-12-08 16:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll
2016-03-31 11:10 - 2015-12-08 16:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-03-31 11:10 - 2015-12-08 14:07 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-03-31 11:10 - 2015-12-08 14:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-03-31 11:10 - 2015-12-08 14:07 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-03-31 11:10 - 2015-12-08 14:07 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-03-31 11:10 - 2015-12-08 14:07 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-03-31 11:10 - 2015-12-08 14:07 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-03-31 11:10 - 2015-12-08 14:07 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-03-31 11:10 - 2015-12-08 14:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-03-31 11:10 - 2015-12-08 14:07 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-03-31 11:10 - 2015-12-08 14:07 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-03-31 11:10 - 2015-12-08 14:07 - 01026048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-03-31 11:10 - 2015-12-08 14:07 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2016-03-31 11:10 - 2015-12-08 14:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-03-31 11:10 - 2015-12-08 14:07 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-03-31 11:10 - 2015-12-08 14:07 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-03-31 11:10 - 2015-12-08 14:07 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-03-31 11:10 - 2015-12-08 14:07 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-03-31 11:10 - 2015-12-08 14:07 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-03-31 11:10 - 2015-12-08 14:07 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-03-31 11:10 - 2015-12-08 14:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-03-31 11:10 - 2015-12-08 14:07 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2016-03-31 11:10 - 2015-12-08 14:07 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-03-31 11:10 - 2015-12-08 14:07 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-03-31 11:10 - 2015-12-08 14:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-03-31 11:10 - 2015-12-08 14:07 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-03-31 11:10 - 2015-12-08 14:07 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-03-31 11:10 - 2015-12-08 14:07 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-03-31 11:10 - 2015-12-08 14:07 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-03-31 11:10 - 2015-12-08 14:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-03-31 11:10 - 2015-12-08 14:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-03-31 11:10 - 2015-12-08 14:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-03-31 11:10 - 2015-12-08 14:07 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-03-31 11:10 - 2015-12-08 14:07 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-03-31 11:10 - 2015-12-08 14:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2016-03-31 11:10 - 2015-12-08 14:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-03-31 11:10 - 2015-12-08 14:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-03-31 11:10 - 2015-12-08 14:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-03-31 11:10 - 2015-12-08 13:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-03-31 11:10 - 2015-12-08 13:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-03-31 11:10 - 2015-12-08 13:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2016-03-31 11:10 - 2015-07-30 13:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2016-03-31 11:10 - 2015-07-30 12:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2016-03-31 11:10 - 2015-07-14 22:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2016-03-31 11:09 - 2016-01-06 14:02 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-03-31 11:09 - 2016-01-06 14:02 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-03-31 11:09 - 2016-01-06 13:41 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-03-31 11:09 - 2015-11-10 13:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-03-31 11:09 - 2015-11-10 13:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-03-31 11:09 - 2015-11-10 13:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-03-31 11:09 - 2015-11-10 13:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2016-03-31 11:09 - 2015-11-10 13:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-03-31 11:09 - 2015-08-06 13:04 - 14176768 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-03-31 11:09 - 2015-08-06 13:03 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-03-31 11:09 - 2015-08-06 12:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-03-31 11:09 - 2015-08-06 12:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-03-31 11:09 - 2015-07-10 12:51 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2016-03-31 11:09 - 2015-07-10 12:51 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2016-03-31 11:09 - 2015-07-10 12:51 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2016-03-31 11:09 - 2015-07-10 12:34 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2016-03-31 11:09 - 2015-07-10 12:34 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2016-03-31 11:09 - 2015-07-10 12:33 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2016-03-31 11:09 - 2015-02-18 02:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2016-03-31 11:09 - 2015-02-18 02:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2016-03-31 11:09 - 2014-11-10 22:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2016-03-31 11:09 - 2014-11-10 21:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2016-03-31 11:09 - 2014-10-13 21:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2016-03-31 11:09 - 2011-11-17 01:35 - 00395776 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2016-03-31 11:09 - 2011-11-17 00:35 - 00314880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2016-03-31 11:08 - 2016-02-09 04:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2016-03-31 11:08 - 2016-02-05 13:54 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-03-31 11:08 - 2016-02-05 13:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-03-31 11:08 - 2016-02-05 13:53 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-03-31 11:08 - 2016-02-05 13:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-03-31 11:08 - 2016-02-05 13:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-03-31 11:08 - 2016-02-05 13:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-03-31 11:08 - 2016-02-05 13:42 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-03-31 11:08 - 2016-02-05 12:48 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-03-31 11:08 - 2016-02-05 12:43 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-03-31 11:08 - 2016-02-05 12:43 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-03-31 11:08 - 2016-02-04 20:19 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-03-31 11:08 - 2016-02-04 13:41 - 00296448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2016-03-31 11:08 - 2016-02-03 13:58 - 00862208 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-03-31 11:08 - 2016-02-03 13:52 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-03-31 11:08 - 2016-02-03 13:49 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-03-31 11:08 - 2016-02-03 13:43 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-03-31 11:08 - 2016-02-03 13:07 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2016-03-31 11:08 - 2016-01-07 12:42 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-03-31 11:08 - 2015-12-08 16:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-03-31 11:08 - 2015-12-08 14:07 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-03-31 11:08 - 2015-11-13 18:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2016-03-31 11:08 - 2015-11-13 18:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2016-03-31 11:08 - 2015-11-13 18:08 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2016-03-31 11:08 - 2015-11-13 17:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
2016-03-31 11:08 - 2015-11-13 17:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
2016-03-31 11:08 - 2015-11-13 17:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
2016-03-31 11:08 - 2015-11-11 13:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2016-03-31 11:08 - 2015-11-11 13:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2016-03-31 11:08 - 2015-11-11 13:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2016-03-31 11:08 - 2015-11-11 13:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2016-03-31 11:08 - 2015-11-05 14:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2016-03-31 11:08 - 2015-11-05 14:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2016-03-31 11:08 - 2015-11-05 04:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2016-03-31 11:08 - 2015-11-03 14:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2016-03-31 11:08 - 2015-11-03 13:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2016-03-31 11:08 - 2015-10-13 11:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2016-03-31 11:08 - 2015-10-13 11:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2016-03-31 11:08 - 2015-08-05 12:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2016-03-31 11:08 - 2015-07-14 22:19 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2016-03-31 11:08 - 2015-07-14 22:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2016-03-31 11:08 - 2015-07-14 21:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2016-03-31 11:08 - 2015-07-14 21:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2016-03-31 11:08 - 2015-07-09 12:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2016-03-31 11:08 - 2015-07-09 12:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2016-03-31 11:08 - 2015-07-09 12:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2016-03-31 11:08 - 2015-07-01 15:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2016-03-31 11:08 - 2015-07-01 15:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2016-03-31 11:08 - 2015-07-01 15:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2016-03-31 11:08 - 2015-07-01 15:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2016-03-31 11:08 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2016-03-31 11:08 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2016-03-31 11:08 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2016-03-31 11:08 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2016-03-31 11:08 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2016-03-31 11:08 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2016-03-31 11:08 - 2014-06-17 21:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2016-03-31 11:08 - 2014-06-17 20:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2016-03-31 11:02 - 2016-04-18 15:09 - 00000000 ____D C:\Users\Owner\AppData\Roaming\HpUpdate
2016-03-31 11:02 - 2016-03-31 11:02 - 00001058 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
2016-03-31 11:02 - 2016-03-31 11:02 - 00000000 ____D C:\ProgramData\HP Product Assistant
2016-03-31 11:01 - 2016-04-18 14:49 - 00000000 ____D C:\Windows\SysWOW64\spool
2016-03-31 11:01 - 2016-03-31 11:01 - 00001323 _____ C:\ProgramData\Microsoft\Windows\Start Menu\HP Solution Center.lnk
2016-03-31 11:01 - 2016-03-31 11:01 - 00001317 _____ C:\Users\Public\Desktop\HP Solution Center.lnk
2016-03-31 11:00 - 2016-04-18 14:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2016-03-31 10:59 - 2016-03-31 10:59 - 00000000 ____D C:\Windows\hpoj4500g510a-f
2016-03-31 10:59 - 2009-04-20 12:29 - 00136704 _____ (Hewlett-Packard Company) C:\Windows\system32\hpf3l70w.dll
2016-03-31 10:58 - 2016-04-18 14:47 - 00000000 ____D C:\Program Files (x86)\HP
2016-03-31 10:57 - 2016-04-18 14:47 - 00000000 ____D C:\ProgramData\HP
2016-03-31 10:57 - 2016-04-01 10:16 - 00171551 _____ C:\Windows\hpwins27.dat
2016-03-31 10:57 - 2016-01-22 01:18 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-03-31 10:57 - 2016-01-22 01:18 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-03-31 10:57 - 2016-01-22 01:17 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-03-31 10:57 - 2016-01-22 01:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-03-31 10:57 - 2016-01-22 01:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2016-03-31 10:57 - 2016-01-22 01:02 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-03-31 10:57 - 2016-01-22 01:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-03-31 10:57 - 2009-10-02 00:29 - 00000385 ____N C:\Windows\hpwmdl27.dat
2016-03-31 10:57 - 2009-08-17 13:34 - 00551424 _____ (Hewlett-Packard) C:\Windows\system32\hppldcoi.dll
2016-03-31 10:57 - 2009-08-17 13:27 - 01418240 _____ (Hewlett-Packard Co.) C:\Windows\system32\hpwtiop6.dll
2016-03-31 10:57 - 2009-08-17 13:27 - 00902656 _____ (Hewlett-Packard) C:\Windows\system32\hpwwiax7.dll
2016-03-31 10:57 - 2009-08-17 13:27 - 00503296 _____ (Hewlett-Packard Co.) C:\Windows\system32\hpwvst01.dll
2016-03-31 10:57 - 2009-08-17 13:26 - 00642360 _____ (Hewlett-Packard) C:\Windows\system32\hpzids40.dll
2016-03-31 10:56 - 2016-03-31 10:56 - 223315544 _____ C:\Users\Owner\Downloads\OJ4500vG510a-f_Full_13_en.exe
2016-03-31 10:56 - 2014-07-16 21:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2016-03-31 10:56 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2016-03-31 10:56 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2016-03-31 10:56 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2016-03-31 10:56 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2016-03-31 10:56 - 2014-07-16 20:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2016-03-31 10:56 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2016-03-31 10:56 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2016-03-31 10:54 - 2016-02-09 04:57 - 14634496 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-03-31 10:54 - 2016-02-09 04:57 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-03-31 10:54 - 2016-02-09 04:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-03-31 10:54 - 2016-02-09 04:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-03-31 10:54 - 2016-02-09 04:54 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-03-31 10:54 - 2016-02-09 04:51 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-03-31 10:54 - 2016-02-09 04:51 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-03-31 10:54 - 2016-02-09 04:13 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2016-03-31 10:54 - 2016-02-09 04:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2016-03-31 10:54 - 2016-02-09 04:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2016-03-31 10:54 - 2015-12-08 16:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-03-31 10:54 - 2015-12-08 14:07 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-03-31 10:54 - 2015-11-03 14:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2016-03-31 10:54 - 2015-11-03 13:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2016-03-31 10:54 - 2015-10-12 23:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2016-03-31 10:10 - 2016-04-14 10:41 - 35721216 _____ C:\Users\Owner\Documents\CARPET_W.QBW
2016-03-31 10:08 - 2016-03-31 10:08 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2016-03-31 09:48 - 2016-04-18 14:48 - 00000000 ____D C:\Windows\Intuit
2016-03-31 09:48 - 2016-04-18 14:47 - 00000000 ____D C:\Program Files (x86)\Intuit
2016-03-31 09:48 - 2016-03-31 09:48 - 00001041 _____ C:\Users\Public\Desktop\QuickBooks.lnk
2016-03-31 09:48 - 2016-03-31 09:48 - 00000064 _____ C:\Windows\QBWCD.INI
2016-03-31 09:48 - 2016-03-31 09:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickBooks
2016-03-31 09:48 - 1998-07-31 17:00 - 00065024 _____ (Intuit) C:\Windows\Icg32.dll
2016-03-31 09:48 - 1998-06-29 16:39 - 00006472 _____ C:\Windows\Icoadb32.dat
2016-03-31 09:47 - 1997-08-26 12:06 - 00315904 _____ (InstallShield Software Corporation) C:\Windows\IsUninst.exe
2016-03-31 09:41 - 2016-03-31 09:41 - 00001112 _____ C:\Users\Public\Desktop\OpenOffice 4.1.2.lnk
2016-03-31 09:41 - 2016-03-31 09:41 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.2
2016-03-31 09:40 - 2016-04-18 14:47 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2016-03-31 09:38 - 2016-04-18 14:47 - 00000000 ____D C:\Users\Owner\Desktop\OpenOffice 4.1.2 (en-US) Installation Files
2016-03-31 09:35 - 2016-03-31 09:38 - 140783556 _____ C:\Users\Owner\Downloads\Apache_OpenOffice_4.1.2_Win_x86_install_en-US.exe
2016-03-30 17:54 - 2016-04-11 08:14 - 00000107 ____H C:\DBAR_Ver.txt.crypt
2016-03-28 17:49 - 2016-03-28 17:49 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Macromedia
2016-03-28 17:40 - 2016-04-06 07:49 - 00066616 _____ C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2016-03-28 17:27 - 2016-03-28 17:27 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Invincea
2016-03-28 17:27 - 2016-03-28 17:27 - 00000000 ____D C:\Users\Owner\AppData\Local\Invincea
2016-03-28 12:25 - 2016-03-28 12:25 - 00000030 _____ C:\20160328090401_BACKUPMIGRATION_STATUS.INI
2016-03-28 12:24 - 2016-04-11 08:14 - 00000000 ____D C:\Users\Owner\Documents\readmes
2016-03-28 12:24 - 2016-04-11 08:14 - 00000000 ____D C:\Users\Owner\Documents\Paige
2016-03-28 12:24 - 2016-04-11 08:14 - 00000000 ____D C:\Users\Owner\Documents\My Scans
2016-03-28 12:24 - 2016-04-11 08:14 - 00000000 ____D C:\Users\Owner\Documents\JODY
2016-03-28 12:24 - 2016-04-11 08:14 - 00000000 ____D C:\Users\Owner\Documents\CLAIMS
2016-03-28 12:24 - 2016-04-11 08:14 - 00000000 ____D C:\Users\Owner\Documents\2016 Sales Reports
2016-03-28 12:24 - 2016-04-11 08:14 - 00000000 ____D C:\Users\Owner\Documents\2015 Sales Reports
2016-03-28 12:24 - 2016-04-11 08:14 - 00000000 ____D C:\Users\Owner\Documents\2014 Sales Reports
2016-03-28 12:24 - 2016-04-11 08:14 - 00000000 ____D C:\Users\Owner\Documents\2013 Sales Reports
2016-03-28 12:24 - 2016-04-11 08:14 - 00000000 ____D C:\Users\Owner\Documents\2012 Sales Reports
2016-03-28 12:24 - 2016-04-11 08:14 - 00000000 ____D C:\Users\Owner\Documents\2011 SALES REPORTS
2016-03-28 12:23 - 2016-04-19 14:49 - 00000000 ____D C:\ProgramData\SoftThinks
2016-03-28 12:23 - 2016-03-28 12:23 - 00000000 _SHDL C:\Users\Owner\My Documents
2016-03-28 12:23 - 2016-03-28 12:23 - 00000000 _SHDL C:\Users\Owner\Documents\My Videos
2016-03-28 12:23 - 2016-03-28 12:23 - 00000000 _SHDL C:\Users\Owner\Documents\My Pictures
2016-03-28 12:23 - 2016-03-28 12:23 - 00000000 _SHDL C:\Users\Owner\Documents\My Music
2016-03-28 12:11 - 2016-03-28 12:11 - 00000000 ____D C:\Windows\SMINST
2016-03-28 12:04 - 2016-04-11 08:14 - 00000000 ____D C:\20160328090401_BACKUP
2016-03-28 10:50 - 2016-03-28 10:50 - 00000000 __SHD C:\System Recovery
2016-03-28 10:49 - 2016-04-18 14:47 - 00000000 ____D C:\Users\Owner\AppData\Local\VirtualStore
2016-03-28 10:49 - 2016-03-28 10:49 - 00000118 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-03-28 10:49 - 2016-03-28 10:49 - 00000000 ____D C:\Windows\CSC

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-19 16:30 - 2015-10-21 19:22 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-19 16:01 - 2015-04-28 18:31 - 00201728 _____ (Cisco Systems Inc.) C:\Users\Owner\Desktop\TeslaDecrypter.exe
2016-04-19 16:01 - 2015-04-27 11:08 - 00000942 _____ C:\Users\Owner\Desktop\warranty_disclaimer.txt
2016-04-19 16:01 - 2015-04-24 22:17 - 00018092 _____ C:\Users\Owner\Desktop\COPYING
2016-04-19 14:50 - 2009-07-13 23:45 - 00020720 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-19 14:50 - 2009-07-13 23:45 - 00020720 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-19 14:49 - 2015-11-02 10:09 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2016-04-19 14:42 - 2015-11-02 09:59 - 00000000 __SHD C:\Users\Owner\IntelGraphicsProfiles
2016-04-19 14:41 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-19 09:06 - 2015-11-02 10:07 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-04-19 04:46 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2016-04-19 04:15 - 2009-07-14 00:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-19 04:15 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-04-19 04:09 - 2009-07-13 23:45 - 00302648 _____ C:\Windows\system32\FNTCACHE.DAT
2016-04-18 15:03 - 2010-11-20 21:50 - 00000000 ____D C:\Users\Owner
2016-04-18 14:58 - 2015-11-02 10:04 - 00000000 ____D C:\Program Files (x86)\Dell Digital Delivery
2016-04-18 14:58 - 2010-11-20 21:50 - 00000000 ____D C:\Users\Administrator
2016-04-18 14:58 - 2009-07-13 22:20 - 00000000 __RSD C:\Windows\Media
2016-04-18 14:58 - 2009-07-13 22:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-04-18 14:58 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\servicing
2016-04-18 14:58 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-04-18 14:57 - 2015-10-21 21:15 - 00000000 ___SD C:\Windows\system32\GWX
2016-04-18 14:56 - 2015-11-02 10:08 - 00000000 ____D C:\Program Files (x86)\Dell Update
2016-04-18 14:56 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat
2016-04-18 14:56 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-04-18 14:52 - 2010-11-21 02:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-04-18 14:51 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2016-04-18 14:49 - 2015-10-21 19:22 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-04-18 14:49 - 2010-11-21 02:06 - 00000000 ____D C:\Windows\SysWOW64\winrm
2016-04-18 14:49 - 2010-11-21 02:06 - 00000000 ____D C:\Windows\SysWOW64\WCN
2016-04-18 14:49 - 2010-11-21 02:06 - 00000000 ____D C:\Windows\SysWOW64\slmgr
2016-04-18 14:49 - 2010-11-21 02:06 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2016-04-18 14:49 - 2010-11-21 02:06 - 00000000 ____D C:\Windows\system32\winrm
2016-04-18 14:49 - 2010-11-21 02:06 - 00000000 ____D C:\Windows\system32\WCN
2016-04-18 14:49 - 2010-11-21 02:06 - 00000000 ____D C:\Windows\system32\slmgr
2016-04-18 14:49 - 2010-11-21 02:06 - 00000000 ____D C:\Windows\system32\Printing_Admin_Scripts
2016-04-18 14:49 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2016-04-18 14:49 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Web
2016-04-18 14:49 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Vss
2016-04-18 14:49 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\MUI
2016-04-18 14:49 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\Msdtc
2016-04-18 14:49 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2016-04-18 14:49 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\InstallShield
2016-04-18 14:49 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\IME
2016-04-18 14:49 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-04-18 14:49 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\com
2016-04-18 14:49 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\sysprep
2016-04-18 14:49 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\spool
2016-04-18 14:49 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\SMI
2016-04-18 14:48 - 2015-10-21 19:22 - 00000000 ____D C:\Windows\system32\Macromed
2016-04-18 14:48 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\Performance
2016-04-18 14:48 - 2009-07-13 23:45 - 00000000 ____D C:\Windows\Setup
2016-04-18 14:48 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\oobe
2016-04-18 14:48 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\MUI
2016-04-18 14:48 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\Msdtc
2016-04-18 14:48 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\migwiz
2016-04-18 14:48 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\IME
2016-04-18 14:48 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\Dism
2016-04-18 14:48 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\com
2016-04-18 14:48 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\security
2016-04-18 14:48 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\schemas
2016-04-18 14:48 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Resources
2016-04-18 14:48 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PLA
2016-04-18 14:48 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\IME
2016-04-18 14:48 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Help
2016-04-18 14:48 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Globalization
2016-04-18 14:48 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Branding
2016-04-18 14:47 - 2015-11-02 10:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-04-18 14:47 - 2015-11-02 10:12 - 00000000 ____D C:\ProgramData\Invincea
2016-04-18 14:47 - 2015-11-02 10:12 - 00000000 ____D C:\Program Files (x86)\Invincea
2016-04-18 14:47 - 2015-11-02 10:10 - 00000000 ____D C:\Program Files\Dell
2016-04-18 14:47 - 2015-11-02 10:07 - 00000000 ____D C:\ProgramData\Adobe
2016-04-18 14:47 - 2015-11-02 10:07 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-04-18 14:47 - 2015-11-02 10:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2016-04-18 14:47 - 2015-11-02 10:04 - 00000000 ____D C:\Program Files (x86)\Dell
2016-04-18 14:47 - 2015-11-02 10:02 - 00000000 ____D C:\ProgramData\Intel
2016-04-18 14:47 - 2015-11-02 10:01 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-04-18 14:47 - 2015-11-02 10:01 - 00000000 ____D C:\Program Files\Waves
2016-04-18 14:47 - 2015-11-02 10:01 - 00000000 ____D C:\Program Files\Realtek
2016-04-18 14:47 - 2015-11-02 10:01 - 00000000 ____D C:\Program Files (x86)\Realtek
2016-04-18 14:47 - 2015-11-02 09:55 - 00000000 ____D C:\Program Files\Intel
2016-04-18 14:47 - 2015-11-02 09:55 - 00000000 ____D C:\Program Files (x86)\Intel
2016-04-18 14:47 - 2015-10-21 19:23 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Adobe
2016-04-18 14:47 - 2015-10-21 19:22 - 00000000 ____D C:\Program Files\Dell Inc
2016-04-18 14:47 - 2011-02-10 09:25 - 00000000 ____D C:\dell
2016-04-18 14:47 - 2010-11-21 02:17 - 00000000 ____D C:\Program Files\Windows Journal
2016-04-18 14:47 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2016-04-18 14:47 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-04-18 14:47 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Defender
2016-04-18 14:47 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-04-18 14:47 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\MSBuild
2016-04-18 14:47 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\DVD Maker
2016-04-18 14:47 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2016-04-18 14:47 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-04-18 14:47 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-04-18 14:47 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-04-18 14:47 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-04-18 14:47 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Windows NT
2016-04-18 14:47 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\System
2016-04-18 14:47 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2016-04-18 14:47 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files (x86)\Windows NT
2016-04-11 08:14 - 2016-03-11 17:12 - 01081290 _____ C:\Users\Owner\Documents\Sales Tax Form.pdf.crypt
2016-04-11 08:14 - 2016-03-11 17:12 - 00358226 _____ C:\Users\Owner\Documents\Zootopia Tickets.pdf.crypt
2016-04-11 08:14 - 2016-03-08 10:24 - 00931067 _____ C:\Users\Owner\Downloads\HSurfacedwnld3_8_2016 10_22_57 AM.xls.crypt
2016-04-11 08:14 - 2016-03-08 10:22 - 00931067 _____ C:\Users\Owner\Downloads\HSurfacedwnld3_8_2016 10_22_30 AM.xls.crypt
2016-04-11 08:14 - 2015-12-08 12:50 - 00124319 _____ C:\Users\Owner\Documents\carpet residential install.pdf.crypt
2016-04-11 08:14 - 2015-12-08 12:50 - 00087364 _____ C:\Users\Owner\Documents\Home&Health Ad.odt.crypt
2016-04-11 08:14 - 2015-12-08 12:50 - 00081389 _____ C:\Users\Owner\Documents\Home&Health Ad.pdf.crypt
2016-04-11 08:14 - 2015-12-08 12:50 - 00015127 _____ C:\Users\Owner\Documents\DALTILE.ods.crypt
2016-04-11 08:14 - 2015-12-08 12:50 - 00014636 _____ C:\Users\Owner\Documents\J&J Invision.odt.crypt
2016-04-11 08:14 - 2015-12-08 12:50 - 00014577 _____ C:\Users\Owner\Documents\PAIGE.ods.crypt
2016-04-11 08:14 - 2015-12-08 12:50 - 00012379 _____ C:\Users\Owner\Documents\envelope doc.odt.crypt
2016-04-11 08:14 - 2015-12-08 12:50 - 00011628 _____ C:\Users\Owner\Documents\Libby-FNB-Pocahontas.odt.crypt
2016-04-11 08:14 - 2015-12-08 12:50 - 00011313 _____ C:\Users\Owner\Documents\BIGELOW.TONY SIMMONS.ods.crypt
2016-04-11 08:14 - 2015-12-08 12:50 - 00011106 _____ C:\Users\Owner\Documents\FAX.odt.crypt
2016-04-11 08:14 - 2015-12-08 12:50 - 00010959 _____ C:\Users\Owner\Documents\padspecs.odt.crypt
2016-04-11 08:14 - 2015-12-08 12:50 - 00010293 _____ C:\Users\Owner\Documents\JD.odt.crypt
2016-04-11 08:14 - 2015-12-08 12:50 - 00009802 _____ C:\Users\Owner\Documents\brothers estimate.odt.crypt
2016-04-11 08:14 - 2015-12-08 12:50 - 00009703 _____ C:\Users\Owner\Documents\cw ltr hd 2008.odt.crypt
2016-04-11 08:14 - 2015-12-08 12:50 - 00009189 _____ C:\Users\Owner\Documents\GT.odt.crypt
2016-04-11 08:14 - 2015-12-08 12:50 - 00002318 _____ C:\Users\Owner\Documents\Addresses.odb.crypt
2016-04-11 08:14 - 2015-12-08 12:49 - 00296492 _____ C:\Users\Owner\Documents\Ticketmaster.pdf.crypt
2016-04-11 08:14 - 2015-12-08 12:49 - 00081066 _____ C:\Users\Owner\Documents\TheCofC Ad.pdf.crypt
2016-04-11 08:14 - 2015-12-08 12:49 - 00018351 _____ C:\Users\Owner\Documents\Tri-County Invoice.odt.crypt
2016-04-11 08:14 - 2015-12-08 12:49 - 00015101 _____ C:\Users\Owner\Documents\Trevillion.odt.crypt
2016-04-11 08:14 - 2015-12-08 12:49 - 00012784 _____ C:\Users\Owner\Documents\queenspecs.odt.crypt
2016-04-11 08:14 - 2015-12-08 12:49 - 00011836 _____ C:\Users\Owner\Documents\REMANT LIST.ods.crypt
2016-04-11 08:14 - 2015-12-08 12:49 - 00011669 _____ C:\Users\Owner\Documents\TD AD APRIL 1.odt.crypt
2016-04-11 08:14 - 2011-02-10 09:25 - 00000000 ____D C:\Hotfix
2016-04-06 10:18 - 2010-11-20 22:27 - 00453280 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-04-01 10:11 - 2009-07-13 21:34 - 00000438 _____ C:\Windows\win.ini
2016-03-31 12:18 - 2011-02-10 09:33 - 00773568 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-03-28 16:36 - 2010-11-21 02:06 - 00000000 ____D C:\Windows\SysWOW64\sysprep
2016-03-28 16:36 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\Setup
2016-03-28 16:36 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\oobe
2016-03-28 16:36 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\Setup
2016-03-28 10:51 - 2010-11-20 21:51 - 00001415 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

==================== Files in the root of some directories =======

2016-04-11 08:13 - 2016-04-11 08:13 - 0000003 _____ () C:\ProgramData\450D798071F6.dat
2016-03-31 10:57 - 2016-04-01 10:16 - 0000895 _____ () C:\ProgramData\hpzinstall.log

Files to move or delete:
====================
C:\ProgramData\450D798071F6.dat

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-04-18 10:05

==================== End of FRST.txt ============================

 

2nd log file:

Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-04-2016
Ran by Owner (2016-04-19 16:33:24)
Running from C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NVXVS640
Windows 7 Professional Service Pack 1 (X64) (2015-11-02 15:17:54)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2582492385-2996337470-3751110407-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-2582492385-2996337470-3751110407-501 - Limited - Disabled)
Owner (S-1-5-21-2582492385-2996337470-3751110407-1000 - Administrator - Enabled) => C:\Users\Owner

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4500_G510af_Help (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510af (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden
4500G510af_Software_Min (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.15)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.15 - Adobe Systems Incorporated)
AVG (HKLM\...\AvgZen) (Version: 1.51.2.3593 - AVG Technologies)
AVG (Version: 16.61.7539 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4556 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.61.7539 - AVG Technologies)
AVG Zen (Version: 1.51.58 - AVG Technologies) Hidden
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.9.2.8 - Dell Inc.)
Dell Command | Update (HKLM-x32\...\{EC542D5D-B608-4145-A8F7-749C02BE6D94}) (Version: 2.1.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{693A23FB-F28B-4F7A-A720-4C1263F97F43}) (Version: 3.1.1002.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Foundation Services (HKLM\...\{90B2EE35-59D0-4A1F-B125-9F678D46A955}) (Version: 2.1.125.0 - Dell Inc.)
Dell Protected Workspace (HKLM-x32\...\{E2CAA395-66B3-4772-85E3-6134DBAB244E}) (Version: 4.0.18189 - Invincea, Inc.)
Dell Update (HKLM-x32\...\{3FB000F3-7444-41C1-A0A6-53E8FD0B7D9C}) (Version: 1.6.1007.0 - Dell Inc.)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
DocMgr (x32 Version: 130.0.000.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
FMW 1 (Version: 1.73.2 - AVG Technologies) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Officejet 4500 G510a-f (HKLM\...\{C98517B6-DCE9-49B7-B19E-E384178D3986}) (Version: 13.0 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.31.1000 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4170 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.4.40 - Intel Corporation)
Maxx Audio Installer (x64) (Version: 1.6.5073.107 - Waves Audio Ltd.) Hidden
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.7.1 - Mozilla)
Mozilla Thunderbird 38.7.2 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 38.7.2 (x86 en-US)) (Version: 38.7.2 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
QuickBooks 99 (HKLM-x32\...\QuickBooks 99) (Version:  - )
Realtek Audio COM Components (HKLM-x32\...\{2355B503-9B11-4449-861D-1C1748B26320}) (Version: 1.0.2 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6068 - Realtek Semiconductor Corp.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2582492385-2996337470-3751110407-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2582492385-2996337470-3751110407-1000_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\framebuf.dll => No File <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {54E47895-A8A7-4EBD-A367-1F1BDCCD7FD3} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-03-20] (Realtek Semiconductor)
Task: {6EC65FAF-C6A9-4144-AA75-185DCB0CED8C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-21] (Adobe Systems Incorporated)
Task: {B7C7814A-D4EF-41E8-88CF-D44E7B1C1C9E} - System32\Tasks\RunDFS => /c sc start "Dell Foundation Services"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-21 20:58 - 2015-04-13 21:12 - 00391784 _____ () C:\Windows\system32\igfxTray.exe
2016-04-19 09:27 - 2016-04-18 15:39 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll
2015-03-16 12:28 - 2015-03-16 12:28 - 00155528 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2014-11-10 13:12 - 2014-11-10 13:12 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2016-01-05 11:17 - 2015-12-18 17:52 - 01607920 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2015-11-02 10:09 - 2012-11-25 23:19 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2015-11-02 10:09 - 2014-02-18 15:12 - 00117568 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:539 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:582 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:680 [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-2582492385-2996337470-3751110407-1000\Software\Classes\.exe:  =>  <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2582492385-2996337470-3751110407-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.10.10.1 - 12.165.234.130
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{05896F49-A954-4313-9033-616063723502}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{A500CEC6-5FA6-49EC-991F-BBDDD45DA1AC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{7A341369-1DE0-44C4-AFEE-3720EE9AF07F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{8F2AF3FC-3C5E-4FAA-A962-E7A85AA717B6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{23ED182F-A092-4655-A593-6B50AEB88F8D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{5400A907-8B0C-4835-BD27-FECEE8DFB633}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{79AFF7E8-C5AC-490C-AC61-71CAA6F8D71D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{1B44C4CA-A317-4398-A58F-87BB9E13FCFD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{6F0EB150-4B66-40EF-ABE8-FBAE45D8E3F3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{177AC4F3-1B23-4FDD-97AF-078858A65D75}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{ABFCF7A6-6DAC-477A-87DD-4AF88A171B4B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{926F0092-6586-48C7-9452-062248A92224}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{305E5AF4-29C8-47F0-AD21-2E6E8009D7D0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{CBB7CA76-5B93-458E-87BC-57ABBABA56AA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{74B73984-F5C8-4AA9-95CF-070A062E0F39}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{BAFDB781-6DFF-479A-BF33-A94CA5469371}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{2785615A-2A51-4D39-A12B-98CFDDA9878F}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{6A92ED34-051E-4358-9E08-583E8C7891E7}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{3C70AFED-CEE9-4B6A-BC97-9711E1CEAA5E}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{BEBFB485-7E04-478A-9D3F-A656A04F6DE6}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{FC6FB08F-C6F6-40F7-9666-F7D8B2248D93}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{D96BFBDF-0227-4C47-A0D7-C226145379AA}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{2859A254-64CC-4CEE-A695-DE8EF33E74FF}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{481C6102-FC33-4DE8-93A6-12DD5D2C08C3}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe

==================== Restore Points =========================

15-04-2016 16:26:46 Installed AVG 2016
15-04-2016 16:27:07 Installed AVG
18-04-2016 14:45:19 Restore Operation
18-04-2016 15:57:55 Windows Update
19-04-2016 03:03:23 Windows Update
19-04-2016 08:58:36 Windows Defender Checkpoint
19-04-2016 09:31:47 Installed AVG 2016
19-04-2016 09:32:48 Installed AVG

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (04/19/2016 02:41:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/19/2016 09:00:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/19/2016 08:58:36 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {c7a7a496-9cef-4e6e-bf20-1c73dcf895b7}

Error: (04/19/2016 04:10:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/18/2016 03:03:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/18/2016 09:19:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/15/2016 04:56:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/15/2016 04:31:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.18283 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1790

Start Time: 01d1975df4143600

Termination Time: 9

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id: 75a802d2-0351-11e6-bfb1-64006a1163a9

Error: (04/15/2016 03:09:52 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {6ae5d302-f480-403b-8e36-b5dda5424809}

Error: (04/15/2016 10:54:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (04/19/2016 04:30:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Dell Foundation Services service failed to start due to the following error:
%%1053

Error: (04/19/2016 04:30:02 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Dell Foundation Services service to connect.

Error: (04/19/2016 04:25:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Dell Foundation Services service failed to start due to the following error:
%%1053

Error: (04/19/2016 04:25:02 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Dell Foundation Services service to connect.

Error: (04/19/2016 04:20:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Dell Foundation Services service failed to start due to the following error:
%%1053

Error: (04/19/2016 04:20:02 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Dell Foundation Services service to connect.

Error: (04/19/2016 04:15:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Dell Foundation Services service failed to start due to the following error:
%%1053

Error: (04/19/2016 04:15:02 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Dell Foundation Services service to connect.

Error: (04/19/2016 04:10:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Dell Foundation Services service failed to start due to the following error:
%%1053

Error: (04/19/2016 04:10:02 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Dell Foundation Services service to connect.

==================== Memory info ===========================

Processor: Intel® Core™ i5-4590 CPU @ 3.30GHz
Percentage of memory in use: 79%
Total physical RAM: 4014.54 MB
Available physical RAM: 818.73 MB
Total Virtual: 8027.27 MB
Available Virtual: 4426.75 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:453.99 GB) (Free:401.61 GB) NTFS
Drive e: (TravelDrive) (Removable) (Total:0.96 GB) (Free:0.01 GB) FAT
Drive y: (RECOVERY) (Fixed) (Total:11.73 GB) (Free:3.23 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 56379F00)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=11.7 GB) - (Type=27)
Partition 3: (Not Active) - (Size=454 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 984 MB) (Disk ID: 3517C84C)
Partition 1: (Active) - (Size=984 MB) - (Type=0E)

==================== End of Addition.txt ============================


Edited by jakkwb, 19 April 2016 - 04:38 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:46 PM

Posted 20 April 2016 - 07:38 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

You might get lucky and decryp your files with the program listed on this page.

http://www.bleepingcomputer.com/news/security/gomasom-crypt-ransomware-decrypted/

Read the instructions with attention.

There is also a link to get help at the end of the topic.

If you are successful then run the FRST tool and post fresh log for my review.

Good luck.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:46 PM

Posted 26 April 2016 - 10:09 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users