Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspecting Malmare - critical MS Sign In error suddently et al.


  • This topic is locked This topic is locked
27 replies to this topic

#1 shley

shley

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 29 May 2016 - 08:24 PM

I had a strange error earlier today with Win 10 laptop saying there was a Sign In critical error.  I also experienced recently a strange issue during work on a spreadsheet where the screen would suddenly go black for a few seconds and then return.  I ran Kaspersky's vulnerability tool and decided to remove all flash and shockwave.  After that, I thought the system worked better but I did not go back to the spreadsheet. 

One note: I had to manually delete the Macromed file folder by using the Elevate This tool.  That worked well but not sure why I had to do that since the uninstaller should have removed all remnants.

I also own HitMan Pro and CC Cleaner (I do not use the registry cleaner tool) and use them once a week.

Thanks for helping me.



BC AdBot (Login to Remove)

 


#2 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:06:13 PM

Posted 02 June 2016 - 06:03 AM

I'm going to need some more information. If you will tell me the make and model of this computer that would be nice. And if you could do the following:

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.

Reviewing these logs will take a day or so, just for a heads up.
To err is Human. To blame it on someone else is even more Human.

#3 shley

shley
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 02 June 2016 - 09:19 PM

Here is the log you requested.  Also, I had turned my shockwave add on 3rd party OFF because I thought it was the causing issues.  Now, when I go and try to enable it back on, I still receive a window on the bottom of almost every webpage stating "This webpags wants to run add-on: 'Control name is not available' from 'Not Available.'   

Very frustrating because even if I do Allow it for ALL Websites, the same msg comes back.

 

Here's the FRST log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:01-06-2016
Ran by vinto (administrator) on LAPTOP-DC8405CV (02-06-2016 22:13:41)
Running from C:\Users\vinto\Desktop
Loaded Profiles: vinto (Available Profiles: vinto)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.exe
(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Absolute Software Corp.) C:\ProgramData\Rpcnet\Bin\rpcld.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avpui.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(HP Development Company, L.P.) C:\Program Files (x86)\HP\HP CoolSense\CoolSense.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(HP) C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Absolute Software Corp.) C:\Windows\SysWOW64\AbtSvcHost_.exe
(Intel Corporation) C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8725248 2015-11-30] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-09-09] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [DeliveryAndStatusCheck] => C:\Program Files\HP\HP ePrint\HP.DeliveryAndStatus.Desktop.App.exe [301832 2015-11-10] (HP)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [4246120 2015-12-11] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-03-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [127528 2015-07-08] (Hewlett-Packard Company)
HKLM-x32\...\Run: [PowerDVD14Agent] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795336 2015-10-29] (CyberLink Corp.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [657424 2015-09-03] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPRadioMgr] => C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe [258600 2016-01-05] (HP)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24106064 2016-06-02] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498720 2016-04-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2313408 2016-04-07] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer: [NoInstrumentation] 1
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKU\S-1-5-21-2166395518-3036358482-3362634291-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8721624 2016-05-13] (Piriform Ltd)
HKU\S-1-5-21-2166395518-3036358482-3362634291-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [52142720 2016-04-29] (Skype Technologies S.A.)
HKU\S-1-5-21-2166395518-3036358482-3362634291-1001\...\Run: [Copernic Desktop Search 5] => C:\Program Files (x86)\Copernic\DesktopSearch\Copernic.DesktopSearch.exe [1173256 2016-04-01] (Copernic, a division of N. Harris Computer Systems)
HKU\S-1-5-21-2166395518-3036358482-3362634291-1001\...\Policies\Explorer: [ConfirmFileDelete] 1
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-04-01] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-04-01] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-04-01] ()
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-02] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2016-03-07]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\vinto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2016-03-07]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\vinto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2016-05-24]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.200.1
Tcpip\..\Interfaces\{0ab30f0a-004a-4c85-94f0-5e2dadd300ee}: [DhcpNameServer] 192.168.200.1
Tcpip\..\Interfaces\{98bd66e3-9c0b-4bdf-90cf-220a79e7011c}: [DhcpNameServer] 192.168.200.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2166395518-3036358482-3362634291-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-2166395518-3036358482-3362634291-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-2166395518-3036358482-3362634291-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-12-05] (AO Kaspersky Lab)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-19] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-07-01] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2015-12-05] (AO Kaspersky Lab)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-19] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-02-25] (HP)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-12-05] (AO Kaspersky Lab)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2015-12-05] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2166395518-3036358482-3362634291-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://akamaicdn.webex.com/client/WBXclient-T30L10NSP5EP2-10002/event/ieatgpc1.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-04-07] (Adobe Systems)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-25] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-25] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-19] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2016-04-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-04-07] (Adobe Systems)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2016-05-31]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKU\S-1-5-21-2166395518-3036358482-3362634291-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cnnbdaahphjgdgfhliignpepgnbnfomp] - c:\program files (x86)\copernic\desktopsearch\ChromeConnector\ChromeConnector.crx [2016-04-01]
CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2016-04-23]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AbtSvcHost; C:\windows\SysWOW64\AbtSvcHost_.exe [84888 2015-10-09] (Absolute Software Corp.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [694464 2016-04-07] (Adobe Systems Incorporated)
R2 AESMService; C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe [3744904 2015-06-19] (Intel Corporation)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated)
R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe [194000 2015-12-05] (Kaspersky Lab ZAO)
S3 becldr3Service; C:\Program Files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [263168 2013-07-03] () [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
S3 cplspcon; C:\Windows\system32\IntelCpHDCPSvc.exe [623072 2016-01-26] (Intel Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-03-06] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-03-06] (Dropbox, Inc.)
R2 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [1385640 2015-07-13] (Intel Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-09-09] (NVIDIA Corporation)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-05-11] (SurfRight B.V.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [28552 2016-04-26] (Hewlett-Packard Company)
R2 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [606224 2015-09-03] (Hewlett-Packard Development Company, L.P.)
R2 ibtsiva; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [165104 2015-08-07] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373728 2016-01-26] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
S3 Intel® WiDi SAM; C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-09-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2015-09-12] (Intel Corporation)
S3 MyWiFiDHCPDNS; c:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-10-28] ()
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1868432 2015-09-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-09-09] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 rpcld; C:\ProgramData\Rpcnet\Bin\rpcld.exe [184840 2016-02-03] (Absolute Software Corp.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [307456 2015-11-30] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [251496 2015-12-11] (Synaptics Incorporated)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [82952 2015-12-10] (Synaptics Incorporated)
S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 ZeroConfigService; c:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831712 2015-10-28] (Intel® Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 clwvd6; C:\Windows\system32\DRIVERS\clwvd6.sys [41400 2015-08-31] (CyberLink Corporation)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows ® Win 7 DDK provider)
R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [43512 2015-07-13] (Intel Corporation)
R3 esif_lf; C:\Windows\system32\DRIVERS\esif_lf.sys [251384 2015-07-13] (Intel Corporation)
R1 glancedrv; C:\Windows\system32\DRIVERS\glancedrv.sys [36384 2009-05-13] (Glance Networks, Inc)
R3 iaLPSS2_GPIO2; C:\Windows\System32\drivers\iaLPSS2_GPIO2.sys [84264 2015-06-16] (Intel Corporation)
R3 iaLPSS2_I2C; C:\Windows\System32\drivers\iaLPSS2_I2C.sys [185128 2015-06-16] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [259824 2015-08-07] (Intel Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70512 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [77728 2016-05-10] (AO Kaspersky Lab)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [30328 2015-06-24] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [181640 2015-12-05] (AO Kaspersky Lab)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [238000 2016-05-23] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [933808 2016-05-23] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [49240 2016-05-23] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [41656 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2015-12-05] (AO Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [87984 2016-05-23] (AO Kaspersky Lab)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [102584 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [185088 2015-09-01] (Intel Corporation)
S3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3509512 2015-11-05] (Intel Corporation)
R3 Netwtw02; C:\Windows\System32\drivers\Netwtw02.sys [6731520 2016-01-19] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-09-09] (NVIDIA Corporation)
S3 NVSWCFilter; C:\Windows\System32\drivers\nvswcfilter.sys [19616 2015-09-09] (Windows ® Win 7 DDK provider)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [46768 2015-09-09] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [895256 2015-09-09] (Realtek                                            )
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [752856 2015-06-22] (Realsil Semiconductor Corporation)
S3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402136 2015-06-22] (Realsil Semiconductor Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [58984 2015-12-11] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [62568 2015-12-11] (Synaptics Incorporated)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30544 2015-08-13] (HP)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-02 22:13 - 2016-06-02 22:14 - 00031581 _____ C:\Users\vinto\Desktop\FRST.txt
2016-06-02 22:13 - 2016-06-02 22:13 - 02383872 _____ (Farbar) C:\Users\vinto\Desktop\FRST64.exe
2016-06-02 22:13 - 2016-06-02 22:13 - 00000000 ____D C:\FRST
2016-06-02 21:57 - 2016-06-02 21:57 - 00000000 ___HD C:\OneDriveTemp
2016-06-02 21:56 - 2016-06-02 21:56 - 00000180 _____ C:\windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-06-02 20:17 - 2016-06-02 20:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-06-02 17:48 - 2016-06-02 17:48 - 02829418 _____ C:\Users\vinto\Documents\EndNoteLib_Weech-V-Ashley.enl
2016-06-02 14:18 - 2016-06-02 14:18 - 00135504 _____ C:\Users\vinto\Desktop\Attachment and development_longitudinal_Sroufe_2005.pdf
2016-06-01 20:24 - 2016-06-01 20:24 - 00581508 _____ C:\Users\vinto\Desktop\Considering Valuation of Noncognitive Skills in BCA_2015.pdf
2016-05-31 21:51 - 2016-05-31 21:51 - 00003972 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2016-05-31 21:23 - 2016-05-31 21:23 - 00000000 ___RD C:\Users\vinto\Creative Cloud Files
2016-05-31 21:22 - 2016-05-31 21:22 - 00001327 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2016-05-31 21:22 - 2016-05-31 21:22 - 00001315 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2016-05-31 21:14 - 2016-05-31 21:14 - 00695488 _____ (Adobe Systems Incorporated) C:\Users\vinto\Downloads\CreativeCloudSet-Up.exe
2016-05-31 20:24 - 2016-05-31 20:24 - 00002471 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
2016-05-31 20:24 - 2016-05-31 20:24 - 00002314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
2016-05-31 20:24 - 2016-05-31 20:24 - 00002135 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2016-05-31 20:15 - 2016-05-31 20:21 - 256462848 _____ C:\Users\vinto\Downloads\AcrobatUpd11016.msp
2016-05-31 19:39 - 2016-05-31 19:39 - 00002244 _____ C:\Users\Public\Desktop\Adobe FormsCentral.lnk
2016-05-31 19:39 - 2016-05-31 19:39 - 00002112 _____ C:\Users\Public\Desktop\Adobe Acrobat XI Pro.lnk
2016-05-31 19:37 - 2016-05-31 21:21 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-05-31 18:26 - 2016-05-31 18:43 - 729936528 _____ (Adobe Systems Incorporated) C:\Users\vinto\Downloads\AcrobatPro_11_Web_WWMUI(2).exe
2016-05-31 18:03 - 2016-05-31 18:05 - 00000000 ____D C:\Users\vinto\Desktop\Adobe Acrobat XI
2016-05-31 17:52 - 2016-05-31 17:52 - 00666894 _____ C:\Users\vinto\Downloads\acrobat_ittools_cleaner_p2_061713.zip
2016-05-31 17:52 - 2016-05-31 17:52 - 00000000 ____D C:\Users\vinto\Downloads\acrobat_ittools_cleaner_p2_061713
2016-05-31 06:14 - 2016-05-31 09:55 - 00002078 _____ C:\Users\vinto\Desktop\Rkill.txt
2016-05-30 20:21 - 2016-05-30 20:21 - 00028272 _____ C:\windows\system32\Drivers\TrueSight.sys
2016-05-30 19:47 - 2016-05-30 19:47 - 03677248 _____ C:\Users\vinto\Downloads\adwcleaner_5.119.exe
2016-05-30 19:09 - 2016-04-22 03:57 - 00453288 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2016-05-30 18:48 - 2009-05-13 10:56 - 00042016 _____ (Glance Networks, Inc) C:\windows\system32\glancedrv.dll
2016-05-30 18:48 - 2009-05-13 10:56 - 00036384 _____ (Glance Networks, Inc) C:\windows\system32\Drivers\glancedrv.sys
2016-05-30 18:46 - 2016-05-30 18:46 - 00000000 ____D C:\Users\vinto\AppData\Local\III
2016-05-30 18:32 - 2016-05-30 18:33 - 00000000 ____D C:\ProgramData\{3F06E471-FD45-4DB4-83A5-E68D149EA29F}
2016-05-30 13:22 - 2016-05-30 13:22 - 00003656 _____ C:\windows\System32\Tasks\CreateExplorerShellUnelevatedTask
2016-05-30 13:16 - 2016-06-01 16:54 - 00000000 ____D C:\Users\vinto\AppData\Local\CrashDumps
2016-05-30 12:46 - 2016-05-30 12:46 - 00000207 _____ C:\windows\tweaking.com-regbackup-LAPTOP-DC8405CV-Windows-10-Pro-(64-bit).dat
2016-05-30 12:46 - 2016-05-30 12:46 - 00000000 ____D C:\RegBackup
2016-05-30 12:42 - 2016-05-30 12:42 - 00003782 _____ C:\windows\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2016-05-30 12:42 - 2016-05-30 12:42 - 00002267 _____ C:\Users\vinto\Desktop\Tweaking.com - Windows Repair.lnk
2016-05-30 12:42 - 2016-05-30 12:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-05-30 12:41 - 2016-05-30 12:41 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2016-05-30 11:40 - 2016-05-30 11:40 - 00000912 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2016-05-30 11:37 - 2016-05-30 11:40 - 28899440 _____ (Adlice Software ) C:\Users\vinto\Downloads\setup.exe
2016-05-30 11:34 - 2016-05-30 11:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-05-30 11:34 - 2016-05-30 11:40 - 00000000 ____D C:\Program Files\RogueKiller
2016-05-30 02:03 - 2016-05-30 02:03 - 00000000 ____D C:\Users\vinto\Downloads\log
2016-05-30 00:24 - 2016-05-30 00:24 - 00660796 _____ C:\Users\vinto\AppData\Local\census.cache
2016-05-30 00:23 - 2016-05-30 00:23 - 00230029 _____ C:\Users\vinto\AppData\Local\ars.cache
2016-05-29 21:31 - 2016-05-30 02:05 - 06229392 _____ (Trend Micro, Inc. ) C:\Users\vinto\Downloads\RUBottedSetup.exe
2016-05-29 21:26 - 2016-05-29 21:26 - 00000010 _____ C:\Users\vinto\AppData\Local\sponge.last.runtime.cache
2016-05-29 21:20 - 2016-05-30 02:13 - 00000000 ____D C:\ProgramData\Trend Micro
2016-05-29 21:13 - 2016-05-29 21:48 - 00388608 _____ (Trend Micro Inc.) C:\Users\vinto\Downloads\HijackThis.exe
2016-05-29 21:12 - 2016-05-29 21:12 - 00000036 _____ C:\Users\vinto\AppData\Local\housecall.guid.cache
2016-05-29 21:12 - 2015-05-29 03:43 - 00307352 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\tmcomm.sys
2016-05-29 21:10 - 2016-05-30 02:03 - 14880768 _____ (Trend Micro Inc.) C:\Users\vinto\Downloads\RootkitBusterV5.0-1198x64.exe
2016-05-29 21:03 - 2016-05-29 21:03 - 00283330 _____ C:\Users\vinto\Desktop\Noblesville High instructor pushes to change the educational system_2016.pdf
2016-05-29 20:56 - 2016-05-29 20:56 - 00863452 _____ C:\Users\vinto\Desktop\Another Study Finds That Poverty Helps Create Lack Of Self-Control – Not The.pdf
2016-05-29 20:55 - 2016-05-29 20:56 - 00107489 _____ C:\Users\vinto\Desktop\Educational Leadership_The Working Lives of Educators_Teachers at the Wheel.pdf
2016-05-29 20:33 - 2016-05-29 21:24 - 00000000 ____D C:\ProgramData\RogueKiller
2016-05-29 20:18 - 2016-05-30 12:41 - 21382440 _____ (Tweaking.com) C:\Users\vinto\Downloads\tweaking.com_windows_repair_aio_setup.exe
2016-05-29 20:13 - 2016-05-29 20:25 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\vinto\Desktop\rkill.exe
2016-05-29 09:14 - 2016-05-29 09:14 - 00037014 _____ C:\Users\vinto\Documents\cc_20160529_091429.reg
2016-05-29 08:54 - 2016-05-30 19:44 - 01549765 _____ C:\Users\vinto\Downloads\TakeOwnership.zip
2016-05-29 08:54 - 2016-05-29 08:54 - 00000000 ____D C:\Users\vinto\Downloads\TakeOwnership
2016-05-29 08:28 - 2016-05-29 08:28 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2016-05-29 08:22 - 2016-05-29 08:22 - 00000000 ____D C:\Users\vinto\AppData\Roaming\Macromedia
2016-05-29 03:02 - 2016-05-30 02:05 - 00000000 ____D C:\Users\vinto\Downloads\TMRBLog
2016-05-29 03:02 - 2016-05-29 03:02 - 00003312 _____ C:\windows\System32\Tasks\{08C30092-88FD-4F3D-9448-5181F9AC0870}
2016-05-29 02:54 - 2016-05-29 02:54 - 01610816 _____ (Malwarebytes) C:\Users\vinto\Downloads\JRT.exe
2016-05-28 22:05 - 2016-05-28 22:05 - 00004096 ____H C:\Users\vinto\AppData\Local\keyfile3.drm
2016-05-28 21:57 - 2016-05-30 19:08 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-28 21:57 - 2016-05-28 21:57 - 00001198 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-05-28 21:57 - 2016-05-28 21:57 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-05-28 21:57 - 2016-05-28 21:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-05-28 21:57 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2016-05-28 21:57 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2016-05-28 21:57 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2016-05-28 09:43 - 2016-05-28 09:43 - 00000213 _____ C:\Users\vinto\Documents\OfflineLicense.lic
2016-05-28 01:48 - 2016-05-28 01:48 - 00594234 _____ C:\Users\vinto\Desktop\Early Childhood Interventions_Proven Results_Karoly_RAND_MG341.pdf
2016-05-27 16:42 - 2016-05-27 16:43 - 00152085 _____ C:\Users\vinto\Desktop\A Powerful Collaboration for Cincinnati's Children.pdf
2016-05-27 14:21 - 2016-05-27 14:21 - 02950595 _____ C:\Users\vinto\Desktop\Cincinnati Promise_Expanding Access to Quality Preschool_2016.pdf
2016-05-26 11:57 - 2016-05-26 11:57 - 00000000 __SHD C:\found.003
2016-05-25 19:36 - 2016-05-25 19:36 - 00000000 __SHD C:\found.002
2016-05-25 15:09 - 2016-05-25 15:09 - 24790511 _____ C:\Users\vinto\Desktop\chapter 5-b.pdf
2016-05-25 11:45 - 2016-05-25 11:45 - 00733287 _____ C:\Users\vinto\Desktop\Want Culture to Support Change_5 Questions to Help Leaders_2016.pdf
2016-05-24 21:36 - 2016-05-24 21:36 - 00000000 ____D C:\Users\vinto\Documents\OneNote Notebooks
2016-05-24 08:21 - 2016-05-24 08:21 - 00002374 _____ C:\Users\vinto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-05-24 00:40 - 2016-05-24 00:41 - 02770153 _____ C:\Users\vinto\Desktop\32 Legitimate Ways to Make Money at Home - The Penny Hoarder.pdf
2016-05-23 21:59 - 2016-05-23 21:59 - 00000000 __SHD C:\found.001
2016-05-23 08:40 - 2016-05-23 08:39 - 00933808 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\klif.sys
2016-05-23 08:40 - 2016-05-23 08:39 - 00087984 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\klwfp.sys
2016-05-23 08:40 - 2016-05-23 08:39 - 00049240 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\klim6.sys
2016-05-23 08:40 - 2016-05-23 08:38 - 00238000 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\klhk.sys
2016-05-22 19:16 - 2016-05-22 19:16 - 00001131 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2016-05-22 19:16 - 2009-12-30 11:21 - 00031800 _____ (VS Revo Group) C:\windows\system32\Drivers\revoflt.sys
2016-05-21 18:39 - 2016-05-21 18:39 - 00159600 _____ C:\Users\vinto\Desktop\Resource Library_National Network of State Teachers of the Year.pdf
2016-05-21 08:47 - 2016-06-02 14:47 - 00003256 _____ C:\windows\System32\Tasks\HPCeeScheduleForvinto
2016-05-21 08:47 - 2016-06-02 14:47 - 00000364 _____ C:\windows\Tasks\HPCeeScheduleForvinto.job
2016-05-20 10:57 - 2016-05-20 11:23 - 00000245 _____ C:\Users\vinto\Desktop\APSE.txt
2016-05-20 10:47 - 2016-05-20 10:48 - 00938948 _____ C:\Users\vinto\Desktop\Teacher-mobility-Great-Recession_Goldhaber_2016.pdf
2016-05-20 05:35 - 2016-05-20 05:36 - 00000315 _____ C:\Users\vinto\Desktop\Web to PDFs.txt
2016-05-20 05:28 - 2016-05-20 05:28 - 00000000 _____ C:\Users\vinto\Desktop\How to Teach Students Grit_The Atlantic_2016.pdf
2016-05-19 14:55 - 2016-05-19 14:55 - 00000000 ____D C:\Users\vinto\AppData\Local\CEF
2016-05-19 14:03 - 2016-05-19 14:03 - 00002000 _____ C:\Users\Public\Desktop\AVS Document Editor.lnk
2016-05-19 14:03 - 2016-05-19 14:03 - 00000000 ____D C:\Program Files\AVS4YOU
2016-05-19 13:44 - 2016-05-19 14:02 - 128431944 _____ (Online Media Technologies Ltd. ) C:\Users\vinto\Downloads\AVSDocumentEditor64.exe
2016-05-19 07:27 - 2016-05-19 07:27 - 00130179 _____ C:\Users\vinto\Desktop\Liberty_Center-for-Curriculum-Redesign_20160519.pdf
2016-05-19 01:15 - 2016-05-19 01:15 - 05561230 _____ C:\Users\vinto\Desktop\Evolving-Assessments-for-the-21st-Century-Report-Feb-15-Final-by-CCR-ARC.pdf
2016-05-18 23:46 - 2016-05-18 23:46 - 22329476 _____ C:\Users\vinto\Desktop\Four-Dimensional-Education_Fadel_Bialik_Trilling_2015.pdf
2016-05-18 23:28 - 2016-05-18 23:28 - 00052311 _____ C:\Users\vinto\Desktop\Four Pillars of Learning_Zhao.pdf
2016-05-18 23:09 - 2016-05-18 23:15 - 20578804 _____ C:\Users\vinto\Downloads\Four-DimensionalEducation_FadelBialikTrilling2015.pdf
2016-05-17 06:56 - 2016-05-17 06:56 - 00063077 _____ C:\Users\vinto\Desktop\Tompkins-Stange_Policy-Patrons-Foreword.pdf
2016-05-17 00:38 - 2016-05-17 00:38 - 02469322 _____ C:\Users\vinto\Desktop\Nutritional Assessment Early Life.pdf
2016-05-15 17:49 - 2016-05-15 17:49 - 00199391 _____ C:\Users\vinto\Desktop\Weech_WIP_Curriculum_sequence_and_progress.pdf
2016-05-13 22:38 - 2016-05-13 22:38 - 00002231 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Copernic Desktop Search 5.lnk
2016-05-13 22:38 - 2016-05-13 22:38 - 00002219 _____ C:\Users\Public\Desktop\Copernic Desktop Search 5.lnk
2016-05-13 22:38 - 2016-05-13 22:38 - 00000000 ____D C:\Program Files (x86)\Copernic
2016-05-13 21:06 - 2016-05-11 15:57 - 00829944 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-05-13 21:06 - 2016-05-11 15:57 - 00176632 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-13 20:37 - 2016-05-13 20:37 - 00000000 __SHD C:\found.000
2016-05-13 08:35 - 2016-05-13 22:37 - 22937864 _____ (Copernic, a division of N. Harris Computer Systems) C:\Users\vinto\Downloads\copernicdesktopsearch.exe
2016-05-13 01:47 - 2016-05-13 01:47 - 05995712 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2016-05-13 01:46 - 2016-05-13 01:54 - 00296984 _____ C:\Users\vinto\Desktop\Liberty_Letter-of-Acceptance-EdD_20160513.pdf
2016-05-11 03:09 - 2016-05-11 03:09 - 03989054 _____ C:\Users\vinto\Documents\Calendar and Record_Revolutionary War in the South_2011.pdf
2016-05-11 02:07 - 2016-05-11 02:07 - 06676621 _____ C:\Users\vinto\Downloads\cws00157.jp2
2016-05-10 23:37 - 2016-05-10 23:37 - 00015703 _____ C:\windows\system32\OEMDefaultAssociations.xml
2016-05-10 23:26 - 2016-04-23 01:09 - 22561256 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2016-05-10 23:26 - 2016-04-23 01:08 - 06605504 _____ (Microsoft Corporation) C:\windows\system32\windows.storage.dll
2016-05-10 23:26 - 2016-04-23 00:31 - 13018112 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Xaml.dll
2016-05-10 23:26 - 2016-04-23 00:30 - 22379008 _____ (Microsoft Corporation) C:\windows\system32\edgehtml.dll
2016-05-10 23:26 - 2016-04-23 00:28 - 16984576 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Xaml.dll
2016-05-10 23:26 - 2016-04-23 00:26 - 00059904 _____ (Microsoft Corporation) C:\windows\SysWOW64\MosStorage.dll
2016-05-10 23:26 - 2016-04-23 00:25 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\MapsBtSvc.dll
2016-05-10 23:26 - 2016-04-23 00:23 - 11545088 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll
2016-05-10 23:26 - 2016-04-23 00:22 - 00460800 _____ (Microsoft Corporation) C:\windows\system32\MapConfiguration.dll
2016-05-10 23:26 - 2016-04-23 00:20 - 19344384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2016-05-10 23:26 - 2016-04-23 00:20 - 18676224 _____ (Microsoft Corporation) C:\windows\SysWOW64\edgehtml.dll
2016-05-10 23:26 - 2016-04-23 00:19 - 07977472 _____ (Microsoft Corporation) C:\windows\system32\mos.dll
2016-05-10 23:26 - 2016-04-23 00:19 - 01056256 _____ (Microsoft Corporation) C:\windows\system32\JpMapControl.dll
2016-05-10 23:26 - 2016-04-23 00:19 - 00970752 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2016-05-10 23:26 - 2016-04-23 00:19 - 00853504 _____ (Microsoft Corporation) C:\windows\system32\MapsStore.dll
2016-05-10 23:26 - 2016-04-23 00:19 - 00440320 _____ (Microsoft Corporation) C:\windows\system32\CredProvDataModel.dll
2016-05-10 23:26 - 2016-04-23 00:18 - 24604672 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-05-10 23:26 - 2016-04-23 00:18 - 00988160 _____ (Microsoft Corporation) C:\windows\system32\NMAA.dll
2016-05-10 23:26 - 2016-04-23 00:18 - 00939520 _____ (Microsoft Corporation) C:\windows\system32\MapControlCore.dll
2016-05-10 23:26 - 2016-04-23 00:18 - 00870400 _____ (Microsoft Corporation) C:\windows\system32\modernexecserver.dll
2016-05-10 23:26 - 2016-04-23 00:18 - 00349696 _____ (Microsoft Corporation) C:\windows\SysWOW64\MapConfiguration.dll
2016-05-10 23:26 - 2016-04-23 00:16 - 00800768 _____ (Microsoft Corporation) C:\windows\SysWOW64\JpMapControl.dll
2016-05-10 23:26 - 2016-04-23 00:15 - 00792064 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2016-05-10 23:26 - 2016-04-23 00:15 - 00784896 _____ (Microsoft Corporation) C:\windows\SysWOW64\NMAA.dll
2016-05-10 23:26 - 2016-04-23 00:14 - 00711680 _____ (Microsoft Corporation) C:\windows\SysWOW64\MapControlCore.dll
2016-05-10 23:26 - 2016-04-23 00:13 - 07200256 _____ (Microsoft Corporation) C:\windows\system32\BingMaps.dll
2016-05-10 23:26 - 2016-04-23 00:13 - 06295552 _____ (Microsoft Corporation) C:\windows\SysWOW64\mos.dll
2016-05-10 23:26 - 2016-04-23 00:09 - 02582016 _____ (Microsoft Corporation) C:\windows\system32\MFMediaEngine.dll
2016-05-10 23:26 - 2016-04-23 00:08 - 02061824 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFMediaEngine.dll
2016-05-10 23:26 - 2016-04-23 00:07 - 05205504 _____ (Microsoft Corporation) C:\windows\SysWOW64\BingMaps.dll
2016-05-10 23:26 - 2016-04-23 00:06 - 06974464 _____ (Microsoft Corporation) C:\windows\system32\Windows.Data.Pdf.dll
2016-05-10 23:25 - 2016-05-06 00:53 - 00095072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\sdport.sys
2016-05-10 23:25 - 2016-05-06 00:05 - 00241664 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptngc.dll
2016-05-10 23:25 - 2016-05-06 00:03 - 00649216 _____ (Microsoft Corporation) C:\windows\system32\ngcsvc.dll
2016-05-10 23:25 - 2016-05-05 23:53 - 00351232 _____ (Microsoft Corporation) C:\windows\system32\NgcCtnr.dll
2016-05-10 23:25 - 2016-05-05 23:49 - 00289792 _____ (Microsoft Corporation) C:\windows\system32\NgcCtnrSvc.dll
2016-05-10 23:25 - 2016-05-05 23:44 - 00582656 _____ (Microsoft Corporation) C:\windows\system32\ngccredprov.dll
2016-05-10 23:25 - 2016-05-05 23:43 - 00320000 _____ (Microsoft Corporation) C:\windows\system32\cryptngc.dll
2016-05-10 23:25 - 2016-05-05 23:23 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\ngcpopkeysrv.dll
2016-05-10 23:25 - 2016-04-30 02:42 - 01387520 _____ (Microsoft Corporation) C:\windows\system32\win32kbase.sys
2016-05-10 23:25 - 2016-04-30 02:31 - 03591168 _____ (Microsoft Corporation) C:\windows\system32\win32kfull.sys
2016-05-10 23:25 - 2016-04-23 02:12 - 01401024 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2016-05-10 23:25 - 2016-04-23 02:12 - 01184960 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2016-05-10 23:25 - 2016-04-23 02:12 - 00713920 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2016-05-10 23:25 - 2016-04-23 02:12 - 00514752 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2016-05-10 23:25 - 2016-04-23 02:12 - 00294592 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2016-05-10 23:25 - 2016-04-23 02:12 - 00190144 _____ (Microsoft Corporation) C:\windows\system32\DeviceCensus.exe
2016-05-10 23:25 - 2016-04-23 02:12 - 00092352 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2016-05-10 23:25 - 2016-04-23 02:12 - 00046784 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2016-05-10 23:25 - 2016-04-23 01:28 - 01557768 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2016-05-10 23:25 - 2016-04-23 01:28 - 01542816 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2016-05-10 23:25 - 2016-04-23 01:26 - 00707608 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2016-05-10 23:25 - 2016-04-23 01:24 - 07474528 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2016-05-10 23:25 - 2016-04-23 01:24 - 01997328 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2016-05-10 23:25 - 2016-04-23 01:24 - 01819208 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2016-05-10 23:25 - 2016-04-23 01:24 - 00754664 _____ (Microsoft Corporation) C:\windows\system32\CoreMessaging.dll
2016-05-10 23:25 - 2016-04-23 01:24 - 00638816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fvevol.sys
2016-05-10 23:25 - 2016-04-23 01:24 - 00335712 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fastfat.sys
2016-05-10 23:25 - 2016-04-23 01:24 - 00099680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\pdc.sys
2016-05-10 23:25 - 2016-04-23 01:22 - 01161120 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2016-05-10 23:25 - 2016-04-23 01:18 - 00026408 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2016-05-10 23:25 - 2016-04-23 01:13 - 00502104 _____ (Microsoft Corporation) C:\windows\SysWOW64\NetSetupEngine.dll
2016-05-10 23:25 - 2016-04-23 01:13 - 00306832 _____ (Microsoft Corporation) C:\windows\SysWOW64\wlanapi.dll
2016-05-10 23:25 - 2016-04-23 01:13 - 00084832 _____ (Microsoft Corporation) C:\windows\SysWOW64\NetSetupApi.dll
2016-05-10 23:25 - 2016-04-23 01:12 - 00925064 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfplat.dll
2016-05-10 23:25 - 2016-04-23 01:12 - 00451928 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFCaptureEngine.dll
2016-05-10 23:25 - 2016-04-23 01:12 - 00413536 _____ (Microsoft Corporation) C:\windows\system32\wifitask.exe
2016-05-10 23:25 - 2016-04-23 01:11 - 01092464 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll
2016-05-10 23:25 - 2016-04-23 01:11 - 00696672 _____ (Microsoft Corporation) C:\windows\system32\NetSetupEngine.dll
2016-05-10 23:25 - 2016-04-23 01:11 - 00498960 _____ (Microsoft Corporation) C:\windows\system32\MFCaptureEngine.dll
2016-05-10 23:25 - 2016-04-23 01:11 - 00390496 _____ (Microsoft Corporation) C:\windows\system32\wlanapi.dll
2016-05-10 23:25 - 2016-04-23 01:11 - 00131424 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ufxsynopsys.sys
2016-05-10 23:25 - 2016-04-23 01:11 - 00115040 _____ (Microsoft Corporation) C:\windows\system32\NetSetupApi.dll
2016-05-10 23:25 - 2016-04-23 01:10 - 03673424 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2016-05-10 23:25 - 2016-04-23 01:10 - 02919832 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2016-05-10 23:25 - 2016-04-23 01:10 - 00330072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\pci.sys
2016-05-10 23:25 - 2016-04-23 01:09 - 21123320 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2016-05-10 23:25 - 2016-04-23 01:09 - 05240960 _____ (Microsoft Corporation) C:\windows\SysWOW64\windows.storage.dll
2016-05-10 23:25 - 2016-04-23 01:09 - 04074160 _____ (Microsoft Corporation) C:\windows\SysWOW64\explorer.exe
2016-05-10 23:25 - 2016-04-23 01:09 - 00569744 _____ (Microsoft Corporation) C:\windows\SysWOW64\SHCore.dll
2016-05-10 23:25 - 2016-04-23 01:09 - 00565600 _____ (Microsoft Corporation) C:\windows\system32\SettingSyncHost.exe
2016-05-10 23:25 - 2016-04-23 01:09 - 00465760 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingSyncHost.exe
2016-05-10 23:25 - 2016-04-23 01:09 - 00303216 _____ (Microsoft Corporation) C:\windows\system32\LockAppHost.exe
2016-05-10 23:25 - 2016-04-23 01:09 - 00255168 _____ (Microsoft Corporation) C:\windows\SysWOW64\LockAppHost.exe
2016-05-10 23:25 - 2016-04-23 01:08 - 04515256 _____ (Microsoft Corporation) C:\windows\explorer.exe
2016-05-10 23:25 - 2016-04-23 01:08 - 00725776 _____ (Microsoft Corporation) C:\windows\system32\SHCore.dll
2016-05-10 23:25 - 2016-04-23 01:07 - 01848072 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2016-05-10 23:25 - 2016-04-23 01:07 - 01536088 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2016-05-10 23:25 - 2016-04-23 01:07 - 00204048 _____ (Microsoft Corporation) C:\windows\system32\rsaenh.dll
2016-05-10 23:25 - 2016-04-23 01:07 - 00183904 _____ (Microsoft Corporation) C:\windows\SysWOW64\rsaenh.dll
2016-05-10 23:25 - 2016-04-23 01:06 - 00291360 _____ (Microsoft Corporation) C:\windows\system32\wininit.exe
2016-05-10 23:25 - 2016-04-23 01:02 - 00188256 _____ (Microsoft Corporation) C:\windows\SysWOW64\AppxAllUserStore.dll
2016-05-10 23:25 - 2016-04-23 01:01 - 01996640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2016-05-10 23:25 - 2016-04-23 01:01 - 00650304 _____ (Microsoft Corporation) C:\windows\system32\dxgi.dll
2016-05-10 23:25 - 2016-04-23 01:01 - 00619296 _____ (Microsoft Corporation) C:\windows\system32\d3d10level9.dll
2016-05-10 23:25 - 2016-04-23 01:01 - 00577368 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgmms2.sys
2016-05-10 23:25 - 2016-04-23 01:01 - 00522176 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxgi.dll
2016-05-10 23:25 - 2016-04-23 01:01 - 00513368 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10level9.dll
2016-05-10 23:25 - 2016-04-23 01:01 - 00393568 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgmms1.sys
2016-05-10 23:25 - 2016-04-23 01:01 - 00217440 _____ (Microsoft Corporation) C:\windows\system32\AppxAllUserStore.dll
2016-05-10 23:25 - 2016-04-23 01:00 - 01776768 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2016-05-10 23:25 - 2016-04-23 01:00 - 01594920 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2016-05-10 23:25 - 2016-04-23 01:00 - 01522152 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2016-05-10 23:25 - 2016-04-23 01:00 - 01399224 _____ (Microsoft Corporation) C:\windows\system32\user32.dll
2016-05-10 23:25 - 2016-04-23 01:00 - 01372304 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2016-05-10 23:25 - 2016-04-23 01:00 - 01337240 _____ (Microsoft Corporation) C:\windows\SysWOW64\user32.dll
2016-05-10 23:25 - 2016-04-23 01:00 - 00550656 _____ (Microsoft Corporation) C:\windows\system32\directmanipulation.dll
2016-05-10 23:25 - 2016-04-23 01:00 - 00453472 _____ (Microsoft Corporation) C:\windows\SysWOW64\directmanipulation.dll
2016-05-10 23:25 - 2016-04-23 01:00 - 00058208 _____ (Microsoft Corporation) C:\windows\system32\dwminit.dll
2016-05-10 23:25 - 2016-04-23 00:56 - 00534872 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBHUB3.SYS
2016-05-10 23:25 - 2016-04-23 00:39 - 00089088 _____ (Microsoft Corporation) C:\windows\system32\MapsCSP.dll
2016-05-10 23:25 - 2016-04-23 00:35 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\MosHostClient.dll
2016-05-10 23:25 - 2016-04-23 00:34 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbser.sys
2016-05-10 23:25 - 2016-04-23 00:34 - 00059392 _____ (Microsoft Corporation) C:\windows\system32\hmkd.dll
2016-05-10 23:25 - 2016-04-23 00:34 - 00048128 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2016-05-10 23:25 - 2016-04-23 00:33 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\NFCProvisioningPlugin.dll
2016-05-10 23:25 - 2016-04-23 00:33 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\wshbth.dll
2016-05-10 23:25 - 2016-04-23 00:33 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\Drivers\UcmCx.sys
2016-05-10 23:25 - 2016-04-23 00:33 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\ByteCodeGenerator.exe
2016-05-10 23:25 - 2016-04-23 00:32 - 00134656 _____ (Microsoft Corporation) C:\windows\system32\wificonnapi.dll
2016-05-10 23:25 - 2016-04-23 00:32 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-05-10 23:25 - 2016-04-23 00:32 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\mapsupdatetask.dll
2016-05-10 23:25 - 2016-04-23 00:31 - 00074752 _____ (Microsoft Corporation) C:\windows\system32\MosStorage.dll
2016-05-10 23:25 - 2016-04-23 00:30 - 00120320 _____ (Microsoft Corporation) C:\windows\system32\MapsBtSvc.dll
2016-05-10 23:25 - 2016-04-23 00:30 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\bthenum.sys
2016-05-10 23:25 - 2016-04-23 00:30 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\MosHostClient.dll
2016-05-10 23:25 - 2016-04-23 00:29 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\provisioningcsp.dll
2016-05-10 23:25 - 2016-04-23 00:29 - 00151040 _____ (Microsoft Corporation) C:\windows\system32\VEStoreEventHandlers.dll
2016-05-10 23:25 - 2016-04-23 00:29 - 00087552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\filecrypt.sys
2016-05-10 23:25 - 2016-04-23 00:29 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\MDMAppInstaller.exe
2016-05-10 23:25 - 2016-04-23 00:29 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\moshost.dll
2016-05-10 23:25 - 2016-04-23 00:29 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\hmkd.dll
2016-05-10 23:25 - 2016-04-23 00:29 - 00031232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ByteCodeGenerator.exe
2016-05-10 23:25 - 2016-04-23 00:29 - 00023552 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2016-05-10 23:25 - 2016-04-23 00:28 - 00130560 _____ (Microsoft Corporation) C:\windows\system32\CloudDomainJoinDataModelServer.dll
2016-05-10 23:25 - 2016-04-23 00:28 - 00127488 _____ (Microsoft Corporation) C:\windows\system32\VEDataLayerHelpers.dll
2016-05-10 23:25 - 2016-04-23 00:28 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\BluetoothApis.dll
2016-05-10 23:25 - 2016-04-23 00:28 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\AppCapture.dll
2016-05-10 23:25 - 2016-04-23 00:28 - 00051712 _____ (Microsoft Corporation) C:\windows\SysWOW64\wshbth.dll
2016-05-10 23:25 - 2016-04-23 00:27 - 00155136 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidclass.sys
2016-05-10 23:25 - 2016-04-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\wfdprov.dll
2016-05-10 23:25 - 2016-04-23 00:26 - 00269824 _____ (Microsoft Corporation) C:\windows\system32\moshostcore.dll
2016-05-10 23:25 - 2016-04-23 00:26 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\wpdbusenum.dll
2016-05-10 23:25 - 2016-04-23 00:25 - 00630784 _____ (Microsoft Corporation) C:\windows\system32\PhoneProviders.dll
2016-05-10 23:25 - 2016-04-23 00:25 - 00617984 _____ (Microsoft Corporation) C:\windows\system32\StorSvc.dll
2016-05-10 23:25 - 2016-04-23 00:25 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wcmcsp.dll
2016-05-10 23:25 - 2016-04-23 00:25 - 00207360 _____ (Microsoft Corporation) C:\windows\system32\NetSetupSvc.dll
2016-05-10 23:25 - 2016-04-23 00:24 - 00764928 _____ (Microsoft Corporation) C:\windows\system32\Chakradiag.dll
2016-05-10 23:25 - 2016-04-23 00:24 - 00689152 _____ (Microsoft Corporation) C:\windows\system32\ieproxy.dll
2016-05-10 23:25 - 2016-04-23 00:24 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\provengine.dll
2016-05-10 23:25 - 2016-04-23 00:24 - 00287232 _____ (Microsoft Corporation) C:\windows\system32\provhandlers.dll
2016-05-10 23:25 - 2016-04-23 00:24 - 00181248 _____ (Microsoft Corporation) C:\windows\system32\shacct.dll
2016-05-10 23:25 - 2016-04-23 00:24 - 00166400 _____ (Microsoft Corporation) C:\windows\system32\SubscriptionMgr.dll
2016-05-10 23:25 - 2016-04-23 00:24 - 00084480 _____ (Microsoft Corporation) C:\windows\SysWOW64\VEDataLayerHelpers.dll
2016-05-10 23:25 - 2016-04-23 00:23 - 00414720 _____ (Microsoft Corporation) C:\windows\system32\bcastdvr.exe
2016-05-10 23:25 - 2016-04-23 00:23 - 00279040 _____ (Microsoft Corporation) C:\windows\system32\ListSvc.dll
2016-05-10 23:25 - 2016-04-23 00:23 - 00179712 _____ (Microsoft Corporation) C:\windows\system32\BrowserSettingSync.dll
2016-05-10 23:25 - 2016-04-23 00:23 - 00080896 _____ (Microsoft Corporation) C:\windows\SysWOW64\BluetoothApis.dll
2016-05-10 23:25 - 2016-04-23 00:22 - 09918976 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.dll
2016-05-10 23:25 - 2016-04-23 00:22 - 00285696 _____ (Microsoft Corporation) C:\windows\system32\VEEventDispatcher.dll
2016-05-10 23:25 - 2016-04-23 00:21 - 00479232 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2016-05-10 23:25 - 2016-04-23 00:21 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\RDXTaskFactory.dll
2016-05-10 23:25 - 2016-04-23 00:20 - 00606720 _____ (Microsoft Corporation) C:\windows\system32\wcmsvc.dll
2016-05-10 23:25 - 2016-04-23 00:20 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\tileobjserver.dll
2016-05-10 23:25 - 2016-04-23 00:20 - 00484352 _____ (Microsoft Corporation) C:\windows\system32\DataSenseHandlers.dll
2016-05-10 23:25 - 2016-04-23 00:20 - 00356864 _____ (Microsoft Corporation) C:\windows\system32\ActivationManager.dll
2016-05-10 23:25 - 2016-04-23 00:20 - 00307200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieproxy.dll
2016-05-10 23:25 - 2016-04-23 00:20 - 00137728 _____ (Microsoft Corporation) C:\windows\SysWOW64\shacct.dll
2016-05-10 23:25 - 2016-04-23 00:19 - 00395264 _____ (Microsoft Corporation) C:\windows\SysWOW64\wlansec.dll
2016-05-10 23:25 - 2016-04-23 00:19 - 00140800 _____ (Microsoft Corporation) C:\windows\SysWOW64\BrowserSettingSync.dll
2016-05-10 23:25 - 2016-04-23 00:18 - 00988672 _____ (Microsoft Corporation) C:\windows\system32\SharedStartModel.dll
2016-05-10 23:25 - 2016-04-23 00:18 - 00954368 _____ (Microsoft Corporation) C:\windows\system32\Drivers\bthport.sys
2016-05-10 23:25 - 2016-04-23 00:18 - 00804352 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-05-10 23:25 - 2016-04-23 00:18 - 00605184 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-05-10 23:25 - 2016-04-23 00:18 - 00585728 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2016-05-10 23:25 - 2016-04-23 00:18 - 00515072 _____ (Microsoft Corporation) C:\windows\system32\OneDriveSettingSyncProvider.dll
2016-05-10 23:25 - 2016-04-23 00:18 - 00471552 _____ (Microsoft Corporation) C:\windows\system32\NetSetupShim.dll
2016-05-10 23:25 - 2016-04-23 00:18 - 00436736 _____ (Microsoft Corporation) C:\windows\system32\AppXDeploymentClient.dll
2016-05-10 23:25 - 2016-04-23 00:18 - 00219648 _____ (Microsoft Corporation) C:\windows\SysWOW64\VEEventDispatcher.dll
2016-05-10 23:25 - 2016-04-23 00:18 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\Drivers\BTHUSB.SYS
2016-05-10 23:25 - 2016-04-23 00:17 - 01213440 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2016-05-10 23:25 - 2016-04-23 00:17 - 00529920 _____ (Microsoft Corporation) C:\windows\system32\LogonController.dll
2016-05-10 23:25 - 2016-04-23 00:17 - 00388608 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2016-05-10 23:25 - 2016-04-23 00:17 - 00337920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wlanmsm.dll
2016-05-10 23:25 - 2016-04-23 00:16 - 01319424 _____ (Microsoft Corporation) C:\windows\system32\wifinetworkmanager.dll
2016-05-10 23:25 - 2016-04-23 00:16 - 00848896 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2016-05-10 23:25 - 2016-04-23 00:15 - 01073152 _____ (Microsoft Corporation) C:\windows\system32\RDXService.dll
2016-05-10 23:25 - 2016-04-23 00:15 - 00865792 _____ (Microsoft Corporation) C:\windows\system32\AzureSettingSyncProvider.dll
2016-05-10 23:25 - 2016-04-23 00:15 - 00673280 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.dll
2016-05-10 23:25 - 2016-04-23 00:15 - 00400896 _____ (Microsoft Corporation) C:\windows\SysWOW64\OneDriveSettingSyncProvider.dll
2016-05-10 23:25 - 2016-04-23 00:15 - 00348672 _____ (Microsoft Corporation) C:\windows\SysWOW64\CredProvDataModel.dll
2016-05-10 23:25 - 2016-04-23 00:14 - 13383168 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-05-10 23:25 - 2016-04-23 00:14 - 00870912 _____ (Microsoft Corporation) C:\windows\system32\MPSSVC.dll
2016-05-10 23:25 - 2016-04-23 00:14 - 00821760 _____ (Microsoft Corporation) C:\windows\system32\TokenBroker.dll
2016-05-10 23:25 - 2016-04-23 00:14 - 00647680 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2016-05-10 23:25 - 2016-04-23 00:14 - 00503296 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2016-05-10 23:25 - 2016-04-23 00:14 - 00354304 _____ (Microsoft Corporation) C:\windows\SysWOW64\NetSetupShim.dll
2016-05-10 23:25 - 2016-04-23 00:14 - 00342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\AppXDeploymentClient.dll
2016-05-10 23:25 - 2016-04-23 00:13 - 00705536 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2016-05-10 23:25 - 2016-04-23 00:13 - 00489984 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.dll
2016-05-10 23:25 - 2016-04-23 00:13 - 00434688 _____ (Microsoft Corporation) C:\windows\SysWOW64\LogonController.dll
2016-05-10 23:25 - 2016-04-23 00:12 - 00667648 _____ (Microsoft Corporation) C:\windows\SysWOW64\AzureSettingSyncProvider.dll
2016-05-10 23:25 - 2016-04-23 00:10 - 12125696 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2016-05-10 23:25 - 2016-04-23 00:10 - 00639488 _____ (Microsoft Corporation) C:\windows\SysWOW64\TokenBroker.dll
2016-05-10 23:25 - 2016-04-23 00:09 - 03666432 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2016-05-10 23:25 - 2016-04-23 00:08 - 05324288 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Data.Pdf.dll
2016-05-10 23:25 - 2016-04-23 00:07 - 02598912 _____ (Microsoft Corporation) C:\windows\system32\NetworkMobileSettings.dll
2016-05-10 23:25 - 2016-04-23 00:07 - 01500160 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2016-05-10 23:25 - 2016-04-23 00:07 - 00848896 _____ (Microsoft Corporation) C:\windows\system32\samsrv.dll
2016-05-10 23:25 - 2016-04-23 00:05 - 05502976 _____ (Microsoft Corporation) C:\windows\system32\d2d1.dll
2016-05-10 23:25 - 2016-04-23 00:05 - 02166784 _____ (Microsoft Corporation) C:\windows\system32\AppXDeploymentServer.dll
2016-05-10 23:25 - 2016-04-23 00:05 - 02066432 _____ (Microsoft Corporation) C:\windows\system32\AppXDeploymentExtensions.dll
2016-05-10 23:25 - 2016-04-23 00:05 - 01946112 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll
2016-05-10 23:25 - 2016-04-23 00:05 - 01626624 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmcore.dll
2016-05-10 23:25 - 2016-04-23 00:05 - 00613376 _____ (Microsoft Corporation) C:\windows\system32\SettingSync.dll
2016-05-10 23:25 - 2016-04-23 00:05 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\updatepolicy.dll
2016-05-10 23:25 - 2016-04-23 00:05 - 00103936 _____ (Microsoft Corporation) C:\windows\SysWOW64\updatepolicy.dll
2016-05-10 23:25 - 2016-04-23 00:04 - 04759040 _____ (Microsoft Corporation) C:\windows\SysWOW64\d2d1.dll
2016-05-10 23:25 - 2016-04-23 00:04 - 01731072 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-05-10 23:25 - 2016-04-23 00:03 - 05660160 _____ (Microsoft Corporation) C:\windows\SysWOW64\Chakra.dll
2016-05-10 23:25 - 2016-04-23 00:03 - 04894208 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-05-10 23:25 - 2016-04-23 00:03 - 02280960 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2016-05-10 23:25 - 2016-04-23 00:03 - 02193408 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll
2016-05-10 23:25 - 2016-04-23 00:03 - 02000896 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.appcore.dll
2016-05-10 23:25 - 2016-04-23 00:03 - 00754176 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingSyncCore.dll
2016-05-10 23:25 - 2016-04-23 00:03 - 00503296 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingSync.dll
2016-05-10 23:25 - 2016-04-23 00:02 - 07832576 _____ (Microsoft Corporation) C:\windows\system32\Chakra.dll
2016-05-10 23:25 - 2016-04-23 00:02 - 02444288 _____ (Microsoft Corporation) C:\windows\system32\twinui.appcore.dll
2016-05-10 23:25 - 2016-04-23 00:01 - 04775424 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
2016-05-10 23:25 - 2016-04-23 00:00 - 01390080 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Shell.dll
2016-05-10 23:25 - 2016-04-23 00:00 - 00984576 _____ (Microsoft Corporation) C:\windows\system32\SettingSyncCore.dll
2016-05-10 23:25 - 2016-04-22 23:45 - 00461824 _____ (Microsoft Corporation) C:\windows\SysWOW64\CoreMessaging.dll
2016-05-10 23:25 - 2016-04-22 22:10 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2016-05-10 23:25 - 2016-04-22 22:10 - 00002186 _____ C:\windows\system32\AppxProvisioning.xml
2016-05-10 23:25 - 2016-04-18 18:30 - 00002186 _____ C:\windows\SysWOW64\AppxProvisioning.xml
2016-05-10 17:39 - 2016-05-10 17:39 - 00087805 _____ C:\Users\vinto\Downloads\Grant-Submission-Guidelines-2015.pdf
2016-05-10 03:09 - 2016-05-10 03:09 - 00077728 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\kldisk.sys
2016-05-10 02:46 - 2016-06-02 13:45 - 00002475 _____ C:\Users\vinto\Desktop\Safe Money.lnk
2016-05-10 02:46 - 2016-05-10 02:46 - 00002215 _____ C:\Users\Public\Desktop\Kaspersky Total Security.lnk
2016-05-10 02:46 - 2016-05-10 02:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security
2016-05-10 02:45 - 2016-06-02 21:56 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-05-10 02:45 - 2016-05-10 02:45 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2016-05-10 02:45 - 2015-12-05 03:51 - 00181640 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\klflt.sys
2016-05-10 02:45 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\windows\system32\klfphc.dll
2016-05-10 02:10 - 2016-05-10 02:27 - 162103688 _____ (Kaspersky Lab) C:\Users\vinto\Downloads\kts16.0.0.614a bcden_9312.exe
2016-05-10 01:36 - 2016-05-10 01:36 - 00000464 _____ C:\Users\vinto\Desktop\Weech Memorial Lecture.txt
2016-05-08 04:13 - 2016-05-08 04:13 - 00000000 ____D C:\Users\vinto\AppData\Roaming\SolidDocuments
2016-05-07 04:32 - 2016-05-07 04:32 - 46047336 _____ C:\Users\vinto\Documents\Kings_Mountain_and_Heroes.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-02 22:13 - 2016-03-24 14:02 - 00000477 _____ C:\ProgramData\netsh.out
2016-06-02 22:08 - 2016-02-25 04:11 - 00000944 _____ C:\windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-06-02 21:58 - 2016-03-06 05:08 - 00000000 ___RD C:\Users\vinto\Dropbox
2016-06-02 21:57 - 2016-03-04 02:09 - 00000000 ___RD C:\Users\vinto\OneDrive
2016-06-02 21:56 - 2016-03-25 07:08 - 00017408 _____ C:\windows\system32\rpcnetp.exe
2016-06-02 21:56 - 2016-03-04 02:06 - 00000000 __SHD C:\Users\vinto\IntelGraphicsProfiles
2016-06-02 21:56 - 2016-02-25 04:11 - 00000940 _____ C:\windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-06-02 21:55 - 2016-03-25 07:08 - 00029528 _____ C:\windows\system32\wpbbin.exe
2016-06-02 21:55 - 2016-03-25 07:08 - 00017408 _____ C:\windows\SysWOW64\rpcnetp.exe
2016-06-02 21:55 - 2016-03-25 07:08 - 00017408 _____ C:\windows\SysWOW64\rpcnetp.dll
2016-06-02 21:55 - 2016-03-23 13:20 - 00078032 _____ (Absolute Software Corp.) C:\windows\SysWOW64\rpcnet.dll
2016-06-02 21:55 - 2016-02-25 03:44 - 00000000 ____D C:\ProgramData\Synaptics
2016-06-02 21:55 - 2015-11-02 14:02 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-06-02 21:54 - 2015-10-30 02:28 - 00524288 ___SH C:\windows\system32\config\BBI
2016-06-02 21:52 - 2016-03-07 06:31 - 00000000 ____D C:\Users\vinto\AppData\Roaming\Skype
2016-06-02 20:17 - 2016-02-25 04:11 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-06-02 18:17 - 2016-03-24 14:02 - 00000232 _____ C:\ProgramData\SmartCallConfig.xml
2016-06-02 18:17 - 2016-03-24 14:01 - 00000192 _____ C:\ProgramData\2012.par
2016-06-02 15:03 - 2015-10-30 03:21 - 00000000 ____D C:\windows\INF
2016-06-02 08:38 - 2016-03-04 09:48 - 00000000 ____D C:\Users\vinto\AppData\Local\Adobe
2016-06-02 05:09 - 2015-10-30 03:24 - 00000000 ____D C:\windows\AppReadiness
2016-06-02 05:09 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\WindowsApps
2016-06-01 23:30 - 2015-10-30 03:24 - 00000000 ____D C:\windows\rescache
2016-06-01 22:09 - 2016-03-07 06:34 - 00006738 _____ C:\Users\vinto\Desktop\Software Product Keys.txt
2016-06-01 22:04 - 2016-03-05 02:29 - 00000000 ____D C:\Users\vinto\Desktop\SSA-ODAR
2016-05-31 21:58 - 2016-03-04 02:04 - 00000000 ____D C:\Users\vinto
2016-05-31 21:43 - 2016-03-04 02:06 - 00000000 ____D C:\Users\vinto\AppData\Roaming\Adobe
2016-05-31 21:39 - 2016-03-07 01:22 - 00007138 _____ C:\Users\vinto\Desktop\Appt's_2016.txt
2016-05-31 21:23 - 2016-03-09 02:28 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-05-31 21:23 - 2016-03-04 09:46 - 00000000 ____D C:\ProgramData\Adobe
2016-05-31 20:25 - 2015-11-02 14:01 - 00387584 _____ C:\windows\system32\FNTCACHE.DAT
2016-05-31 20:01 - 2016-03-04 09:48 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-05-31 09:32 - 2016-04-21 08:04 - 00000000 ___RD C:\Users\vinto\Desktop\Browsers
2016-05-31 09:22 - 2015-10-30 03:11 - 00000000 ____D C:\windows\CbsTemp
2016-05-30 20:40 - 2016-03-07 01:26 - 00000000 ____D C:\Users\vinto\AppData\Local\Ancestry.com
2016-05-30 20:39 - 2016-02-25 04:44 - 00000000 ____D C:\Program Files\mcafee
2016-05-30 20:39 - 2016-02-25 04:44 - 00000000 ____D C:\Program Files\Common Files\McAfee
2016-05-30 20:39 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-05-30 19:48 - 2016-04-10 15:30 - 00000000 ____D C:\AdwCleaner
2016-05-30 18:34 - 2016-04-21 08:16 - 00000000 ____D C:\Users\vinto\Desktop\Health
2016-05-30 18:31 - 2016-03-07 01:29 - 00000000 ____D C:\Users\vinto\Documents\Family Tree Maker
2016-05-30 14:04 - 2016-03-10 13:05 - 00000000 ____D C:\Users\vinto\AppData\Roaming\Opera Software
2016-05-30 14:04 - 2016-03-10 13:05 - 00000000 ____D C:\Users\vinto\AppData\Local\Opera Software
2016-05-30 14:04 - 2016-03-10 13:01 - 00000000 ____D C:\Program Files (x86)\Opera developer
2016-05-30 13:53 - 2015-11-03 02:05 - 00907484 _____ C:\windows\system32\PerfStringBackup.INI
2016-05-30 13:50 - 2016-02-25 03:11 - 00000000 ____D C:\windows\CSC
2016-05-30 13:16 - 2015-11-03 02:05 - 00972104 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2016-05-29 21:49 - 2016-03-04 02:06 - 00000000 ____D C:\Users\vinto\AppData\Local\VirtualStore
2016-05-29 09:12 - 2016-03-05 05:24 - 00004168 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{027CB634-588B-401B-9837-730EDC3CA923}
2016-05-29 08:25 - 2016-03-04 17:22 - 00000000 ____D C:\Users\vinto\AppData\Roaming\Mozilla
2016-05-29 08:25 - 2016-03-04 17:22 - 00000000 ____D C:\Users\vinto\AppData\Local\Mozilla
2016-05-29 08:23 - 2016-03-23 13:19 - 00000000 ____D C:\Temp
2016-05-29 08:22 - 2016-03-04 20:43 - 00000000 ____D C:\Program Files\Adobe
2016-05-29 08:03 - 2016-03-23 11:58 - 00000000 ____D C:\Users\vinto\AppData\LocalLow\Macromedia
2016-05-28 21:26 - 2016-04-07 06:10 - 00000288 _____ C:\windows\system32\.crusader
2016-05-27 14:54 - 2016-03-07 06:31 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-05-26 12:06 - 2016-03-07 00:21 - 00000000 ____D C:\Program Files\CCleaner
2016-05-26 12:03 - 2016-02-25 04:11 - 00004004 _____ C:\windows\System32\Tasks\DropboxUpdateTaskMachineUA
2016-05-26 12:03 - 2016-02-25 04:11 - 00003772 _____ C:\windows\System32\Tasks\DropboxUpdateTaskMachineCore
2016-05-26 11:51 - 2016-03-07 00:29 - 00000000 ____D C:\Users\vinto\AppData\Local\ElevatedDiagnostics
2016-05-26 11:51 - 2015-10-30 03:24 - 00000000 ____D C:\windows\system32\NDF
2016-05-23 19:25 - 2016-03-09 03:19 - 00000000 ___RD C:\Users\vinto\Documents\Action
2016-05-23 08:41 - 2015-10-30 02:28 - 00032768 ___SH C:\windows\system32\config\ELAM
2016-05-22 19:21 - 2016-04-17 03:01 - 00000000 ____D C:\Users\vinto\Desktop\Winton Hills
2016-05-22 19:16 - 2016-03-04 05:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2016-05-21 22:11 - 2016-03-17 18:29 - 00000000 ____D C:\Users\vinto\Desktop\GRANTS
2016-05-20 00:21 - 2016-03-15 02:05 - 00206901 _____ C:\Users\vinto\Desktop\Weech_EdS-C-EdS-D.pdf
2016-05-19 14:55 - 2016-03-30 00:12 - 00000000 ____D C:\Users\vinto\AppData\Roaming\AVS4YOU
2016-05-19 14:03 - 2016-03-07 05:37 - 00000000 ____D C:\Users\vinto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
2016-05-19 14:03 - 2016-03-07 05:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
2016-05-19 14:03 - 2016-03-07 05:35 - 00000000 ____D C:\ProgramData\AVS4YOU
2016-05-19 14:03 - 2016-03-07 05:34 - 00000000 ____D C:\Program Files (x86)\AVS4YOU
2016-05-13 08:40 - 2016-03-05 02:26 - 00000000 ____D C:\Users\vinto\Desktop\Weech_A_A MAIN
2016-05-12 00:50 - 2016-03-07 06:31 - 00000000 ____D C:\ProgramData\Skype
2016-05-11 01:12 - 2015-11-02 14:02 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-05-11 01:08 - 2015-10-30 05:05 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-11 01:08 - 2015-10-30 03:24 - 00000000 ____D C:\windows\system32\oobe
2016-05-11 01:08 - 2015-10-30 03:24 - 00000000 ____D C:\windows\system32\appraiser
2016-05-11 01:08 - 2015-10-30 03:24 - 00000000 ____D C:\windows\Provisioning
2016-05-11 01:08 - 2015-10-30 03:24 - 00000000 ____D C:\windows\bcastdvr
2016-05-10 23:36 - 2016-03-04 04:33 - 00000000 ____D C:\windows\system32\MRT
2016-05-10 23:27 - 2016-03-04 04:33 - 139319312 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-05-10 23:24 - 2016-04-18 01:16 - 00000484 _____ C:\Users\vinto\Desktop\IE not remembering login.txt
2016-05-10 02:45 - 2015-10-30 03:24 - 00000000 ___HD C:\windows\ELAMBKUP
2016-05-09 14:52 - 2016-03-28 13:43 - 00000128 _____ C:\Users\vinto\Desktop\Gaslight.txt
2016-05-08 10:40 - 2016-03-17 18:27 - 00000000 ____D C:\Users\vinto\Desktop\Quantitative Measures Vidoes
2016-05-07 18:12 - 2016-04-17 01:24 - 00000000 ____D C:\Users\vinto\Documents\YouCam
2016-05-03 01:24 - 2016-03-04 02:06 - 00000000 ____D C:\Users\vinto\AppData\Local\Packages

==================== Files in the root of some directories =======

2016-05-30 00:23 - 2016-05-30 00:23 - 0230029 _____ () C:\Users\vinto\AppData\Local\ars.cache
2016-05-30 00:24 - 2016-05-30 00:24 - 0660796 _____ () C:\Users\vinto\AppData\Local\census.cache
2016-05-29 21:12 - 2016-05-29 21:12 - 0000036 _____ () C:\Users\vinto\AppData\Local\housecall.guid.cache
2016-05-28 22:05 - 2016-05-28 22:05 - 0004096 ____H () C:\Users\vinto\AppData\Local\keyfile3.drm
2016-03-07 05:02 - 2016-03-07 05:22 - 0000173 _____ () C:\Users\vinto\AppData\Local\msmathematics.qat.vinto
2016-03-23 13:19 - 2016-03-23 13:19 - 8041312 _____ (Absolute Software Corp.) C:\Users\vinto\AppData\Local\Setup.exe
2016-05-29 21:26 - 2016-05-29 21:26 - 0000010 _____ () C:\Users\vinto\AppData\Local\sponge.last.runtime.cache
2016-03-24 14:01 - 2016-06-02 18:17 - 0000192 _____ () C:\ProgramData\2012.par
2016-03-24 14:02 - 2016-03-24 14:02 - 0001856 __RSH () C:\ProgramData\3014.abs
2016-03-24 14:02 - 2016-06-02 22:13 - 0000477 _____ () C:\ProgramData\netsh.out
2016-03-24 14:02 - 2016-06-02 18:17 - 0000232 _____ () C:\ProgramData\SmartCallConfig.xml

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-06-01 23:03

==================== End of FRST.txt ============================

 



#4 shley

shley
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 03 June 2016 - 07:34 PM

Just to reiterate, when I go into Advanced Setup (under All Control Panel Items and System), the window 'System Properties' appears and then I click on the tab, Advanced.  If I try to go into User Profiles, the system freezes. 

I know I have a flash issue, too.  Shockwave (Macromed file folder) or windows embedded, I don't think any of it works right.

Thank you!



#5 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:06:13 PM

Posted 04 June 2016 - 11:14 AM

Thank you for your patience. Before we get to work here are a few things to keep in mind:
  • Please do not run any tools on your own while we solve this. Some are rather powerful, and using one at the wrong moment can have catastrophic effects. Also please refrain from seeking help for this problem elsewhere. Too many cooks spoils the broth.
  • Next, it is important that the instructions given be performed in the order given. We may need one tool to finish its job before another one starts.
  • If at any time my instructions are not clear stop and ask for clarification.
  • Rather than attach any logs to your post it is better that you copy and paste them instead, except if instructed otherwise.
  • Any program that I ask you run should only be run once.
  • As soon as your computer is clean I will let you know.
  • Please try to complete any tasks and reply in 24 hours. I will try to do likewise.
  • If you have any pirated software on your system I must ask that you remove them. No need for you to tell me if you do. Many times such programs are the source of many an infection, which makes cleaning a sick computer just that more difficult. And it's also against BleepingComputer's rules.
  • Lastly, do not make any changes to your computer from here on out until you get an "All Clear from me.
I think you've used Farbar Recovery Scan Tool before. There was supposed to be a second file called Addition.txt. If you could run the tool again and do the step in red. If that file is on your desktop then just post it in your next reply:
  • Right-click FRST.exe then click "Run as administrator" .
  • When the tool opens, click Yes to disclaimer.
  • Under the Optional Scan area choose Addition.txt
  • Press the Scan button.
  • When finished, it will produce two logs one called FRST.txt and Addition.txt in the same directory the tool was run from.
  • Please copy and paste the Addition.txt log in your next reply.
Any questions with these instruction please tell me.
To err is Human. To blame it on someone else is even more Human.

#6 shley

shley
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 04 June 2016 - 11:41 AM

Thank you very much.

Just to add to the Adobe issue, it appears I can only open up the simple Adobe Acrobat 11.0 Pro program by using the Run As Administrator.

Below I have added the log file you requested.  Thank you.

 

Addition Text:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:03-06-2016
Ran by vinto (2016-06-04 12:39:08)
Running from C:\Users\vinto\Desktop
Windows 10 Pro Version 1511 (X64) (2016-03-04 06:02:24)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2166395518-3036358482-3362634291-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2166395518-3036358482-3362634291-503 - Limited - Disabled)
Guest (S-1-5-21-2166395518-3036358482-3362634291-501 - Limited - Disabled)
vinto (S-1-5-21-2166395518-3036358482-3362634291-1001 - Administrator - Enabled) => C:\Users\vinto

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4500_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.16 - Adobe Systems)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.6.0.248 - Adobe Systems Incorporated)
Adobe PDF iFilter 11 for 64-bit platforms (HKLM\...\{BA5C0CC3-421B-4AE5-9370-1650D1941F30}) (Version: 11.0.00 - Adobe)
Auslogics Disk Defrag Professional (HKLM-x32\...\{ADE1535C-C836-4F2E-BDA1-1C7C304743E3}_is1) (Version: 4.7.0.0 - Auslogics Software Pty Ltd)
AVS Audio Converter 8.0 (HKLM-x32\...\AVS Audio Converter_is1) (Version: 8.0.2.541 - Online Media Technologies Ltd.)
AVS Audio Editor 8.0 (HKLM-x32\...\AVS Audio Editor_is1) (Version: 8.0.2.501 - Online Media Technologies Ltd.)
AVS Disc Creator 5.2 (HKLM-x32\...\AVS Disc Creator_is1) (Version: 5.2.4.534 - Online Media Technologies Ltd.)
AVS Document Converter 3.0.1 (HKLM-x32\...\AVS Document Converter_is1) (Version: 3.0.1.237 - Online Media Technologies Ltd.)
AVS Document Editor 3.8.5 (HKLM\...\AVS Document Editor_is1) (Version: 3.8.5.222 - Online Media Technologies Ltd.)
AVS Image Converter 4.0.1.280 (HKLM-x32\...\AVS Image Converter_is1) (Version: 4.0.1.280 - Online Media Technologies Ltd.)
AVS Media Player 4.2.5.108 (HKLM-x32\...\AVS Media Player_is1) (Version: 4.2.5.108 - Online Media Technologies Ltd.)
AVS Photo Editor 2.3.3.147 (HKLM-x32\...\AVS Photo Editor_is1) (Version: 2.3.3.147 - Online Media Technologies Ltd.)
AVS Registry Cleaner 3.0.2.271 (HKLM-x32\...\AVS Registry Cleaner_is1) (Version: 3.0.2.271 - Online Media Technologies Ltd.)
AVS Video Converter 9.1 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: 9.1.4.574 - Online Media Technologies Ltd.)
AVS Video Editor 7.1 (HKLM-x32\...\AVS Video Editor_is1) (Version: 7.1.4.264 - Online Media Technologies Ltd.)
AVS Video ReMaker 5.0.1.172 (HKLM-x32\...\AVS Video ReMaker_is1) (Version: 5.0.1.172 - Online Media Technologies Ltd.)
BCL easyConverter SDK 3 (Word Version) 64 (HKLM\...\{350CC85B-CA59-4F85-909D-8E4CDBF532FA}) (Version: 3.0.64 - BCL Technologies)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.18 - Piriform)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Copernic Desktop Search 5 (HKLM-x32\...\CopernicDesktopSearch5) (Version: 5.2.1.9072 - Copernic)
Copernic Desktop Search 5 (x32 Version: 5.2.1.9072 - Copernic) Hidden
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.6.7006 - CyberLink Corp.)
CyberLink PhotoDirector (Version: 5.0.6.7006 - CyberLink Corp.) Hidden
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.2.5829 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.5.4601 - CyberLink Corp.)
CyberLink PowerDirector 12 (Version: 12.0.5.4601 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\{A9CEDD6E-4792-493e-BB35-D86D2E188A5A}) (Version: 6.0.2.4627 - CyberLink Corp.)
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 5.3.19 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.41.1 - Dropbox, Inc.) Hidden
EndNote X7 (HKLM-x32\...\{86B3F2D6-AC2B-0017-8AE1-F2F77F781B0C}) (Version: 17.5.0.9325 - Thomson Reuters)
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Evernote v. 5.8.13 (HKLM-x32\...\{A229420E-204B-11E5-B844-0050569584E9}) (Version: 5.8.13.8152 - Evernote Corp.)
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.14.265 - SurfRight B.V.)
HP 3D DriveGuard (HKLM-x32\...\{E8D0E2B8-B64B-44BC-8E01-00DDACBDF78A}) (Version: 6.0.28.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{69D30761-C220-4DD6-9BCB-6559FC4A4C8C}) (Version: 2.21.2 - HP Inc.)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Documentation (HKLM\...\HP_Documentation) (Version:  - HP)
HP ePrint SW (HKLM-x32\...\{88970959-baf7-4864-a39a-69a58e8ae5cf}) (Version: 5.0.18701 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet J4500 Series 14.0 Rel. 6 (HKLM\...\{EACF146B-01D2-4185-B773-9604A0E5902A}) (Version: 14.0 - HP)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8305.5282 - Hewlett-Packard)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.2.8.25 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.4.18.7 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{6B1ECC61-B581-400D-BFAF-101B1AAEA5AB}) (Version: 1.4.7 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Welcome (HKLM\...\HPWelcome) (Version: 1.0 - HP Inc.)
HP Wireless Button Driver (HKLM-x32\...\{1BDD178E-43DC-4063-B480-BA2BAE03E2A0}) (Version: 1.1.15.1 - HP)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Intel® Chipset Device Software (x32 Version: 10.1.1.8 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10600.150 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1168 - Intel Corporation)
Intel® PRO/Wireless Driver (HKLM\...\{9f63698a-6f92-4dd3-be96-6a75e3672dae}) (Version: 18.30.0000.3514 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4360 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.2.1088 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation)
Intel® WiDi (HKLM\...\{6C02A234-7A14-4737-9D89-B0C47A64F94E}) (Version: 6.0.52.0 - Intel Corporation)
Intel® WiDi Software Asset Manager (x32 Version: 3.2.1184 - Intel Corporation) Hidden
Intel® Wireless Bluetooth® (HKLM-x32\...\{64FD4757-7186-4F12-9AA8-5EE809CAB282}) (Version: 17.1.1532.1814 - Intel Corporation)
Intel® Software Guard Extensions Platform Software (HKLM\...\{10307C17-F7FD-405D-9F3B-0BF66EA43857}) (Version: 1.0.26920.1393 - Intel Corporation)
J4500 (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab)
Kaspersky Total Security (x32 Version: 16.0.0.614 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
NVIDIA GeForce Experience 2.4.5.57 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.57 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.84 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.84 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Old Calculator for Windows 10 (HKLM-x32\...\OldCalcForWin10) (Version: 1.1 - hxxp://winaero.com)
PlayChess  (HKLM\...\PlayChess) (Version:  - ChessBase GmbH)
ProductContext (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.370.94 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7661 - Realtek Semiconductor Corp.)
ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version:  - Thomson Reuters)
Revo Uninstaller Pro 3.1.6 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.6 - VS Revo Group, Ltd.)
RogueKiller version 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SHIELD Streaming (Version: 4.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.5.57 - NVIDIA Corporation) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype™ 7.23 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.23.105 - Skype Technologies S.A.)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version:  - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.2.4.0 - Synaptics Incorporated)
Synaptics WBF DDK (HKLM\...\{244C6825-00E4-4AC1-8A1C-96B8911399C6}) (Version: 4.5.327.0 - Synaptics)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.9.0 - Tweaking.com)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2166395518-3036358482-3362634291-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-11B2E9F90A40}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-2166395518-3036358482-3362634291-1001_Classes\CLSID\{503E492B-C90C-4E23-842B-EB05CDA61DC9}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2166395518-3036358482-3362634291-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\vinto\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2166395518-3036358482-3362634291-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1E128636-772D-49A5-B7CA-F997F89C6896} - System32\Tasks\{29EFB091-AC38-4DEA-9A8C-8B96E5CFF6C9} => pcalua.exe -a E:\StartHere.exe -d E:\
Task: {28048F9B-0CEB-4FD8-8BB8-B829E6B5D324} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)
Task: {35DDDB2D-AB90-45D8-B4B3-405ACBDC22A6} - System32\Tasks\{08C30092-88FD-4F3D-9448-5181F9AC0870} => pcalua.exe -a C:\Users\vinto\Downloads\RootkitBuster_v5_1061.exe -d C:\Users\vinto\Desktop
Task: {3FD0F0D2-EE82-4E04-8401-0ED252BB841B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)
Task: {57CFFF3D-80F8-4E91-9343-071ECAA8D6E7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-05-04] (Hewlett-Packard)
Task: {5F479ACA-5A03-4B4B-AC5B-4F0EF2D2CEE5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-04-22] (HP Inc.)
Task: {63AB38DB-F407-4F31-89CC-8E96CAE6B27C} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK
Task: {65182F4F-4875-4BBF-A8BA-53F111C3D5D2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {6F8CF914-C068-4001-896A-A994C801105D} - System32\Tasks\Auslogics\Disk Defrag Prof\Task {00000001-67BC-4360-8F65-A3BE5CBB5525} for vinto => C:\Program Files (x86)\Auslogics\Disk Defrag Professional\DiskDefragPro.exe [2015-09-08] (Auslogics)
Task: {79871112-41F9-442B-A572-D0CBEDB8D8C0} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
Task: {7E110F05-DC64-4F83-BCA4-98A0CC21D506} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-09-18] (Intel Corporation)
Task: {7E3E59EC-ECEF-4D29-BD2E-F00234B03FE9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-05-04] (Hewlett-Packard)
Task: {908068C2-3DF6-4947-94EC-43831C96FC72} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-11] (Tweaking.com)
Task: {95365D90-DF2B-4F02-90B2-3ECA0BFEB6F4} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-03-06] (Dropbox, Inc.)
Task: {95B86C99-957F-42EC-BCB5-8B30450116D5} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-05-18] (HP Inc.)
Task: {9A3BFF69-05E7-4FC5-9A08-CA43808186B3} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2015-06-05] (Intel Corporation)
Task: {9F2568DA-BE60-40B7-A082-7121CE9B9EDE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-05-13] (Piriform Ltd)
Task: {A93E4A15-7CC7-4494-B221-693ACB5F7AF3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {AB2BC9F1-DDF9-4EC1-B2BC-5146CB7548F5} - System32\Tasks\Auslogics\Disk Defrag Prof\Task {00000001-8736-4FF5-A36F-60875540C500} for vinto => C:\Program Files (x86)\Auslogics\Disk Defrag Professional\DiskDefragPro.exe [2015-09-08] (Auslogics)
Task: {AD280DDB-53F9-40F2-A227-90BCF0FD59BD} - System32\Tasks\HP\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\HP\HP CoolSense\CoolSense.exe [2015-11-16] (HP Development Company, L.P.)
Task: {B35C7E9D-1E02-4493-856A-B87B8C922B21} - System32\Tasks\HPCeeScheduleForvinto => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {B9F14C1F-05CC-4806-BCF4-4C9234185F3C} - System32\Tasks\Auslogics\Disk Defrag Prof\Task {00000001-9E8D-4EA6-9607-04C5F77FC982} for vinto => C:\Program Files (x86)\Auslogics\Disk Defrag Professional\DiskDefragPro.exe [2015-09-08] (Auslogics)
Task: {BF742E81-B803-4AE3-85B4-74E495AFF7A6} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2016-05-10] (Microsoft Corporation)
Task: {CFB9EBC7-EE66-4093-B793-B7E319E5B311} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-03-06] (Dropbox, Inc.)
Task: {D8EE1578-D81C-40B4-B8CD-999FC393D3B4} - \Reimage Reminder -> No File <==== ATTENTION
Task: {E0C7EDD1-8DE2-4878-9612-746AFE8F02FD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-05-18] (HP Inc.)
Task: {F3A0630B-81FB-4966-8D31-B9A0C96D2B10} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-09-18] (Intel Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleForvinto.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.priceline.com/?refid=PLHBC6240OPQ&refclickid=square

==================== Loaded Modules (Whitelisted) ==============

2016-04-12 20:11 - 2016-03-29 06:20 - 02656952 _____ () c:\windows\system32\CoreUIComponents.dll
2016-02-25 04:13 - 2014-04-14 22:59 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\windows\SYSTEM32\ism32k.dll
2016-02-25 03:43 - 2015-08-07 13:18 - 00116528 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-04-12 20:11 - 2016-03-29 06:20 - 02656952 _____ () C:\windows\system32\CoreUIComponents.dll
2016-04-12 20:11 - 2016-03-29 06:20 - 02656952 _____ () C:\windows\System32\CoreUIComponents.dll
2016-04-01 23:18 - 2016-04-01 23:18 - 00426160 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-05-24 08:21 - 2016-05-24 08:21 - 00959168 _____ () C:\Users\vinto\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-02-25 03:14 - 2016-02-25 03:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-10 23:25 - 2016-04-23 00:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-05-10 23:26 - 2016-04-23 00:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-05-10 23:26 - 2016-04-22 23:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-05-10 23:26 - 2016-04-22 23:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-05-10 23:26 - 2016-04-23 00:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-07-08 23:18 - 2015-07-08 23:18 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\kpcengine.2.3.dll
2016-02-25 03:43 - 2015-09-09 01:19 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-05-24 08:21 - 2016-05-24 08:21 - 00679624 _____ () C:\Users\vinto\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
2016-06-02 20:16 - 2016-05-25 13:03 - 00034768 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-06-02 20:16 - 2016-05-25 13:03 - 00134088 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-06-02 20:16 - 2016-05-25 13:04 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-06-02 20:16 - 2016-05-25 13:03 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-06-02 20:16 - 2016-05-25 13:03 - 00093640 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-06-02 20:16 - 2016-05-25 13:03 - 00018376 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-06-02 20:16 - 2016-06-02 14:46 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-06-02 20:16 - 2016-05-25 13:05 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-06-02 20:16 - 2016-05-25 13:03 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2016-06-02 20:16 - 2016-06-02 14:46 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-06-02 20:16 - 2016-05-25 13:03 - 00692688 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-06-02 20:16 - 2016-06-02 14:45 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-06-02 20:16 - 2016-05-25 13:04 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-06-02 20:16 - 2016-06-02 14:45 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-06-02 20:16 - 2016-06-02 14:45 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2016-06-02 20:16 - 2016-06-02 14:46 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-06-02 20:16 - 2016-06-02 14:46 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-06-02 20:16 - 2016-06-02 14:46 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-06-02 20:16 - 2016-05-25 13:05 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-06-02 20:16 - 2016-05-25 13:05 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2016-06-02 20:16 - 2016-05-25 13:05 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-06-02 20:16 - 2016-05-25 13:05 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-06-02 20:16 - 2016-06-02 14:46 - 00021832 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2016-06-02 20:16 - 2016-05-25 13:05 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-06-02 20:16 - 2016-05-25 13:05 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-06-02 20:16 - 2016-05-25 13:05 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-06-02 20:16 - 2016-05-25 13:05 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-06-02 20:16 - 2016-05-25 13:05 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-06-02 20:16 - 2016-06-02 14:46 - 00023872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32._winffi_kernel32.pyd
2016-06-02 20:16 - 2016-06-02 14:45 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-06-02 20:16 - 2016-05-25 13:05 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2016-06-02 20:16 - 2016-05-25 13:05 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-06-02 20:16 - 2016-06-02 14:45 - 00246592 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-06-02 20:16 - 2016-05-25 13:05 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-06-02 20:16 - 2016-06-02 14:46 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-06-02 20:16 - 2016-06-02 14:46 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-06-02 20:16 - 2016-06-02 14:46 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-06-02 20:16 - 2016-05-25 13:03 - 00134608 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd
2016-06-02 20:16 - 2016-05-25 13:04 - 00240584 _____ () C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd
2016-06-02 20:16 - 2016-06-02 14:45 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-06-02 20:16 - 2016-06-02 14:46 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-06-02 20:16 - 2016-05-25 13:05 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-06-02 20:16 - 2016-06-02 14:46 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-06-02 20:16 - 2016-06-02 14:46 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-06-02 20:16 - 2016-05-25 13:05 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-06-02 20:16 - 2016-06-02 14:45 - 00031568 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2016-06-02 20:16 - 2016-03-11 20:46 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2016-06-02 20:16 - 2016-06-02 14:45 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-06-02 20:16 - 2016-06-02 14:46 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-06-02 20:16 - 2016-05-25 13:04 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-06-02 20:16 - 2016-06-02 14:46 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-06-02 20:16 - 2016-06-02 14:46 - 01971504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-06-02 20:16 - 2016-06-02 14:46 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-06-02 20:16 - 2016-06-02 14:46 - 00132912 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-06-02 20:16 - 2016-06-02 14:46 - 00223544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-06-02 20:16 - 2016-06-02 14:46 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-06-02 20:16 - 2016-05-25 13:05 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2016-06-02 20:16 - 2016-06-02 14:46 - 00025928 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2016-06-02 20:16 - 2016-06-02 14:46 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2016-06-02 20:16 - 2016-06-02 14:46 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2016-06-02 20:16 - 2016-06-02 14:46 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 03:24 - 2016-05-30 13:22 - 00000855 ____A C:\windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2166395518-3036358482-3362634291-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "HPRadioMgr"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKU\S-1-5-21-2166395518-3036358482-3362634291-1001\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk"
HKU\S-1-5-21-2166395518-3036358482-3362634291-1001\...\StartupApproved\StartupFolder: => "OneNote 2010 Screen Clipper and Launcher.lnk"
HKU\S-1-5-21-2166395518-3036358482-3362634291-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2166395518-3036358482-3362634291-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2166395518-3036358482-3362634291-1001\...\StartupApproved\Run: => "Copernic Desktop Search 5"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{152E8182-22FF-49A7-9589-876C41B874B8}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{164FD90D-333D-4966-AC44-9C2060A91680}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{7370F053-724C-43CC-9B55-346083D3465C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{6FF923F2-4B57-4D41-B701-66000234679D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{E37F89BA-F799-4814-A91F-DEF995CABBCB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{2123D784-E498-422D-8A54-C0CD847E2713}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{6C1A92CC-8AC0-42C7-90E8-3B0C307563AD}] => (Allow) c:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{76EABC9C-909C-48D5-AFB2-2E8F8824750A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C4384885-E5E3-43A9-BD65-9C7A79B9464A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{21507458-8EA7-4A65-9D9E-CF5E9A43BA9E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6E1FEB23-C0E2-47E5-9516-BFCD13077276}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{49DB1F31-8C69-4F92-9E7F-D095B22E2E39}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{FF1993AE-52AB-493D-A7A7-6409EEFDB9D9}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe
FirewallRules: [{5DCECFB4-3570-498B-B9C6-C45F501F959B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe
FirewallRules: [{7A7AC601-BCED-43CE-A610-857085428B34}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
FirewallRules: [{C12EC0BB-1C86-421F-80BE-239181C78B74}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{A1E87966-7575-45C7-9A1B-DAE79217A3E7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{F74D7AB3-D3DA-417A-9D09-15F66BC2BF3B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{351F03E6-B96E-4D76-808B-B9148569B19C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{BEBB7CEC-458D-4B9F-B0E4-60F5DFB4BB72}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{6D609C33-A893-49C2-8F6D-D04C7C393807}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{962AA04D-9208-4774-BD14-AE89BCBD431E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{63AB9347-9BFE-4093-9E54-9E238AF9F502}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{22BA32DE-6775-4C1D-AE6C-178232532ED8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{6B942CB1-3BA3-4AEB-BF97-5A83E91E4121}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{1DF83DD7-E1AD-4AB8-9F72-56E4E928F570}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{53E19A9A-64ED-4F71-8203-E397BE714378}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{57807586-82B8-4D9D-83A6-8BF7F13EB198}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{DE5BA0D8-9B43-428A-9221-B8B03A05C86F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{77D36600-EF36-441F-BD85-CBCF54B8CD1C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{2F93DDC4-6AA3-4B9B-A214-FB3D90854F62}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{53F2DEAF-3F2C-4B7A-83C0-DD22C7F5C766}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{76C01023-E025-4557-A252-443FDDB43301}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{EBC968B3-FD42-48CA-A2AB-F82A0F073677}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{BD14CDB5-45DB-41FD-82E9-CD2D1587340B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{4E31254B-A11D-43CA-89B9-D4DE13DC6919}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Restore Points =========================

26-05-2016 17:12:17 Scheduled Checkpoint
28-05-2016 21:25:32 Checkpoint by HitmanPro
29-05-2016 02:55:05 JRT Pre-Junkware Removal
30-05-2016 18:56:33 Revo Uninstaller Pro's restore point - Glance 2.9
30-05-2016 19:44:47 JRT Pre-Junkware Removal
03-06-2016 07:02:45 Installed Adobe PDF iFilter 11 for 64-bit platforms

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (06/04/2016 11:49:43 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10600.150) TYPE: ERROR

DPTF Build Version:  8.1.10600.150
DPTF Build Date:  Jun 26 2015 11:46:12
Source File:  ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function:  DptfEvent
Message:  Received unexpected event
Framework Event:  DptfResume [3]

Error: (06/04/2016 09:48:58 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (06/04/2016 09:48:56 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\windows\system32\mscoree.dll8

Error: (06/04/2016 12:14:02 AM) (Source: ESENT) (EventID: 455) (User: )
Description: CCleaner64 (8444) testing: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Users\vinto\AppData\Local\Microsoft\Windows\WebCache\V01.log.

Error: (06/04/2016 12:14:02 AM) (Source: ESENT) (EventID: 489) (User: )
Description: CCleaner64 (8444) testing: An attempt to open the file "C:\Users\vinto\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (06/03/2016 08:28:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SystemPropertiesAdvanced.exe version 10.0.10586.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2584

Start Time: 01d1bdf7dd05d7e7

Termination Time: 7

Application Path: C:\Windows\System32\SystemPropertiesAdvanced.exe

Report Id: 418a6a50-29eb-11e6-b9a3-705a0f61168e

Faulting package full name:

Faulting package-relative application ID:

Error: (06/03/2016 08:16:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FlashUtil_ActiveX.exe, version: 21.0.0.242, time stamp: 0x5731238c
Faulting module name: ntdll.dll, version: 10.0.10586.306, time stamp: 0x571af2eb
Exception code: 0xc0000374
Fault offset: 0x00000000000ee6fc
Faulting process id: 0xaa4
Faulting application start time: 0xFlashUtil_ActiveX.exe0
Faulting application path: FlashUtil_ActiveX.exe1
Faulting module path: FlashUtil_ActiveX.exe2
Report Id: FlashUtil_ActiveX.exe3
Faulting package full name: FlashUtil_ActiveX.exe4
Faulting package-relative application ID: FlashUtil_ActiveX.exe5

Error: (06/03/2016 07:59:06 PM) (Source: HP Active Health) (EventID: 1002) (User: )
Description: Error iterating on DiskLogical. Fetched 0 records. Exception is: System.Management.ManagementException: Invalid namespace
   at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus errorCode)
   at System.Management.ManagementScope.InitializeGuts(Object o)
   at System.Management.ManagementScope.Initialize()
   at System.Management.ManagementObjectSearcher.Initialize()
   at System.Management.ManagementObjectSearcher.Get()
   at HP.ActiveHealth.Commons.Objects.AgentDataQuery.ManagementProperties..ctor(String query, String scope)
   at HP.ActiveHealth.Agents.DiskLogical.DiskLogicalAgent.GetEncryptedVolumes()
   at HP.ActiveHealth.Agents.DiskLogical.DiskLogicalAgent.GetNewDataClasses(FileInfo agentStateFile)

Error: (06/03/2016 07:20:37 PM) (Source: ESENT) (EventID: 455) (User: )
Description: SettingSyncHost (8016) {AEA33DA3-380D-4807-95D6-1141CD199809}: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Users\vinto\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb0043D.log.

Error: (06/03/2016 07:17:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 10.0.10586.0, time stamp: 0x5632d7ba
Faulting module name: ESENT.dll, version: 10.0.10586.212, time stamp: 0x56fa1686
Exception code: 0xc0000602
Fault offset: 0x000000000022885f
Faulting process id: 0xc40
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
Faulting package full name: svchost.exe4
Faulting package-relative application ID: svchost.exe5

System errors:
=============
Error: (06/04/2016 11:05:21 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-DC8405CV)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

Error: (06/04/2016 11:05:16 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_74af8 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (06/04/2016 11:05:16 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_74af8 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (06/04/2016 11:05:16 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_74af8 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (06/04/2016 11:05:16 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_74af8 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (06/04/2016 11:05:16 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (06/04/2016 09:40:56 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Media Player Network Sharing Service service terminated with the following error:
%%1008

Error: (06/04/2016 09:40:56 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: 1068upnphostUnavailable{204810B9-73B2-11D4-BF42-00B0D0118B56}

Error: (06/04/2016 09:40:56 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
%%1058

Error: (06/04/2016 09:40:31 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

CodeIntegrity:
===================================
  Date: 2016-06-04 00:43:51.848
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-04 00:43:51.808
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-03 20:00:31.943
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-03 19:27:30.182
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-02 21:10:52.313
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-02 21:10:52.234
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-02 14:19:56.886
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-02 14:19:56.877
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-02 14:19:56.867
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-02 14:19:49.729
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel® Core™ i7-6500U CPU @ 2.50GHz
Percentage of memory in use: 23%
Total physical RAM: 16266.41 MB
Available physical RAM: 12418.68 MB
Total Virtual: 18698.41 MB
Available Virtual: 14677.16 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:917.03 GB) (Free:760.75 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:13.53 GB) (Free:1.63 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: DB1E0280)

Partition: GPT.

==================== End of Addition.txt ============================



#7 shley

shley
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 04 June 2016 - 12:18 PM

Here's another mystery.  When I work with .pdf's, and make a change, I am suddenly now seeing temp files in the directory where the .pdf is stored.  Please see screen shot.

Attached Files



#8 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:06:13 PM

Posted 06 June 2016 - 10:27 PM

Sorry for the wait. I spent extra time on these logs, and I have to say that I didn't find any evidence of malware. That's not to say you don't have problems, you do. These problems stem, I believe, from software conflicts. Fixing these conflicts isn't really my area, but there are some steps we can take here to see if they can't be resolved. If you wish, I can refer you to our Windows 10 forum, but the steps to follow are mostly the same ones they will probably start with there.

:step1:

We need to run a fix with FRST:
  • Please download the attached fixlist.txt file and save it to the same location as FRST
    Note: It's important that both files, FRST64.exe and fixlist.txt are in the same location or the fix will not work



    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply. There will also be a file named Upload.zip. What to do with that follows. And your computer will reboot.
What to do with the files in Upload.zip

1. Please go to here.
2. Where it asks for the"Link to topic where this file was requested" copy and paste in:
http://www.bleepingcomputer.com/forums/t/615788/suspecting-malmare-critical-ms-sign-in-error-suddently-et-al/#entry40109323. 
Where it says "Browse to the file you want to submit", browse to Suspect path:
C:\Users\vinto\Desktop\Upload.zip
Press the Send File button.

:step2:

I see you have Revo Uninstaller Pro 3.1.6, and were going to be needing it now. You have multiple Anti Viruses running, never a good thing, because they tend to fight over files.
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s), or anything similar, to remove it:
    HitmanPro 3.7
    RogueKiller version 12
    Kapersky
    
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish
If any of these programs are not showing in Revo, let me know.

I must tell you that this will leave you without any Anti Virus for the time being. We have to find out what is causing these problems, and many times an Anti Virus is the culprit. So please use extras caution wile using the Internet.

I would suggest turning on Windows Defender, unfortunately I'm not sure it will work due to a program HP installed on this machine.

:step3:

To deal with the Sign In critical error message:
  • Download this file:
  • Right click and choose "Run as administrator".
  • A black box will briefly appear.
:step4:
Let's check your hard drive for errors:

1. Open This PC in File Explorer.

2. Right click or press and hold on a hard disk drive (HDD or SSD) you want to scan, and click/tap on Properties

3. Click/tap on the Tools tab, and click/tap on the Check button under the topError checking section.

4. You can now Scan drive (if wanted) or Repair drive (if errors found)


Reboot your computer. If there were any errors, let Windows fix them.

When your computer is running again:
1) Tell me if that Sign in critical error returns, or not.
2) Open up a PDF file and see if there are still problems with them, or not
3) The same with Adobe Flash.
4) The status of your hard drive.
5) Please post the results of fixlog.txt.
6) The make and model of this computer.

Any question please let me know.

Edited by Bezukhov, 06 June 2016 - 10:30 PM.

To err is Human. To blame it on someone else is even more Human.

#9 shley

shley
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 06 June 2016 - 11:20 PM

I have submitted the file upload.zip on the page you referenced.

I have a question... removing Kaspersky?  This is my primary A/V.  Shouldn't this remain?

 

EDIT:  Never mind.  I didn't read far enough.  -  Uninstalling the 3 programs successfully.


Edited by shley, 06 June 2016 - 11:31 PM.


#10 shley

shley
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 07 June 2016 - 12:04 AM

When your computer is running again:
1) Tell me if that Sign in critical error returns, or not.
2) Open up a PDF file and see if there are still problems with them, or not
3) The same with Adobe Flash.
4) The status of your hard drive.
5) Please post the results of fixlog.txt.
6) The make and model of this computer.

 

 

Ok, so I do not see a critical error when signing in... not sure if an error is getting tripped in the Event Log (I find that difficult to navigate).

I still have the Acrobat error 16 message (see attached screen shot).  I have tried several time to reinstall and even used Adobe's remover tool.  If I make the .exe file only run as Administrator, I will not get the error but that is really hard to use the program that way all the time.  Also, earlier today I noticed a DDO or DDE error message while I had a .pdf briefly open.

I am still seeing the Flash issue, too.  Almost like I have no flash.  I have tried to reset IE as well as take it out completely with Add Features module.

No errors on HD!

I attached the log file for you, too.

This unit is a newer machine.  HP ENVY Notebook - 15t, product #M9U50AV.

 

Thank you.

Attached Files



#11 shley

shley
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 07 June 2016 - 03:03 PM

An update:  Flash appears to work fine in Firefox browser (I installed).

[EDIT: Actually, it isn't working exactly correctly.  The volume is stuck on 50% and if I try to fast forward, the video goes all the way back to the beginning.]

 

Acrobat is still not working right.  I noticed something interesting.  I can actually open up a .pdf and quickly do something (e.g., delete one page and save it), before I receive that message that ultimately closes down the application altogether.  It seems as if there are a few seconds that pass by before that message appears... I suppose related to it checking license?  (License is valid).  Also, Adobe does not even offer telephone or chat support for the Acrobat issue.

 

For Windows Flash, I am thinking there is something wrong with the embedded flash and was wondering if it is related to the Macromed folder in system32?  But why it - or wherever the issue lies - would not be fixed by reinstalling IE 11 is beyond my understanding.

 

I am losing faith in Adobe quickly.

Thanks for your help,

shley


Edited by shley, 07 June 2016 - 03:15 PM.


#12 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:06:13 PM

Posted 09 June 2016 - 10:05 AM

I'm back, and I hope my research was not in vain.

First up, since it wasn't a problem, is to please reinstall Kapersky if you haven't done so already.

Next I want to take a look at this System Properties issue.
  • Right click on the Start button.
  • Choose Control Panel.
  • Click on Security and Maintenance
  • In the Security and Maintenance Widow, under Maintenance click the View problems to report.
  • When the Problem widow appears click Copy to clipboard
  • Paste that log in your next reply.
This is to remedy the DDE problem.
  • Choose Edit >Preferences.
  • In the Categories list on the left, select Security (Enhanced).
  • In the Sandbox Protections section, select or deselect Enable Protected Mode At Startup.
  • The changes take effect the next time you start the application.
Now to stop that Run as administrator issue.
  • Click on the Start button.
  • Search for Acrobat
  • When you find it, right click on it and choose More
  • Next pick Run as Administrator
  • Accept any prompt from User Account Control
You should now reboot your computer to make sure these changes stick. Let me know if these suggestions work, or if they don't.
To err is Human. To blame it on someone else is even more Human.

#13 shley

shley
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 09 June 2016 - 10:38 AM

Hello,

I do not have a "View problems to report." option.  See screenshot. 

Should I have this option?  I am the only user.  I have admin rights.

Kaspersky is re-installed.

I'll wait to hear back from you.

Attached Files



#14 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:06:13 PM

Posted 09 June 2016 - 02:06 PM

I'll get back to you on that. Go ahead on the rest of that to do list.
To err is Human. To blame it on someone else is even more Human.

#15 shley

shley
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 09 June 2016 - 08:33 PM

I am not sure if the DDE instructions match up with what I have as options but I think I correctly toggled the switch.  Now, I will have to wait and see but in the meantime, I am still receiving the Error 16 Config error everytime I open up a .pdf.  Still do not understand why removing it and re-installing would not fix it.

 

I am a bit confused about Run as Admin instructions.  What file are you saying to go to exactly?  I have no "More" option. 

If I navigate to C:\ProgramFiles(x86)\Adobe\Acrobat 11.0\Acrobat ,

I can locate Acrobat.exe.

Now, this is the file I had changed to only run As Administrator to see if it fixed the problem.  It does but I cannot have this setting on like this because it won't work in certain situations (besides the fact that it is a nuisance and takes longer).
Is this the file you were thinking of locating? 

Thank you for helping!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users