Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

critical error pop up


  • This topic is locked This topic is locked
4 replies to this topic

#1 pacha34

pacha34

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 06 November 2016 - 07:58 AM

Started getting this flashing pop up threatening to steal all my passwords etc yesterday on various pages.

So i spent the day running adw cleaner and jrt and spybot and spyhunter etc which cleared out some temp files and fixed a few registry issues but today it's back again.

So i'm here again looking for help.

 

After running FRST I deleted and uninstalled a bunch of files and programmes from mcafee, mywinlocker, all the acer games, old avg files etc

I just noticed you have a self help page now but I'm not sure if this error message was the same one.

So hopefully you dont mind checking through my logs :)

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-11-2016
Ran by Frank (administrator) on FRANK-PC (06-11-2016 11:02:16)
Running from C:\Users\Frank\Desktop
Loaded Profiles: Frank (Available Profiles: Frank)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2588968 2010-11-12] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-05-24] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVG_TRAY] => "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [60136 2016-10-25] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [916072 2016-10-17] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-1637433389-394192189-160962988-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8641240 2016-02-12] (Piriform Ltd)
HKU\S-1-5-21-1637433389-394192189-160962988-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{0D0746BA-2739-4106-BC8D-90903D8FCEA8}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{64761325-686B-4B74-8973-77BE82251C4E}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-1637433389-394192189-160962988-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
HKU\S-1-5-21-1637433389-394192189-160962988-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://acer.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1637433389-394192189-160962988-1001 -> DefaultScope {A0947466-4CFC-4036-9DF3-F469B0763513} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: AVG Do Not Track -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll => No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\fj9u9zet.default-1475320115558 [2016-11-06]
FF Homepage: Mozilla\Firefox\Profiles\fj9u9zet.default-1475320115558 -> hxxps://login.yahoo.com/?.src=ym&.intl=us&.lang=en-US&.done=https%3a//mail.yahoo.com
FF Extension: (1-Click YouTube Video Downloader) - C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\fj9u9zet.default-1475320115558\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2016-10-01]
FF Extension: (Youtube Converter MP3) - C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\fj9u9zet.default-1475320115558\Extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a5}.xpi [2016-10-01]
FF Extension: (Download YouTube Videos as MP4) - C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\fj9u9zet.default-1475320115558\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2016-10-07]
FF Extension: (Adblock Plus) - C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\fj9u9zet.default-1475320115558\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-10-28]
FF HKLM-x32\...\Firefox\Extensions: [{F53C93F1-07D5-430c-86D4-C9531B27DFAF}] - C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack => not found
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2014-03-11]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_205.dll [2016-10-26] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_205.dll [2016-10-26] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1637433389-394192189-160962988-1001: SkypePlugin -> C:\Users\Frank\AppData\Local\SkypePlugin\7.27.0.105\npGatewayNpapi.dll [2016-10-20] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-1637433389-394192189-160962988-1001: SkypePlugin64 -> C:\Users\Frank\AppData\Local\SkypePlugin\7.27.0.105\npGatewayNpapi-x64.dll [2016-10-20] (Skype Technologies S.A.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1089088 2016-10-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [475232 2016-10-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [475232 2016-10-17] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1488240 2016-10-17] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [337664 2016-10-25] (Avira Operations GmbH & Co. KG)
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-29] (Acer Incorporated)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [177432 2016-10-17] (Avira Operations GmbH & Co. KG)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-09-04] (AVG Technologies)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [145536 2016-10-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2016-10-17] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [79696 2016-10-17] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [31720 2016-10-17] (Avira Operations GmbH & Co. KG)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 pfc; C:\Windows\SysWOW64\drivers\pfc.sys [14604 2003-08-11] (Padus, Inc.) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-06 11:02 - 2016-11-06 11:04 - 00013015 _____ C:\Users\Frank\Desktop\FRST.txt
2016-11-06 11:01 - 2016-11-06 11:02 - 00000000 ____D C:\FRST
2016-11-06 10:59 - 2016-11-06 10:59 - 02409984 _____ (Farbar) C:\Users\Frank\Desktop\FRST64.exe
2016-11-06 10:37 - 2016-11-06 10:38 - 00000085 _____ C:\Windows\wininit.ini
2016-11-06 07:37 - 2016-11-06 07:37 - 00000000 _____ C:\autoexec.bat
2016-11-05 21:17 - 2016-11-05 21:17 - 00000000 _____ C:\Windows\SysWOW64\shoB008.tmp
2016-11-05 19:25 - 2015-01-08 23:44 - 00419936 _____ C:\Windows\SysWOW64\locale.nls
2016-11-05 19:25 - 2015-01-08 23:43 - 00419936 _____ C:\Windows\system32\locale.nls
2016-11-05 17:06 - 2016-11-05 17:06 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-11-05 17:06 - 2016-11-05 17:06 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-11-05 17:06 - 2016-11-05 17:06 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-11-05 17:06 - 2016-11-05 17:06 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-11-05 17:06 - 2016-11-05 17:06 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-11-05 17:06 - 2016-11-05 17:06 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-11-05 17:06 - 2016-11-05 17:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-11-05 17:06 - 2016-11-05 17:06 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-11-05 17:06 - 2016-11-05 17:06 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-11-05 17:06 - 2016-11-05 17:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-11-05 17:06 - 2016-11-05 17:06 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-11-05 17:06 - 2016-11-05 17:06 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-11-05 17:06 - 2016-11-05 17:06 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-11-05 17:06 - 2016-11-05 17:06 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-11-05 17:06 - 2016-11-05 17:06 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2016-11-05 17:06 - 2016-11-05 17:06 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-11-05 17:06 - 2016-11-05 17:06 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-11-05 17:06 - 2016-11-05 17:06 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-11-05 17:06 - 2016-11-05 17:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-11-05 17:06 - 2016-11-05 17:06 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-11-05 17:06 - 2016-11-05 17:06 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2016-11-05 17:06 - 2016-11-05 17:06 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-11-05 17:06 - 2016-11-05 17:06 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-11-05 17:06 - 2016-11-05 17:06 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2016-11-05 17:06 - 2016-11-05 17:06 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-11-05 17:06 - 2016-11-05 17:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-11-05 17:06 - 2016-11-05 17:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-11-05 17:06 - 2016-11-05 17:06 - 00342728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-11-05 17:06 - 2016-11-05 17:06 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-11-05 17:06 - 2016-11-05 17:06 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-11-05 17:06 - 2016-11-05 17:06 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2016-11-05 17:06 - 2016-11-05 17:06 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2016-11-05 17:06 - 2016-11-05 17:06 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2016-11-05 17:06 - 2016-11-05 17:06 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-11-05 17:06 - 2016-11-05 17:06 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-11-05 17:06 - 2016-11-05 17:06 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2016-11-05 17:06 - 2016-11-05 17:06 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2016-11-05 17:06 - 2016-11-05 17:06 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-11-05 17:06 - 2016-11-05 17:06 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2016-11-05 17:06 - 2016-11-05 17:06 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2016-11-05 17:06 - 2016-11-05 17:06 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2016-11-05 17:06 - 2016-11-05 17:06 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-11-05 17:06 - 2016-11-05 17:06 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2016-11-05 17:06 - 2016-11-05 17:06 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-11-05 17:06 - 2016-11-05 17:06 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2016-11-05 17:06 - 2016-11-05 17:06 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2016-11-05 17:06 - 2016-11-05 17:06 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2016-11-05 17:06 - 2016-11-05 17:06 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2016-11-05 17:06 - 2016-11-05 17:06 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2016-11-05 17:06 - 2016-11-05 17:06 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-11-05 17:06 - 2016-11-05 17:06 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-11-05 17:06 - 2016-11-05 17:06 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2016-11-05 17:06 - 2016-11-05 17:06 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2016-11-05 17:06 - 2016-11-05 17:06 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2016-11-05 17:06 - 2016-11-05 17:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-11-05 17:06 - 2016-11-05 17:06 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2016-11-05 17:06 - 2016-11-05 17:06 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-11-05 17:06 - 2016-11-05 17:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-11-05 17:06 - 2016-11-05 17:06 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2016-11-05 17:06 - 2016-11-05 17:06 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-11-05 17:06 - 2016-11-05 17:06 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2016-11-05 17:06 - 2016-11-05 17:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2016-11-05 17:06 - 2016-11-05 17:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2016-11-05 17:06 - 2016-11-05 17:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-11-05 17:06 - 2016-11-05 17:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-11-05 17:06 - 2016-11-05 17:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2016-11-05 17:06 - 2016-11-05 17:06 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2016-11-05 17:06 - 2016-11-05 17:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-11-05 17:06 - 2016-11-05 17:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2016-11-05 17:06 - 2016-11-05 17:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2016-11-05 17:06 - 2016-11-05 17:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2016-11-05 17:06 - 2016-11-05 17:06 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2016-11-05 17:05 - 2016-11-05 17:05 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-11-05 17:05 - 2016-11-05 17:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-11-05 17:05 - 2016-11-05 17:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-11-05 17:05 - 2016-11-05 17:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-11-05 17:05 - 2016-11-05 17:05 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-11-05 17:05 - 2016-11-05 17:05 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-11-05 17:05 - 2016-11-05 17:05 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-11-05 17:05 - 2016-11-05 17:05 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-11-05 17:05 - 2016-11-05 17:05 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2016-11-05 17:05 - 2016-11-05 17:05 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-11-05 17:05 - 2016-11-05 17:05 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-11-05 17:05 - 2016-11-05 17:05 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-11-05 17:05 - 2016-11-05 17:05 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-11-05 17:05 - 2016-11-05 17:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-11-05 17:05 - 2016-11-05 17:05 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-11-05 17:05 - 2016-11-05 17:05 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2016-11-05 17:05 - 2016-11-05 17:05 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2016-11-05 17:05 - 2016-11-05 17:05 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-11-05 17:05 - 2016-11-05 17:05 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-11-05 17:05 - 2016-11-05 17:05 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2016-11-05 17:05 - 2016-11-05 17:05 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2016-11-05 17:05 - 2016-11-05 17:05 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-11-05 17:05 - 2016-11-05 17:05 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-11-05 17:05 - 2016-11-05 17:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-11-05 17:05 - 2016-11-05 17:05 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-11-05 17:05 - 2016-11-05 17:05 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2016-11-05 17:05 - 2016-11-05 17:05 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-11-05 17:05 - 2016-11-05 17:05 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2016-11-05 17:05 - 2016-11-05 17:05 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-11-05 17:05 - 2016-11-05 17:05 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2016-11-05 17:05 - 2016-11-05 17:05 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-11-05 17:05 - 2016-11-05 17:05 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2016-11-05 17:05 - 2016-11-05 17:05 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-11-05 17:05 - 2016-11-05 17:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2016-11-05 17:05 - 2016-11-05 17:05 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2016-11-05 17:05 - 2016-11-05 17:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-11-05 16:50 - 2016-11-05 16:51 - 00000000 ____D C:\Users\Frank\Downloads\zad2 dressup
2016-11-05 16:46 - 2016-11-05 16:51 - 00000000 ____D C:\Users\Frank\Downloads\vintage
2016-11-05 15:22 - 2016-11-05 15:22 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2016-11-05 15:22 - 2016-11-05 15:22 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-11-05 15:22 - 2016-11-05 15:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-11-05 11:21 - 2016-11-05 11:21 - 00000000 ____D C:\Program Files\Common Files\AV
2016-11-05 10:30 - 2016-11-05 10:30 - 00000000 ____D C:\Users\Frank\AppData\Roaming\Avira
2016-11-05 10:23 - 2016-11-05 10:23 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
2016-11-05 10:23 - 2016-10-17 11:18 - 00031720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avusbflt.sys
2016-11-05 10:21 - 2016-10-17 11:18 - 00177432 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2016-11-05 10:21 - 2016-10-17 11:18 - 00145536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2016-11-05 10:21 - 2016-10-17 11:18 - 00079696 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2016-11-05 10:21 - 2016-10-17 11:18 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2016-11-05 10:16 - 2016-11-05 10:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-11-05 10:15 - 2016-11-05 10:20 - 00000000 ____D C:\ProgramData\Avira
2016-11-05 10:15 - 2016-11-05 10:20 - 00000000 ____D C:\Program Files (x86)\Avira
2016-11-05 10:15 - 2016-11-05 10:15 - 00000000 ____D C:\ProgramData\Package Cache
2016-11-05 10:05 - 2016-11-05 10:05 - 00000000 ____D C:\Users\Frank\AppData\Local\MFAData
2016-11-05 10:01 - 2016-11-05 10:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluge
2016-11-05 10:00 - 2016-11-05 10:01 - 00000000 ____D C:\Program Files (x86)\Deluge
2016-11-05 09:17 - 2016-11-05 09:17 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2016-11-05 09:15 - 2016-11-06 10:42 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-11-05 09:15 - 2016-11-06 10:38 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-11-05 05:20 - 2015-01-09 03:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2016-11-05 05:20 - 2015-01-09 03:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2016-11-05 05:20 - 2015-01-09 03:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2016-11-05 05:20 - 2015-01-09 02:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2016-11-05 05:17 - 2016-07-08 15:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-11-05 05:17 - 2016-07-08 15:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-11-05 05:17 - 2016-03-06 18:53 - 01885696 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-11-05 05:17 - 2016-03-06 18:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2016-11-05 05:17 - 2016-03-06 18:38 - 01240576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2016-11-05 05:17 - 2016-03-06 18:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2016-11-05 05:16 - 2016-06-26 00:27 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-11-05 05:16 - 2016-06-26 00:27 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-11-05 05:16 - 2016-06-26 00:27 - 00344576 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2016-11-05 05:16 - 2016-06-26 00:27 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2016-11-05 05:16 - 2016-06-26 00:27 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
2016-11-05 05:16 - 2016-06-25 19:54 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-11-05 05:16 - 2016-06-25 19:53 - 00297472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2016-11-05 05:16 - 2016-06-25 19:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2016-11-05 05:16 - 2016-06-25 19:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
2016-11-05 05:16 - 2016-06-25 19:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
2016-11-05 05:16 - 2016-03-17 22:56 - 02084864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-11-05 05:16 - 2016-03-17 22:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-11-05 05:15 - 2016-07-08 15:37 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-11-05 05:15 - 2016-07-08 15:37 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-11-05 05:15 - 2016-07-08 15:32 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-11-05 05:15 - 2016-07-08 15:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-11-05 05:15 - 2016-07-08 15:32 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-11-05 05:15 - 2016-07-08 15:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-11-05 05:15 - 2016-07-08 15:32 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-11-05 05:15 - 2016-07-08 15:32 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-11-05 05:15 - 2016-07-08 15:32 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-11-05 05:15 - 2016-07-08 15:32 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-11-05 05:15 - 2016-07-08 15:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-11-05 05:15 - 2016-07-08 15:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-11-05 05:15 - 2016-07-08 15:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-11-05 05:15 - 2016-07-08 15:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-11-05 05:15 - 2016-07-08 15:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-11-05 05:15 - 2016-07-08 15:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-11-05 05:15 - 2016-07-08 15:32 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-11-05 05:15 - 2016-07-08 15:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-11-05 05:15 - 2016-07-08 15:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-11-05 05:15 - 2016-07-08 15:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-11-05 05:15 - 2016-07-08 15:17 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-11-05 05:15 - 2016-07-08 15:17 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-11-05 05:15 - 2016-07-08 15:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-11-05 05:15 - 2016-07-08 15:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-11-05 05:15 - 2016-07-08 15:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-11-05 05:15 - 2016-07-08 15:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-11-05 05:15 - 2016-07-08 15:16 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-11-05 05:15 - 2016-07-08 15:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-11-05 05:15 - 2016-07-08 15:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-11-05 05:15 - 2016-07-08 15:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-11-05 05:15 - 2016-07-08 15:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-11-05 05:15 - 2016-07-08 15:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-11-05 05:15 - 2016-07-08 15:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-11-05 05:15 - 2016-07-08 15:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-11-05 05:15 - 2016-07-08 15:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-11-05 05:15 - 2016-07-08 15:03 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-11-05 05:15 - 2016-07-08 14:57 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-11-05 05:15 - 2016-07-08 14:56 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-11-05 05:15 - 2016-07-08 14:56 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-11-05 05:15 - 2016-07-08 14:55 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-11-05 05:15 - 2016-07-08 14:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-11-05 05:15 - 2016-07-08 14:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-11-05 05:15 - 2016-05-12 14:58 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-11-05 05:15 - 2016-05-12 14:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-11-05 05:15 - 2016-05-12 14:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-11-05 05:15 - 2016-05-12 13:05 - 00459640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-11-05 05:15 - 2016-05-12 13:05 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-11-05 05:15 - 2016-05-12 13:04 - 00249352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-11-05 05:15 - 2016-04-09 07:01 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-11-05 05:15 - 2016-04-09 07:01 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-11-05 05:15 - 2016-04-09 06:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-11-05 05:15 - 2016-02-05 18:56 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll
2016-11-05 05:15 - 2016-02-05 18:54 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2016-11-05 05:15 - 2016-02-05 17:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tbs.dll
2016-11-05 05:15 - 2015-11-10 18:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-11-05 05:15 - 2015-11-10 18:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-11-05 05:15 - 2015-11-10 18:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2016-11-05 05:15 - 2015-06-03 20:21 - 00451080 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2016-11-05 05:14 - 2016-04-09 07:02 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-11-05 05:14 - 2016-04-09 07:01 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-11-05 05:14 - 2016-04-09 07:01 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-11-05 05:14 - 2016-04-09 06:59 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-11-05 05:14 - 2016-04-09 06:59 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-11-05 05:14 - 2016-04-09 06:59 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-11-05 05:14 - 2016-04-09 06:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-11-05 05:14 - 2016-04-09 06:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-11-05 05:14 - 2016-04-09 06:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-11-05 05:14 - 2016-04-09 06:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-11-05 05:14 - 2016-04-09 06:58 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-11-05 05:14 - 2016-04-09 06:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-11-05 05:14 - 2016-04-09 06:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-11-05 05:14 - 2016-04-09 06:57 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-11-05 05:14 - 2016-04-09 06:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-11-05 05:14 - 2016-04-09 06:57 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-11-05 05:14 - 2016-04-09 06:57 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-11-05 05:14 - 2016-04-09 06:57 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-11-05 05:14 - 2016-04-09 06:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-11-05 05:14 - 2016-04-09 06:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-11-05 05:14 - 2016-04-09 06:57 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-11-05 05:14 - 2016-04-09 06:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-11-05 05:14 - 2016-04-09 06:57 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-11-05 05:14 - 2016-04-09 06:57 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-11-05 05:14 - 2016-04-09 06:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-05 05:14 - 2016-04-09 06:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-11-05 05:14 - 2016-04-09 06:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-05 05:14 - 2016-04-09 06:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-11-05 05:14 - 2016-04-09 06:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-11-05 05:14 - 2016-04-09 06:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-11-05 05:14 - 2016-04-09 06:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-05 05:14 - 2016-04-09 06:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-11-05 05:14 - 2016-04-09 06:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-05 05:14 - 2016-04-09 06:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-11-05 05:14 - 2016-04-09 06:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-11-05 05:14 - 2016-04-09 06:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-11-05 05:14 - 2016-04-09 06:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-11-05 05:14 - 2016-04-09 06:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-11-05 05:14 - 2016-04-09 06:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-11-05 05:14 - 2016-04-09 06:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-11-05 05:14 - 2016-04-09 06:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-11-05 05:14 - 2016-04-09 06:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-11-05 05:14 - 2016-04-09 06:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-05 05:14 - 2016-04-09 06:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-11-05 05:14 - 2016-04-09 06:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-11-05 05:14 - 2016-04-09 06:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-11-05 05:14 - 2016-04-09 06:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-11-05 05:14 - 2016-04-09 06:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-11-05 05:14 - 2016-04-09 06:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-11-05 05:14 - 2016-04-09 06:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-11-05 05:14 - 2016-04-09 06:54 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-11-05 05:14 - 2016-04-09 06:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-11-05 05:14 - 2016-04-09 06:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-11-05 05:14 - 2016-04-09 06:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-11-05 05:14 - 2016-04-09 06:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-11-05 05:14 - 2016-04-09 06:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-11-05 05:14 - 2016-04-09 06:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-11-05 05:14 - 2016-04-09 06:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-11-05 05:14 - 2016-04-09 06:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-11-05 05:14 - 2016-04-09 06:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-05 05:14 - 2016-04-09 06:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-11-05 05:14 - 2016-04-09 06:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-11-05 05:14 - 2016-04-09 06:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-11-05 05:14 - 2016-04-09 06:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-11-05 05:14 - 2016-04-09 06:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-11-05 05:14 - 2016-04-09 06:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-05 05:14 - 2016-04-09 06:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-11-05 05:14 - 2016-04-09 06:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-11-05 05:14 - 2016-04-09 06:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-05 05:14 - 2016-04-09 06:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-11-05 05:14 - 2016-04-09 06:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-11-05 05:14 - 2016-04-09 06:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-05 05:14 - 2016-04-09 06:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-11-05 05:14 - 2016-04-09 06:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-11-05 05:14 - 2016-04-09 06:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-11-05 05:14 - 2016-04-09 06:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-11-05 05:14 - 2016-04-09 06:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-11-05 05:14 - 2016-04-09 06:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-11-05 05:14 - 2016-04-09 06:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-11-05 05:14 - 2016-04-09 06:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-11-05 05:14 - 2016-04-09 06:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-11-05 05:14 - 2016-04-09 05:52 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-11-05 05:14 - 2016-04-09 05:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-11-05 05:14 - 2016-04-09 05:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-11-05 05:14 - 2016-04-09 05:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-11-05 05:14 - 2016-04-09 05:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-11-05 05:14 - 2016-04-09 05:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-11-05 05:14 - 2016-04-09 05:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-11-05 05:14 - 2016-04-09 05:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-11-05 05:14 - 2016-04-09 05:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-11-05 05:14 - 2016-04-09 05:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-11-05 05:14 - 2016-04-09 05:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-11-05 05:14 - 2016-04-09 05:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-05 05:14 - 2016-04-09 05:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-11-05 05:14 - 2016-04-09 05:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-11-05 05:13 - 2016-05-13 22:15 - 00382184 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-11-05 05:13 - 2016-05-13 22:09 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-11-05 05:13 - 2016-05-13 22:09 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-11-05 05:13 - 2016-05-13 22:09 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-11-05 05:13 - 2016-05-13 22:09 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-11-05 05:13 - 2016-05-13 21:54 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-11-05 05:13 - 2016-05-13 21:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-11-05 05:13 - 2016-05-13 21:49 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-11-05 05:13 - 2016-05-13 21:49 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-11-05 05:13 - 2016-05-13 21:27 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-11-05 05:13 - 2016-04-14 16:46 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-11-05 05:13 - 2016-04-14 16:42 - 03243520 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-11-05 05:13 - 2016-04-14 16:42 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-11-05 05:13 - 2016-04-14 16:42 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-11-05 05:13 - 2016-04-14 16:42 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-11-05 05:13 - 2016-04-14 16:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-11-05 05:13 - 2016-04-14 15:33 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-11-05 05:13 - 2016-04-14 15:33 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-11-05 05:13 - 2016-04-14 15:33 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-11-05 05:13 - 2016-04-14 15:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-11-05 05:13 - 2016-04-14 15:19 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-11-05 05:13 - 2016-04-14 15:11 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-11-05 05:13 - 2016-04-09 04:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-11-05 05:13 - 2016-04-09 03:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-11-05 05:13 - 2015-07-30 18:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2016-11-05 05:13 - 2015-07-30 17:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2016-11-05 05:13 - 2013-11-22 22:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2016-11-05 05:12 - 2016-05-12 17:15 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
2016-11-05 05:12 - 2016-05-12 17:14 - 00794624 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-11-05 05:12 - 2016-05-12 17:14 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-11-05 05:12 - 2016-05-12 17:14 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-11-05 05:12 - 2016-05-12 17:14 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-11-05 05:12 - 2016-05-12 17:14 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-11-05 05:12 - 2016-05-12 15:18 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2016-11-05 05:12 - 2016-05-12 15:18 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2016-11-05 05:12 - 2016-05-12 15:18 - 00070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipsec.dll
2016-11-05 05:12 - 2016-05-12 15:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2016-11-05 05:12 - 2016-05-11 17:02 - 00483840 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-11-05 05:12 - 2016-05-11 17:02 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-11-05 05:12 - 2016-05-11 17:02 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-11-05 05:12 - 2016-05-11 17:02 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-11-05 05:12 - 2016-05-11 15:19 - 00363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2016-11-05 05:12 - 2016-05-11 15:19 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-11-05 05:12 - 2016-05-11 15:19 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-11-05 05:12 - 2016-05-11 15:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-11-05 05:12 - 2016-05-11 15:11 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2016-11-05 05:12 - 2016-05-11 15:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2016-11-05 05:12 - 2016-05-11 14:58 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-11-05 05:12 - 2016-04-14 13:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-11-05 05:12 - 2016-04-14 13:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-11-05 05:12 - 2015-12-08 21:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-11-05 05:12 - 2015-12-08 19:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-11-05 05:12 - 2013-11-26 08:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2016-11-05 05:11 - 2016-07-08 15:01 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-11-05 05:11 - 2016-05-18 16:10 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-11-05 05:11 - 2016-05-18 16:09 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-11-05 05:11 - 2016-04-06 15:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-11-05 05:11 - 2016-03-16 18:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-11-05 05:11 - 2016-03-16 18:28 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-11-05 05:11 - 2016-03-16 18:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-11-05 05:11 - 2016-03-09 19:00 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2016-11-05 05:11 - 2016-03-09 18:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-11-05 05:11 - 2016-03-09 18:40 - 00316416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2016-11-05 05:11 - 2016-03-09 18:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-11-05 05:11 - 2015-02-04 03:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2016-11-05 05:11 - 2015-02-04 02:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2016-11-05 05:10 - 2016-02-02 18:57 - 00511488 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2016-11-05 05:10 - 2014-01-28 02:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2016-11-05 05:10 - 2013-10-30 02:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2016-11-05 05:10 - 2013-10-30 02:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2016-11-05 05:08 - 2015-05-25 18:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2016-11-05 05:08 - 2015-05-25 18:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2016-11-05 05:08 - 2015-05-25 18:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2016-11-05 05:08 - 2015-05-25 18:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2016-11-05 05:08 - 2015-05-25 18:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2016-11-05 05:08 - 2015-05-25 18:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2016-11-05 05:08 - 2015-05-25 18:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2016-11-05 05:08 - 2015-05-25 18:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2016-11-05 05:08 - 2015-05-25 18:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2016-11-05 05:08 - 2015-05-25 18:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2016-11-05 05:08 - 2015-05-25 18:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2016-11-05 05:08 - 2015-05-25 18:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2016-11-05 05:07 - 2016-01-21 00:51 - 00073664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2016-11-05 05:07 - 2015-11-19 14:07 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-11-05 05:07 - 2015-11-19 14:07 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-11-05 05:07 - 2015-11-19 14:07 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-11-05 05:07 - 2015-11-19 14:07 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-11-05 05:07 - 2015-11-19 14:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-11-05 05:07 - 2015-11-19 14:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-11-05 05:07 - 2015-11-19 14:07 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-11-05 05:07 - 2015-11-19 14:07 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-11-05 05:07 - 2015-11-19 14:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-11-05 05:07 - 2015-11-19 14:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-11-05 05:07 - 2015-11-19 14:07 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-11-05 05:07 - 2015-11-19 14:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-11-05 05:07 - 2015-11-19 14:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-11-05 05:07 - 2015-11-19 14:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-11-05 05:07 - 2015-11-19 14:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-11-05 05:07 - 2015-11-19 14:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-11-05 05:07 - 2015-11-19 14:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-11-05 05:07 - 2015-11-19 14:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-11-05 05:07 - 2015-11-19 14:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-11-05 05:07 - 2015-11-19 14:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-11-05 05:07 - 2015-11-19 14:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-11-05 05:07 - 2015-11-19 14:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-11-05 05:07 - 2015-11-19 14:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-11-05 05:07 - 2015-11-19 14:06 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-11-05 05:07 - 2015-11-19 14:06 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-11-05 05:07 - 2015-11-19 14:06 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-11-05 05:07 - 2015-11-19 14:06 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-11-05 05:07 - 2015-11-19 14:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-11-05 05:07 - 2015-11-19 14:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-11-05 05:07 - 2015-11-19 14:06 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-11-05 05:07 - 2015-11-19 14:06 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-11-05 05:07 - 2015-11-19 14:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-11-05 05:07 - 2015-11-19 14:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-11-05 05:07 - 2015-11-19 14:06 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-11-05 05:07 - 2015-11-19 14:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-11-05 05:07 - 2015-11-19 14:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-11-05 05:07 - 2015-11-19 14:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-11-05 05:07 - 2015-11-19 14:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-11-05 05:07 - 2015-11-19 14:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-11-05 05:07 - 2015-11-19 14:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-11-05 05:07 - 2015-11-19 14:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-11-05 05:07 - 2015-11-19 14:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-11-05 05:07 - 2015-11-19 14:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-11-05 05:07 - 2015-11-19 14:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-11-05 05:07 - 2015-11-19 14:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-11-05 05:07 - 2015-11-19 14:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-11-05 05:07 - 2014-08-01 11:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2016-11-05 05:07 - 2014-08-01 11:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2016-11-05 05:06 - 2015-08-27 18:18 - 02004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2016-11-05 05:06 - 2015-08-27 18:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2016-11-05 05:06 - 2015-08-27 17:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2016-11-05 05:06 - 2015-08-27 17:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2016-11-05 05:06 - 2015-07-09 17:58 - 01632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2016-11-05 05:06 - 2015-07-09 17:58 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2016-11-05 05:06 - 2015-07-09 17:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2016-11-05 05:06 - 2015-07-09 17:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2016-11-05 05:06 - 2014-10-03 02:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2016-11-05 05:05 - 2015-01-29 03:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2016-11-05 05:05 - 2015-01-29 03:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2016-11-05 05:05 - 2014-10-03 02:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2016-11-05 05:05 - 2014-10-03 02:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2016-11-05 05:05 - 2014-10-03 02:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2016-11-05 05:05 - 2014-10-03 02:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2016-11-05 05:05 - 2014-10-03 01:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2016-11-05 05:05 - 2014-10-03 01:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2016-11-05 05:05 - 2014-10-03 01:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2016-11-05 05:05 - 2014-10-03 01:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2016-11-05 05:05 - 2014-10-03 01:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2016-11-05 05:05 - 2014-07-09 02:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2016-11-05 05:05 - 2014-07-09 02:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2016-11-05 05:05 - 2014-07-09 02:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2016-11-05 05:05 - 2014-07-09 02:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2016-11-05 05:05 - 2014-07-09 02:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2016-11-05 05:05 - 2014-07-09 01:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2016-11-05 05:05 - 2014-07-09 01:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2016-11-05 05:05 - 2014-07-09 01:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2016-11-05 05:05 - 2014-07-09 01:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2016-11-05 05:05 - 2014-07-09 01:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2016-11-05 05:05 - 2013-10-04 02:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2016-11-05 05:05 - 2013-10-04 02:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2016-11-05 05:05 - 2013-10-04 01:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2016-11-05 05:05 - 2013-10-04 01:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2016-11-05 05:04 - 2013-12-04 02:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2016-11-05 05:04 - 2013-12-04 02:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2016-11-05 05:04 - 2013-12-04 02:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2016-11-05 05:04 - 2013-12-04 02:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2016-11-05 05:04 - 2013-12-04 02:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2016-11-05 05:04 - 2013-12-04 02:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2016-11-05 05:04 - 2013-12-04 02:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2016-11-05 05:04 - 2013-12-04 02:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2016-11-05 05:04 - 2013-12-04 02:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2016-11-05 05:04 - 2013-12-04 02:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2016-11-05 05:04 - 2013-12-04 02:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2016-11-05 05:04 - 2013-12-04 02:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2016-11-05 05:04 - 2013-12-04 02:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2016-11-05 05:04 - 2013-12-04 02:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2016-11-05 05:04 - 2013-12-04 01:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2016-11-05 05:04 - 2013-12-04 01:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2016-11-05 05:04 - 2013-12-04 01:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2016-11-05 05:04 - 2013-12-04 01:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2016-11-05 04:55 - 2013-08-05 02:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2016-11-05 04:53 - 2016-01-11 19:11 - 01684416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2016-11-05 04:52 - 2015-04-27 19:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-11-05 04:52 - 2015-04-27 19:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-11-05 04:52 - 2015-04-27 19:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-11-05 04:52 - 2015-04-27 19:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-11-05 04:52 - 2015-04-27 19:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-11-05 04:52 - 2015-04-27 19:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-11-05 04:52 - 2015-04-27 19:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-11-05 04:52 - 2015-04-27 19:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2016-11-04 22:14 - 2016-03-16 00:16 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-11-04 22:14 - 2016-03-16 00:16 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-11-04 22:14 - 2016-03-15 23:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2016-11-04 22:13 - 2015-10-29 17:50 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2016-11-04 22:13 - 2015-10-29 17:50 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2016-11-04 22:13 - 2015-10-29 17:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2016-11-04 22:13 - 2015-10-29 17:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2016-11-04 22:13 - 2015-10-29 17:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2016-11-04 22:13 - 2015-10-29 17:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2016-11-04 22:13 - 2015-10-29 17:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2016-11-04 22:12 - 2015-07-23 00:02 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2016-11-04 22:12 - 2015-07-23 00:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2016-11-04 22:12 - 2015-07-22 17:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2016-11-04 22:12 - 2015-07-22 16:48 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2016-11-04 22:07 - 2016-11-04 22:08 - 01631928 _____ (Malwarebytes) C:\Users\Frank\Desktop\JRT.exe
2016-11-04 22:07 - 2015-04-11 03:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2016-11-04 22:07 - 2014-02-04 02:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2016-11-04 22:07 - 2014-02-04 02:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2016-11-04 22:07 - 2014-02-04 02:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2016-11-04 22:07 - 2014-02-04 02:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2016-11-04 22:07 - 2014-02-04 02:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2016-11-04 22:04 - 2014-10-30 02:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2016-11-04 22:04 - 2014-10-30 01:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2016-11-04 21:43 - 2016-11-04 21:43 - 03910208 _____ C:\Users\Frank\Desktop\AdwCleaner.exe
2016-11-04 09:00 - 2016-11-04 21:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-10-31 20:40 - 2016-10-31 20:40 - 00004281 _____ C:\Users\Frank\Documents\personality disorders.txt
2016-10-27 13:06 - 2016-10-27 13:06 - 00000000 ____D C:\Users\Frank\Documents\Adobe
2016-10-27 12:55 - 2016-10-27 12:55 - 00000896 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Pro.lnk
2016-10-27 12:53 - 2003-08-11 09:13 - 00344064 ____R (Microsoft Corporation) C:\Windows\SysWOW64\msvcr70.dll
2016-10-27 12:53 - 2003-08-11 09:07 - 00014604 _____ (Padus, Inc.) C:\Windows\SysWOW64\Drivers\pfc.sys
2016-10-27 00:40 - 2016-10-27 00:40 - 00000000 ____D C:\Users\Frank\Tracing
2016-10-27 00:39 - 2016-10-28 06:44 - 00000000 ____D C:\Users\Frank\AppData\Local\SkypePlugin
2016-10-27 00:25 - 2016-10-12 19:34 - 00000967 _____ C:\Users\Frank\Documents\pw2016.txt
2016-10-24 12:23 - 2016-10-14 14:16 - 00000708 _____ C:\Users\Frank\Documents\pw2016.rar
2016-10-24 12:22 - 2016-05-22 15:19 - 00000203 _____ C:\Users\Frank\Documents\clint.txt
2016-10-14 06:52 - 2016-09-15 09:17 - 00000000 ____D C:\Users\Frank\Documents\Docs wrapped
2016-10-14 06:00 - 2016-10-14 06:00 - 00000000 ___SD C:\Users\Frank\AppData\LocalLow\Temp
2016-10-13 13:32 - 2016-10-13 14:53 - 00000000 ____D C:\Users\Frank\AppData\Roaming\Audacity
2016-10-13 13:32 - 2016-10-13 13:32 - 00000000 ____D C:\Users\Frank\AppData\Local\Audacity
2016-10-08 06:21 - 2016-10-08 06:18 - 00100964 _____ C:\Users\Frank\Documents\bkmks.rar

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-06 10:52 - 2009-07-14 04:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-06 10:52 - 2009-07-14 04:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-06 10:42 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-06 10:38 - 2012-09-10 22:09 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-06 10:07 - 2016-03-20 06:34 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-11-06 07:36 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\inf
2016-11-06 06:56 - 2009-07-14 05:13 - 00006490 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-06 00:21 - 2016-03-19 14:08 - 00000000 ____D C:\Users\Frank\AppData\Roaming\vlc
2016-11-05 22:15 - 2012-08-21 19:00 - 00001417 _____ C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-11-05 22:12 - 2007-07-12 01:49 - 00000000 ____D C:\Windows\Panther
2016-11-05 22:10 - 2009-07-14 04:45 - 04823768 _____ C:\Windows\system32\FNTCACHE.DAT
2016-11-05 22:08 - 2013-06-15 18:51 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-11-05 22:08 - 2013-06-15 18:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-11-05 21:12 - 2010-11-21 07:17 - 00000000 ____D C:\Program Files\Windows Journal
2016-11-05 21:12 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-11-05 21:11 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\tracing
2016-11-05 21:11 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-11-05 21:11 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\Dism
2016-11-05 21:11 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2016-11-05 19:12 - 2016-04-25 05:18 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2016-11-05 15:23 - 2011-10-19 16:15 - 00000000 ____D C:\ProgramData\Skype
2016-11-05 15:21 - 2013-06-15 18:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-11-05 15:07 - 2016-03-20 06:25 - 00000000 ____D C:\Progs
2016-11-05 14:20 - 2016-03-22 06:25 - 00000000 ____D C:\Windows\system32\MRT
2016-11-05 13:31 - 2016-03-22 06:24 - 147640136 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-11-05 11:33 - 2016-03-19 13:04 - 00000000 ____D C:\ProgramData\Avg
2016-11-05 11:33 - 2012-09-07 21:40 - 00000000 ____D C:\Windows\System32\Tasks\Games
2016-11-05 11:33 - 2012-08-25 17:24 - 00000000 ____D C:\Program Files (x86)\AVG
2016-11-05 11:32 - 2016-06-09 12:51 - 00000000 ____D C:\Users\Frank\AppData\Local\AvgSetupLog
2016-11-05 11:16 - 2012-08-23 22:18 - 00000000 ____D C:\ProgramData\MFAData
2016-11-05 07:35 - 2015-08-24 10:51 - 00000000 ____D C:\Users\Frank\Documents\New folder
2016-11-04 21:51 - 2012-08-25 19:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-11-04 21:48 - 2016-03-21 22:08 - 00000000 ____D C:\AdwCleaner
2016-11-04 20:25 - 2016-03-21 21:28 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-03 09:54 - 2011-12-25 20:49 - 00000000 ____D C:\Users\Frank\Documents\Self Help
2016-11-02 09:28 - 2016-05-09 15:30 - 00000000 ____D C:\Users\Frank\AppData\Roaming\MPC-HC
2016-10-31 04:51 - 2016-03-19 21:48 - 00000000 ____D C:\Users\Frank\AppData\Local\Avg
2016-10-27 14:12 - 2012-08-25 18:48 - 00000000 ____D C:\Users\Frank\AppData\Roaming\Skype
2016-10-27 13:06 - 2012-08-21 19:05 - 00000000 ____D C:\Users\Frank\AppData\Roaming\Adobe
2016-10-27 12:53 - 2011-10-19 17:02 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-10-27 12:53 - 2011-10-19 15:34 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-10-27 00:40 - 2012-08-22 06:57 - 00000000 ____D C:\Users\Frank
2016-10-26 21:38 - 2012-09-10 22:09 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-10-26 21:38 - 2012-09-10 22:09 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-10-26 21:38 - 2011-10-19 17:05 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-10-26 21:38 - 2011-10-19 17:05 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-10-26 21:38 - 2011-10-19 17:04 - 00000000 ____D C:\Windows\system32\Macromed
2016-10-24 12:48 - 2016-09-15 10:21 - 00000000 ____D C:\Users\Frank\Documents\Travel
2016-10-13 13:32 - 2016-03-20 07:25 - 00000000 ____D C:\Program Files (x86)\Audacity
2016-10-13 13:30 - 2016-03-20 07:28 - 00000000 ____D C:\Users\Frank\AppData\Roaming\WinFF
2016-10-12 08:39 - 2016-03-20 06:37 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-10-12 06:57 - 2016-04-11 01:23 - 00000000 ____D C:\ProgramData\Soulseek

==================== Files in the root of some directories =======

2016-03-26 14:07 - 2016-03-26 14:08 - 0008704 ___SH () C:\Users\Frank\AppData\Roaming\Thumbs.db
2015-05-31 17:36 - 2015-05-31 17:36 - 0033134 _____ () C:\Users\Frank\AppData\Roaming\UserTile.png

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-17 22:28

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2016
Ran by Frank (06-11-2016 11:06:26)
Running from C:\Users\Frank\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-08-22 06:57:47)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1637433389-394192189-160962988-500 - Administrator - Disabled)
Frank (S-1-5-21-1637433389-394192189-160962988-1001 - Administrator - Enabled) => C:\Users\Frank
Guest (S-1-5-21-1637433389-394192189-160962988-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1637433389-394192189-160962988-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1904 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1904 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3008 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3504 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3504 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0517.2011 - Acer Incorporated)
Acer VCM (HKLM-x32\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3501 - Acer Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Premiere Pro (HKLM-x32\...\{084709F7-38C5-4609-B55F-2417939315EB}) (Version: 7.0 - Adobe Systems, Inc.)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.39 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{3605D89A-BD66-F5C5-779B-BE9110B41077}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
AVG 2012 (Version: 12.1.2250 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.121.7859 - AVG Technologies)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.23.58 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{772ed258-65d1-4d57-ac70-7087049d1576}) (Version: 1.2.74.26159 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.74.26159 - Avira Operations GmbH & Co. KG) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.15 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.8.50 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Deluge 1.3.13 (HKLM-x32\...\Deluge) (Version:  - )
DjVu Viewer (HKLM-x32\...\{3A959BCB-643A-462F-A692-5B7FE4CE35AC}_is1) (Version:  - djvuviewer.com)
ETDWare PS/2-X64 8.0.6.0_WHQL (HKLM\...\Elantech) (Version: 8.0.6.0 - ELAN Microelectronic Corp.)
Evernote v. 4.5.1 (HKLM-x32\...\{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE}) (Version: 4.5.1.5451 - Evernote Corp.)
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden
Jewel Match 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Jewel Quest Solitaire (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.7 - Acer Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mixxx 1.11.0 (HKLM-x32\...\Mixxx (1.11.0)) (Version: 1.11.0 - The Mixxx Development Team)
Mozilla Firefox 49.0.2 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 49.0.2 (x86 en-GB)) (Version: 49.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.2.6136 - Mozilla)
MPC-HC 1.7.6 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.6 - MPC-HC Team)
MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.19 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skip-Bo - Castaway Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
Skype Web Plugin (HKLM-x32\...\{AC7406B6-BB3B-4CD1-AEBA-0527B9CB16FE}) (Version: 7.27.0.105 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
SoulSeek 157 NS 13e (HKLM-x32\...\Soulseek2) (Version:  - )
Torchlight (x32 Version: 2.2.0.97 - WildTangent) Hidden
Tradewinds Legends (x32 Version: 2.2.0.95 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App (x32 Version: 4.0.10.17 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
WinFF 1.5.4 (Codename EMMA) (HKLM-x32\...\WinFF_is1) (Version:  - WinFF.org)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1637433389-394192189-160962988-1001_Classes\CLSID\{58743271-597A-401B-AF4A-1450179151C0}\InprocServer32 -> C:\Users\Frank\AppData\Local\SkypePlugin\7.27.0.105\GatewayActiveX-x64.dll (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-1637433389-394192189-160962988-1001_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\Frank\AppData\Local\SkypePlugin\7.27.0.105\EdgeCalling.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-1637433389-394192189-160962988-1001_Classes\CLSID\{D0FC4B60-C60D-4908-8365-0C64C03E0291}\localserver32 -> C:\Users\Frank\AppData\Local\SkypePlugin\7.27.0.105\GatewayVersion-x64.exe (Skype Technologies S.A.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1D74E9F7-841C-4A4A-A8B0-55698FA17D4D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)
Task: {2E5086CD-B74B-4CC7-9295-99E4171561A7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-26] (Adobe Systems Incorporated)
Task: {38BFBD9D-C485-4DED-B04A-95880C62125E} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-28] (Egis Technology Inc.)
Task: {476C0022-A114-4885-86F9-F927AFF8AB5C} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-28] (Egis Technology Inc.)
Task: {90C21936-A901-48C0-911C-ABC8D2DC8ED3} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1637433389-394192189-160962988-1001
Task: {B4CA2FED-6DE4-4290-ADAD-FB5220FC7409} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-02-12] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2009-01-21 15:45 - 2009-01-21 15:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-04-22 18:09 - 2010-04-30 12:56 - 00001798 ____N C:\Windows\system32\Drivers\etc\hosts

127.0.0.1                activate.adobe.com
127.0.0.1                practivate.adobe.com
127.0.0.1                ereg.adobe.com
127.0.0.1                activate.wip3.adobe.com
127.0.0.1                wip3.adobe.com
127.0.0.1                3dns-3.adobe.com
127.0.0.1                3dns-2.adobe.com
127.0.0.1                adobe-dns.adobe.com
127.0.0.1                adobe-dns-2.adobe.com
127.0.0.1                adobe-dns-3.adobe.com
127.0.0.1                ereg.wip3.adobe.com
127.0.0.1                activate-sea.adobe.com
127.0.0.1                wwis-dubc1-vip60.adobe.com
127.0.0.1                activate-sjc0.adobe.com
127.0.0.1                               adobe.activate.com
127.0.0.1                               adobeereg.com                        
127.0.0.1                               www.adobeereg.com                    
127.0.0.1                               wwis-dubc1-vip60.adobe.com           
127.0.0.1                               125.252.224.90                       
127.0.0.1                               125.252.224.91
127.0.0.1                               hl2rcv.adobe.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1637433389-394192189-160962988-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: ShellHWDetection => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk => C:\Windows\pss\Acer VCM.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk => C:\Windows\pss\Adobe Gamma Loader.lnk.CommonStartup
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: SuiteTray => "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{BDA55964-E36B-4D3E-A150-EB9447CB71E1}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{A0EB5225-ECA4-4E72-A807-B2A0D720DE0C}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{E4ABE5FA-29D3-48E4-A4ED-BB4088B229FD}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{9C54E2A1-EA53-4886-BBF9-C63846423A8E}] => (Allow) LPort=2869
FirewallRules: [{DED78336-AC18-4590-83FA-38F20C7C19DD}] => (Allow) LPort=1900
FirewallRules: [{7772C5B9-AA06-4179-9156-1E0F36114D51}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{7B30285B-703D-4FE5-B257-DCE8F373B87A}] => (Allow) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
FirewallRules: [{8A6734F7-220D-4C62-808B-5B97571689CC}] => (Allow) C:\Program Files (x86)\Acer\Acer VCM\VC.exe
FirewallRules: [{65F332E7-19CF-49AD-A1BC-B340C4705750}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{8271084C-49D9-48B4-92A5-29C40FE71E92}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{FBA78FB6-4BAC-4700-B31C-A703A2AF69DA}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
FirewallRules: [{784F5ED0-626F-4E1F-9322-4F452BDD90D0}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
FirewallRules: [{2B85A8E9-66F6-437D-92ED-16698A2D718B}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe
FirewallRules: [{36FED8C1-52BB-4162-9843-30F6A09A1BC3}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe
FirewallRules: [{8D9FEF95-0366-47C9-AA3D-6F602BD3DC81}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
FirewallRules: [{E059D5C1-BD45-4A82-A23E-9EC946B8F491}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
FirewallRules: [{B3106EBD-C4DE-4138-9D02-DDAD6F69D8AB}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
FirewallRules: [{701A12C6-0FD9-443D-8DE1-73E20439A60C}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
FirewallRules: [{8CD1A2D5-D95F-45A7-AD7F-65B4D6317CA7}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe
FirewallRules: [{13EF2A1F-55FF-4355-B2B6-2B1B5CC6D315}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe
FirewallRules: [{2C3998B0-D631-4852-845D-F42E53070AE2}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
FirewallRules: [{70F6EC53-DF44-4ECD-85EF-3A04666C7403}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
FirewallRules: [{058094AB-630F-443D-8F95-7563D2DF814D}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{52A8ADCC-6ECB-40D6-80DD-D7BBBE59798A}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{8721ECB9-2094-48C8-A852-28D3DEC92A4D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BD2365CA-46B9-442A-BC71-9690325888D2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{4CBBAD33-484B-4837-91BB-DE0ED907EDBF}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [UDP Query User{204B451D-32C5-4030-9B37-59BD3EF28D67}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [TCP Query User{544841E3-3FD6-4319-8BFA-6FD9D41A837E}C:\program files (x86)\soulseekns\slsk.exe] => (Allow) C:\program files (x86)\soulseekns\slsk.exe
FirewallRules: [UDP Query User{C07F1F58-99F8-44E9-9C92-8E1A5D460622}C:\program files (x86)\soulseekns\slsk.exe] => (Allow) C:\program files (x86)\soulseekns\slsk.exe
FirewallRules: [{35C76EAC-118C-433F-AD13-C4814FFA6EA5}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{B0D63B15-AD81-496D-B4E5-FDEC29447D8B}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [TCP Query User{E96126CA-E8B8-4957-95E8-EFC679EF7CF6}C:\users\frank\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\frank\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [UDP Query User{1857ADAF-889A-4AAD-A70D-DAA2678ACAAD}C:\users\frank\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\frank\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [{9C695AE1-F7CD-4F5C-B79E-209DC02B67EC}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

==================== Restore Points =========================

06-10-2016 04:10:43 Removed VirtualDJ 8
27-10-2016 12:52:37 Installed Adobe Premiere Pro
04-11-2016 22:10:07 JRT Pre-Junkware Removal
05-11-2016 10:05:30 Removed AVG
05-11-2016 10:12:13 Removed AVG 2016
05-11-2016 12:01:45 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/06/2016 10:43:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/06/2016 06:56:04 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (11/06/2016 06:56:04 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (11/05/2016 10:20:18 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (11/05/2016 10:20:18 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (11/05/2016 10:14:19 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies .  The error returned was Error: The specified assembly is not installed.
.

Error: (11/05/2016 10:10:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/05/2016 09:14:12 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile WsatConfig, Version=3.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil because of the following error: The process cannot access the file because it is being used by another process. (Exception from HRESULT: 0x80070020).

Error: (11/05/2016 09:14:12 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile WindowsFormsIntegration, Version=3.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil because of the following error: The process cannot access the file because it is being used by another process. (Exception from HRESULT: 0x80070020).

Error: (11/05/2016 09:14:11 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile WindowsBase, Version=3.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil because of the following error: The process cannot access the file because it is being used by another process. (Exception from HRESULT: 0x80070020).


System errors:
=============
Error: (11/06/2016 10:44:27 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Client Virtualization Handler service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (11/06/2016 10:44:27 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Client Virtualization Handler service to connect.

Error: (11/06/2016 10:43:05 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (11/06/2016 10:40:27 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.

Error: (11/05/2016 10:10:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (11/05/2016 10:10:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (11/05/2016 10:10:23 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (11/05/2016 09:16:47 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Modules Installer service did not shut down properly after receiving a preshutdown control.

Error: (11/05/2016 09:04:44 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.

Error: (11/05/2016 11:18:06 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


==================== Memory info ===========================

Processor: AMD C-60 APU with Radeon™ HD Graphics
Percentage of memory in use: 59%
Total physical RAM: 1770.9 MB
Available physical RAM: 717.58 MB
Total Virtual: 3541.8 MB
Available Virtual: 1777.08 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:283.99 GB) (Free:105.66 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 86DE2CAA)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=284 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,602 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:55 AM

Posted 10 November 2016 - 08:03 PM

Greetings pacha34 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me just a bit of time to review what you have posted. While I am doing that please run this.

===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • System Summary report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,602 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:55 AM

Posted 10 November 2016 - 08:17 PM

Greetings,

Unfortunately there is evidence of illegal software on your computer. I am going to request you completely uninstall Adobe Photoshop 7.0 and Adobe Premiere Pro and any other products for which you do not have a valid Product Key, including all "cracked" software. If you are willing to do that please rerun a FRST scan and copy/paste both reports in your reply. If you prefer to leave the program(s) on your computer let me know that and I will be closing the Topic.

If you decide to remove the program(s) please run this after removal.

===================================================

CKScanner

--------------------
  • Download CKScanner and save it to your Desktop
  • Double click CKScanner
  • Select Search For Files
  • Once completed select Save List to File
  • A ckfiles.txt document will be placed on your Desktop
  • Copy and paste the results of that report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • CKScanner report
  • FRST report
  • Addition report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,602 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:55 AM

Posted 13 November 2016 - 10:16 PM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,602 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:55 AM

Posted 15 November 2016 - 10:18 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users