Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suddenly Getting Permissions Errors


  • This topic is locked This topic is locked
3 replies to this topic

#1 nchorseman

nchorseman

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:55 PM

Posted 18 July 2017 - 09:58 AM

For about 2 weeks, I have been receiving messages like this:

 

"Windows cannot access the specified device, path, or file.  You may not have the appropriate permissions to access the item."

I am receiving these errors for several Lenovo System Update executables.

 

Also, receiving a great deal of these concerning Adobe Reader.  I uninstalled Reader and all things Adobe, cleaned up everything Adobe on system and registry and now am unable to reinstall it.  I am told there is an install already in progress. 

 

I have known that a drive is having problems but have not been able to address it.  With these current issues, I need to know if my issue is the hard drive or if something else is going on.  I have always taken a great deal of care and as a result, have never been infected (before). 

 

I am using Vipre Internet Security 2016 software version 9.3.4.3, definitions version 59624.

 

Any assistance is appreciated.

 

Here is the FRST.txt.

--------------------------------------------------------------------------------------------------------------------------------------------------------

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-07-2017
Ran by atbs (administrator) on ATBST450 (18-07-2017 10:13:06)
Running from C:\Users\atbs\Documents\My Software\Malware Cleaner
Loaded Profiles: atbs (Available Profiles: atbs & Randolph & Administrator & Classic .NET AppPool & .NET v4.5 & DefaultAppPool & .NET v2.0 & .NET v4.5 Classic & .NET v2.0 Classic)
Platform: Windows 10 Pro Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Lenovo.) C:\Windows\System32\LPlatSvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Connect2\Connect2.Service.exe
(Condusiv Technologies) C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(International Business Machines) C:\Program Files (x86)\IBM\HTTPServer\bin\httpd.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
(ThreatTrack Security Inc.) C:\Program Files (x86)\VIPRE\SBPIMSvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(International Business Machines) C:\Program Files (x86)\IBM\HTTPServer\bin\httpd.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe
(ThreatTrack Security Inc.) C:\Program Files (x86)\VIPRE\SBAMSvc.exe
(ThreatTrack Security Inc.) C:\Program Files (x86)\VIPRE\VipreEdgeProtection.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo.) C:\Windows\System32\LPlatSvc.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tposd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 6830\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 6830\Bin\HPNetworkCommunicatorCom.exe
(ThreatTrack Security Inc.) C:\Program Files (x86)\VIPRE\SBAMTray.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files (x86)\Lenovo\System Update\tvsu.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Lenovo) C:\Users\atbs\AppData\Local\Apps\2.0\ZD83EEJT.BRQ\0VY9CEB3.1D8\lsb...tion_2d7b41b05b24775e_0001.0006_3b0a905c8de4f74a\LSB.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\WinStore.App.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1706.1602.0_x64__8wekyb3d8bbwe\Calculator.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeHost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [295664 2014-12-08] (Lenovo Group Limited)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [423424 2016-12-27] (LogMeIn, Inc.)
HKLM-x32\...\Run: [SBAMTray] => C:\Program Files (x86)\VIPRE\SBAMTray.exe [3015696 2016-02-29] (ThreatTrack Security Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [766464 2016-02-29] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [Client Access Service] => C:\Program Files (x86)\IBM\Client Access\cwbsvstr.exe [15872 2013-11-09] (IBM Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe [1178912 2016-05-25] (Intel Corporation)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [305088 2011-04-25] (Citrix Systems, Inc.)
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <==== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <==== ATTENTION
HKU\S-1-5-21-726195798-3845404459-4074307453-1001\...\Run: [HP Officejet Pro 6830 (NET)] => C:\Program Files\HP\HP Officejet Pro 6830\Bin\ScanToPCActivationApp.exe [3493952 2014-07-18] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-726195798-3845404459-4074307453-1001\...\Run: [QuickenScheduledUpdates] => C:\Program Files (x86)\Quicken\bagent.exe [77256 2016-10-05] (Quicken Inc.)
Startup: C:\Users\atbs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-07-04]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Restriction <==== ATTENTION
GroupPolicyScripts: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.100.100
Tcpip\..\Interfaces\{104dff14-5349-4aca-8f8b-597d9e91acb0}: [DhcpNameServer] 192.168.100.100
Tcpip\..\Interfaces\{527c52ff-f491-4747-9b92-dbc9f1e770c4}: [DhcpNameServer] 192.168.100.100
Tcpip\..\Interfaces\{a3b2af97-7408-4b96-b6bc-9ab24b6da1ed}: [NameServer] 192.168.0.140,216.237.221.42

Internet Explorer:
==================
HKU\S-1-5-21-726195798-3845404459-4074307453-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/advanced_search?hl=en
HKU\S-1-5-21-726195798-3845404459-4074307453-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCTE
SearchScopes: HKU\S-1-5-21-726195798-3845404459-4074307453-1001 -> DefaultScope {A290A5EA-1589-47BC-B63B-32471B3E4BD1} URL =
SearchScopes: HKU\S-1-5-21-726195798-3845404459-4074307453-1001 -> {A290A5EA-1589-47BC-B63B-32471B3E4BD1} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-07-07] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-04-23] (Oracle Corporation)
BHO: VIPRE Search Guard Helper -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> C:\Program Files (x86)\VIPRE\x64\VSGNx64.dll [2016-02-29] ()
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-07] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-23] (Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2016-07-30] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-04-23] (Oracle Corporation)
BHO-x32: VIPRE Search Guard Helper -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> C:\Program Files (x86)\VIPRE\VSGN.dll [2016-02-29] ()
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-23] (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files (x86)\VIPRE\x64\VSGNx64.dll [2016-02-29] ()
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM-x32 - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files (x86)\VIPRE\VSGN.dll [2016-02-29] ()
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
Toolbar: HKU\S-1-5-21-726195798-3845404459-4074307453-1001 -> VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files (x86)\VIPRE\x64\VSGNx64.dll [2016-02-29] ()
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://akamaicdn.webex.com/client/WBXclient-31.4.0-44/webex/ieatgpc1.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-07] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-07] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-07] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-07] (Microsoft Corporation)
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\x64\VSGNx64.dll [2016-02-29] ()
Handler-x32: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\VSGN.dll [2016-02-29] ()
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)

FireFox:
========
FF DefaultProfile: 4w652u1t.default
FF ProfilePath: C:\Users\atbs\AppData\Roaming\Mozilla\Firefox\Profiles\4w652u1t.default [2017-07-18]
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\4w652u1t.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\4w652u1t.default -> hxxps://www.google.com/advanced_search
FF Extension: (Weather) - C:\Users\atbs\AppData\Roaming\Mozilla\Firefox\Profiles\4w652u1t.default\Extensions\@Weather.xpi [2017-06-06]
FF Extension: (Cisco WebEx Extension) - C:\Users\atbs\AppData\Roaming\Mozilla\Firefox\Profiles\4w652u1t.default\Extensions\ciscowebexstart1@cisco.com.xpi [2017-07-14]
FF Extension: (New Tab Homepage) - C:\Users\atbs\AppData\Roaming\Mozilla\Firefox\Profiles\4w652u1t.default\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2017-03-15]
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-23] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-23] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-28] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll [2011-04-25] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll [2011-04-25] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll [2011-04-25] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll [2011-04-25] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll [2011-04-25] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll [2011-04-25] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll [2011-04-25] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll [2011-04-25] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll [2011-04-25] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll [2011-04-25] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll [2011-04-25] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npatgpc.dll [2016-06-09] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\atbs\AppData\Roaming\mozilla\plugins\npatgpc.dll [2017-04-06] (Cisco WebEx LLC)

Chrome:
=======
CHR crx: C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\default_apps\search.crx [2016-02-08]
CHR crx: C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\48.0.2564.109\default_apps\search.crx [2016-02-08]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4411592 2017-06-23] (Microsoft Corporation)
R2 connect2hotspot; C:\Program Files (x86)\Lenovo\Connect2\Connect2.Service.exe [100680 2016-12-23] (Lenovo)
S3 Cwbrxd; C:\WINDOWS\cwbrxd.exe [106496 2013-11-09] (IBM Corporation) [File not signed]
S3 dtpd; C:\Program Files\ShrewSoft\VPN Client\dtpd.exe [56592 2010-10-08] ()
R2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [828656 2013-11-18] (Condusiv Technologies)
R2 ftpsvc; C:\WINDOWS\system32\inetsrv\ftpsvc.dll [379392 2017-06-08] (Microsoft Corporation)
R2 IBMHTTPServerV8.5; C:\Program Files (x86)\IBM\HTTPServer\bin\httpd.exe [28729 2013-02-20] (International Business Machines) [File not signed]
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [382432 2017-01-11] (Intel Corporation)
R2 IISADMIN; C:\WINDOWS\system32\inetsrv\inetinfo.exe [17408 2017-06-08] (Microsoft Corporation)
S3 iked; C:\Program Files\ShrewSoft\VPN Client\iked.exe [957712 2010-10-08] ()
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [57160 2017-06-05] (Lenovo Group Limited)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [974632 2016-02-19] (Intel® Corporation)
R3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335360 2016-03-18] (Intel Corporation) [File not signed]
S3 ipsecd; C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe [697616 2010-10-08] ()
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [8704 2016-03-18] (Intel Corporation) [File not signed]
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [209184 2016-05-25] (Intel Corporation)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [115184 2014-07-08] (Lenovo Group Limited)
S3 LenovoProdRegManager; C:\Program Files (x86)\Lenovo Registration\EngageService.exe [293416 2015-01-09] (Aviata, Inc.)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [419304 2017-06-14] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [524776 2017-06-14] (LogMeIn, Inc.)
R2 lnvDiscoveryWinSvc; C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe [21552 2014-02-21] (Lenovo)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2015-06-15] (LogMeIn, Inc.)
R2 LPlatSvc; C:\WINDOWS\system32\LPlatSvc.exe [711248 2017-04-01] (Lenovo.)
S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273544 2016-12-07] (Lenovo)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe [335872 2006-07-12] (Microsoft Corporation) [File not signed]
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2017-02-13] ()
S2 QuickControlMasterSvc; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe [61232 2014-12-05] (Lenovo Group Limited)
R3 QuickControlService; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe [317224 2014-12-05] (Lenovo Group Limited)
R2 SBAMSvc; C:\Program Files (x86)\VIPRE\SBAMSvc.exe [6602192 2016-02-29] (ThreatTrack Security Inc.)
R2 SBPIMSvc; C:\Program Files (x86)\VIPRE\SBPIMSvc.exe [373264 2016-02-29] (ThreatTrack Security Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-18] (Microsoft Corporation)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [23416 2017-05-09] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [263288 2016-07-25] (Synaptics Incorporated)
R3 VipreEdgeProtection; C:\Program Files (x86)\VIPRE\VipreEdgeProtection.exe [6816744 2015-10-16] (ThreatTrack Security Inc.)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-09-06] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
S3 WMSVC; C:\WINDOWS\system32\inetsrv\wmsvc.exe [12288 2017-06-08] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3743648 2017-02-13] (Intel® Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 e1dexpress; C:\WINDOWS\system32\DRIVERS\e1d62x64.sys [519680 2015-12-08] (Intel Corporation)
R1 excfs; C:\WINDOWS\System32\DRIVERS\excfs.sys [25840 2013-11-18] (Condusiv Technologies)
R0 excsd; C:\WINDOWS\System32\DRIVERS\excsd.sys [117488 2013-11-18] (Condusiv Technologies)
R3 gfiark; C:\WINDOWS\System32\drivers\gfiark.sys [40584 2015-08-27] (ThreatTrack Security)
S3 gfiutil; C:\WINDOWS\System32\drivers\gfiutil.sys [32400 2016-03-04] (ThreatTrack Security)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [250624 2016-10-15] (Intel Corporation)
R0 IntelHSWPcc; C:\WINDOWS\System32\drivers\IntelPcc.sys [88256 2015-06-09] (Intel Corporation)
R2 LMIInfo; C:\WINDOWS\system32\drivers\LMIInfo.sys [30432 2017-01-11] (LogMeIn, Inc.)
S4 LMIRfsClientNP; no ImagePath
U5 LVRS64; C:\Windows\System32\Drivers\LVRS64.sys [351520 2012-10-26] (Logitech Inc.)
S1 ndisrd; C:\WINDOWS\system32\DRIVERS\ndisrfl.sys [41176 2014-10-31] (Intel Corporation)
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7621376 2017-03-18] (Intel Corporation)
S3 pelmouse; C:\WINDOWS\system32\DRIVERS\pelmouse.sys [26880 2016-07-11] (TPMX Electronics Ltd.)
S3 pelusblf; C:\WINDOWS\system32\DRIVERS\pelusblf.sys [33048 2016-07-11] ()
S3 RimUsb; C:\WINDOWS\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [777944 2016-04-07] (Realsil Semiconductor Corporation)
R2 sbapifs; C:\WINDOWS\System32\DRIVERS\sbapifs.sys [89000 2016-02-29] (ThreatTrack Security Inc.)
R3 sbhips; C:\WINDOWS\System32\drivers\sbhips.sys [63696 2015-09-29] (ThreatTrack Security)
R1 sbwfw; C:\WINDOWS\system32\DRIVERS\sbwfw.sys [345520 2016-02-29] (ThreatTrack Security)
R3 sbwtis; C:\WINDOWS\System32\DRIVERS\sbwtis.sys [95608 2015-09-29] (ThreatTrack Security)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [220672 2017-03-18] (Microsoft Corporation)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [72312 2016-07-25] (Synaptics Incorporated)
S3 vl810filter; C:\WINDOWS\system32\DRIVERS\vl810filter.sys [17008 2011-11-17] (VIA Labs, Inc.)
S3 vpnva; C:\WINDOWS\System32\drivers\vpnva64-6.sys [52592 2016-02-29] (Cisco Systems, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R2 WebExaminer; C:\WINDOWS\system32\Drivers\WebExaminer64.sys [44696 2015-10-16] (ThreatTrack Security Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-18 10:12 - 2017-07-18 10:13 - 00000000 ____D C:\FRST
2017-07-18 06:08 - 2017-07-18 06:08 - 00000000 ___SH C:\DkHyperbootSync
2017-07-17 21:52 - 2017-07-17 21:52 - 00002422 _____ C:\Users\Randolph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-07-17 21:52 - 2017-07-17 21:52 - 00001124 _____ C:\Users\Randolph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2017-07-17 21:52 - 2017-07-17 21:52 - 00000000 ___RD C:\Users\Randolph\OneDrive
2017-07-17 21:29 - 2017-07-17 21:29 - 00000000 ____D C:\Users\Randolph\AppData\Local\Aviata
2017-07-17 21:28 - 2017-07-17 21:28 - 00000000 ____D C:\Users\Randolph\AppData\Local\Comms
2017-07-17 21:27 - 2017-07-17 21:52 - 00000000 ____D C:\Users\Randolph\AppData\Local\ClassicShell
2017-07-17 21:27 - 2017-07-17 21:27 - 00000000 ____D C:\Users\Randolph\AppData\Roaming\ClassicShell
2017-07-17 21:26 - 2017-07-17 21:26 - 00000000 ____D C:\Users\Randolph\AppData\Roaming\VIPRE
2017-07-17 21:26 - 2017-07-17 21:26 - 00000000 ____D C:\Users\Randolph\AppData\Roaming\ICAClient
2017-07-17 21:26 - 2017-07-17 21:26 - 00000000 ____D C:\Users\Randolph\AppData\Local\LogMeIn
2017-07-17 21:26 - 2017-07-17 21:26 - 00000000 ____D C:\Users\Randolph\AppData\Local\Citrix
2017-07-17 21:25 - 2017-07-17 21:25 - 00000000 ____D C:\Users\Randolph\AppData\Roaming\ISIS Drivers
2017-07-17 21:25 - 2017-07-17 21:25 - 00000000 ____D C:\Users\Randolph\AppData\Local\Publishers
2017-07-17 21:24 - 2017-07-17 21:53 - 00000000 ____D C:\Users\Randolph\AppData\Local\Packages
2017-07-17 21:24 - 2017-07-17 21:24 - 00000000 __SHD C:\Users\Randolph\IntelGraphicsProfiles
2017-07-17 21:24 - 2017-07-17 21:24 - 00000000 ____D C:\Users\Randolph\AppData\Roaming\Intel
2017-07-17 21:24 - 2017-07-17 21:24 - 00000000 ____D C:\Users\Randolph\AppData\Roaming\Adobe
2017-07-17 21:24 - 2017-07-17 21:24 - 00000000 ____D C:\Users\Randolph\AppData\Local\VirtualStore
2017-07-17 21:24 - 2017-07-17 21:24 - 00000000 ____D C:\Users\Randolph\AppData\Local\ConnectedDevicesPlatform
2017-07-17 21:23 - 2017-07-17 21:54 - 00000000 ____D C:\Users\Randolph
2017-07-17 21:23 - 2017-07-17 21:23 - 00000020 ___SH C:\Users\Randolph\ntuser.ini
2017-07-17 21:23 - 2017-07-17 21:23 - 00000000 ____D C:\Users\Randolph\AppData\Local\TileDataLayer
2017-07-17 21:23 - 2017-06-20 19:09 - 00000000 ____D C:\Users\Randolph\Documents\Visual Studio 2008
2017-07-17 21:23 - 2017-06-20 19:09 - 00000000 ____D C:\Users\Randolph\AppData\Local\Microsoft Help
2017-07-17 21:23 - 2017-05-30 13:51 - 00000000 ____D C:\Users\Randolph\AppData\Local\Lenovo
2017-07-17 21:23 - 2016-09-29 04:37 - 00000000 ____D C:\Users\Randolph\AppData\Roaming\Sun
2017-07-17 21:23 - 2016-09-29 04:37 - 00000000 ____D C:\Users\Randolph\AppData\Roaming\Media Center Programs
2017-07-17 21:23 - 2016-01-12 17:56 - 00002111 _____ C:\Users\Randolph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2017-07-17 15:15 - 2017-07-18 09:27 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-07-17 15:15 - 2017-07-17 15:15 - 00000000 ____D C:\Users\Administrator\AppData\Local\LogMeIn
2017-07-17 14:55 - 2017-07-17 14:55 - 00000000 ____D C:\Users\Administrator\AppData\Local\Comms
2017-07-17 14:46 - 2017-07-17 14:46 - 00000000 ____D C:\Users\Administrator\AppData\Local\Adobe
2017-07-17 14:44 - 2017-07-17 15:15 - 00000000 ____D C:\Users\Administrator\AppData\Local\ClassicShell
2017-07-17 14:44 - 2017-07-17 14:44 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\ClassicShell
2017-07-17 14:40 - 2017-07-17 14:40 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\ICAClient
2017-07-17 14:40 - 2017-07-17 14:40 - 00000000 ____D C:\Users\Administrator\AppData\Local\Citrix
2017-07-17 14:39 - 2017-07-17 14:39 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2017-07-17 14:39 - 2017-07-17 14:39 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\ISIS Drivers
2017-07-17 14:39 - 2017-07-17 14:39 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Intel
2017-07-17 14:39 - 2017-07-17 14:39 - 00000000 ____D C:\Users\Administrator\AppData\Local\ConnectedDevicesPlatform
2017-07-12 11:44 - 2017-07-07 03:24 - 00117664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2017-07-12 11:44 - 2017-07-07 03:20 - 02021680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2017-07-12 11:44 - 2017-07-07 03:13 - 00554392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-07-12 11:44 - 2017-07-07 03:13 - 00336320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-07-12 11:44 - 2017-07-07 03:11 - 00094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-07-12 11:44 - 2017-07-07 03:10 - 01670496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-07-12 11:44 - 2017-07-07 03:10 - 00254168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-07-12 11:44 - 2017-07-07 02:57 - 00626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-07-12 11:44 - 2017-07-07 02:57 - 00125344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2017-07-12 11:44 - 2017-07-07 02:39 - 01839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-07-12 11:44 - 2017-07-07 02:39 - 00096128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2017-07-12 11:44 - 2017-07-07 02:37 - 02259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-07-12 11:44 - 2017-07-07 02:37 - 01339352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpmde.dll
2017-07-12 11:44 - 2017-07-07 02:31 - 05820984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-07-12 11:44 - 2017-07-07 02:31 - 01518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-07-12 11:44 - 2017-07-07 02:31 - 00129184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-07-12 11:44 - 2017-07-07 02:30 - 02165752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-07-12 11:44 - 2017-07-07 02:30 - 00949920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2017-07-12 11:44 - 2017-07-07 02:30 - 00750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-07-12 11:44 - 2017-07-07 02:29 - 00349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-07-12 11:44 - 2017-07-07 02:29 - 00123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Clipc.dll
2017-07-12 11:44 - 2017-07-07 02:27 - 06759512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-07-12 11:44 - 2017-07-07 02:26 - 20373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-07-12 11:44 - 2017-07-07 02:26 - 01529384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-07-12 11:44 - 2017-07-07 02:26 - 01195240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-07-12 11:44 - 2017-07-07 02:26 - 00988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-07-12 11:44 - 2017-07-07 02:25 - 00035232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininitext.dll
2017-07-12 11:44 - 2017-07-07 02:24 - 01517472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-07-12 11:44 - 2017-07-07 02:23 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-07-12 11:44 - 2017-07-07 02:19 - 00165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-07-12 11:44 - 2017-07-07 02:18 - 00548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2017-07-12 11:44 - 2017-07-07 02:14 - 08211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-07-12 11:44 - 2017-07-07 02:14 - 02956800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-07-12 11:44 - 2017-07-07 02:14 - 01448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-07-12 11:44 - 2017-07-07 02:14 - 00790016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-07-12 11:44 - 2017-07-07 02:13 - 13839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-07-12 11:44 - 2017-07-07 02:12 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-07-12 11:44 - 2017-07-07 02:10 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-07-12 11:44 - 2017-07-07 02:10 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapprovp.dll
2017-07-12 11:44 - 2017-07-07 02:09 - 20504576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-07-12 11:44 - 2017-07-07 02:09 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-07-12 11:44 - 2017-07-07 02:08 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-07-12 11:44 - 2017-07-07 02:07 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll
2017-07-12 11:44 - 2017-07-07 02:07 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\raschap.dll
2017-07-12 11:44 - 2017-07-07 02:06 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsExt.dll
2017-07-12 11:44 - 2017-07-07 02:05 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-07-12 11:44 - 2017-07-07 02:05 - 05719040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-07-12 11:44 - 2017-07-07 02:05 - 00502784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2017-07-12 11:44 - 2017-07-07 02:05 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2017-07-12 11:44 - 2017-07-07 02:04 - 05961216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-07-12 11:44 - 2017-07-07 02:04 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-07-12 11:44 - 2017-07-07 02:04 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-07-12 11:44 - 2017-07-07 02:04 - 00506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-07-12 11:44 - 2017-07-07 02:04 - 00394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-07-12 11:44 - 2017-07-07 02:03 - 06123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-07-12 11:44 - 2017-07-07 02:03 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-07-12 11:44 - 2017-07-07 02:03 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2017-07-12 11:44 - 2017-07-07 02:03 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1debug3.dll
2017-07-12 11:44 - 2017-07-07 02:02 - 00952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-07-12 11:44 - 2017-07-07 02:01 - 02859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-07-12 11:44 - 2017-07-07 02:00 - 07596544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-07-12 11:44 - 2017-07-07 02:00 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-07-12 11:44 - 2017-07-07 02:00 - 02588160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2017-07-12 11:44 - 2017-07-07 02:00 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-07-12 11:44 - 2017-07-07 02:00 - 01565184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2017-07-12 11:44 - 2017-07-07 02:00 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-07-12 11:44 - 2017-07-07 01:59 - 04417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-07-12 11:44 - 2017-07-07 01:59 - 03656704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-07-12 11:44 - 2017-07-07 01:59 - 01494016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2017-07-12 11:44 - 2017-07-07 01:59 - 01355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-07-12 11:44 - 2017-07-07 01:59 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-07-12 11:44 - 2017-07-07 01:58 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-07-12 11:44 - 2017-07-07 01:58 - 02782720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-07-12 11:44 - 2017-07-07 01:58 - 02298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-07-12 11:44 - 2017-07-07 01:58 - 01237504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll
2017-07-12 11:44 - 2017-07-07 01:55 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2017-07-12 11:44 - 2017-07-07 01:55 - 00329216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2017-07-12 11:44 - 2017-07-07 01:53 - 01301504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdc.dll
2017-07-12 11:44 - 2017-07-07 01:53 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2017-07-12 11:44 - 2017-06-20 02:06 - 00279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-07-12 11:44 - 2017-06-20 02:03 - 00820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-07-12 11:44 - 2017-06-20 02:02 - 01055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-07-12 11:44 - 2017-06-20 01:59 - 01220072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-07-12 11:44 - 2017-06-20 01:57 - 02681760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-07-12 11:44 - 2017-06-20 01:34 - 00192416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-07-12 11:44 - 2017-06-20 01:15 - 00455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2017-07-12 11:44 - 2017-06-20 01:13 - 00787712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2017-07-12 11:44 - 2017-06-20 01:13 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModelOOBE.exe
2017-07-12 11:44 - 2017-06-20 01:12 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-07-12 11:44 - 2017-06-20 01:12 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2017-07-12 11:44 - 2017-06-20 01:10 - 00722432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-07-12 11:44 - 2017-06-20 01:09 - 00551424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2017-07-12 11:44 - 2017-06-20 01:09 - 00406032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-07-12 11:44 - 2017-06-20 01:08 - 04469840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-07-12 11:44 - 2017-06-20 01:08 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2017-07-12 11:44 - 2017-06-20 01:08 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-07-12 11:44 - 2017-06-20 01:07 - 02475136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-07-12 11:44 - 2017-06-20 01:07 - 00632832 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2017-07-12 11:44 - 2017-06-20 01:07 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-07-12 11:44 - 2017-06-20 01:07 - 00346016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-07-12 11:44 - 2017-06-20 01:07 - 00138656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll
2017-07-12 11:44 - 2017-06-20 01:06 - 00942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-07-12 11:44 - 2017-06-20 01:06 - 00754592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-07-12 11:44 - 2017-06-20 01:06 - 00278944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2017-07-12 11:44 - 2017-06-20 01:05 - 00438096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-07-12 11:44 - 2017-06-20 01:05 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-07-12 11:44 - 2017-06-20 01:05 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-07-12 11:44 - 2017-06-20 01:05 - 00364032 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2017-07-12 11:44 - 2017-06-20 01:04 - 02330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-07-12 11:44 - 2017-06-20 01:04 - 01178528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2017-07-12 11:44 - 2017-06-20 01:04 - 01177600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2017-07-12 11:44 - 2017-06-20 01:04 - 01077496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2017-07-12 11:44 - 2017-06-20 01:04 - 00181656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-07-12 11:44 - 2017-06-20 01:04 - 00049656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msasn1.dll
2017-07-12 11:44 - 2017-06-20 01:03 - 05806048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-07-12 11:44 - 2017-06-20 01:03 - 00864240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-07-12 11:44 - 2017-06-20 01:03 - 00443728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2017-07-12 11:44 - 2017-06-20 01:02 - 03377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-07-12 11:44 - 2017-06-20 01:02 - 01121928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-07-12 11:44 - 2017-06-20 01:02 - 00354400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
2017-07-12 11:44 - 2017-06-20 01:01 - 00176032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-07-12 11:44 - 2017-06-20 01:00 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-07-12 11:44 - 2017-06-20 00:56 - 00985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-07-12 11:44 - 2017-06-20 00:49 - 00899072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfuimanager.dll
2017-07-12 11:44 - 2017-06-20 00:49 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2017-07-12 11:44 - 2017-06-20 00:46 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
2017-07-12 11:44 - 2017-06-20 00:45 - 00111104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Profile.RetailInfo.dll
2017-07-12 11:44 - 2017-06-20 00:43 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-07-12 11:44 - 2017-06-20 00:43 - 00173568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ClipboardServer.dll
2017-07-12 11:44 - 2017-06-20 00:43 - 00151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincredui.dll
2017-07-12 11:44 - 2017-06-20 00:43 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2017-07-12 11:44 - 2017-06-20 00:43 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-07-12 11:44 - 2017-06-20 00:43 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-07-12 11:44 - 2017-06-20 00:43 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dataclen.dll
2017-07-12 11:44 - 2017-06-20 00:42 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certca.dll
2017-07-12 11:44 - 2017-06-20 00:42 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2017-07-12 11:44 - 2017-06-20 00:42 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-07-12 11:44 - 2017-06-20 00:42 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-07-12 11:44 - 2017-06-20 00:42 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2017-07-12 11:44 - 2017-06-20 00:41 - 00734208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-07-12 11:44 - 2017-06-20 00:41 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2017-07-12 11:44 - 2017-06-20 00:41 - 00601088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2017-07-12 11:44 - 2017-06-20 00:41 - 00433152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2017-07-12 11:44 - 2017-06-20 00:41 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2017-07-12 11:44 - 2017-06-20 00:40 - 04544000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsDesktopEngine.exe
2017-07-12 11:44 - 2017-06-20 00:40 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-07-12 11:44 - 2017-06-20 00:40 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-07-12 11:44 - 2017-06-20 00:40 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-07-12 11:44 - 2017-06-20 00:40 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2017-07-12 11:44 - 2017-06-20 00:40 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edputil.dll
2017-07-12 11:44 - 2017-06-20 00:40 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-07-12 11:44 - 2017-06-20 00:39 - 02814464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll
2017-07-12 11:44 - 2017-06-20 00:39 - 02671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-07-12 11:44 - 2017-06-20 00:39 - 00969728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2017-07-12 11:44 - 2017-06-20 00:39 - 00646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2017-07-12 11:44 - 2017-06-20 00:39 - 00471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll
2017-07-12 11:44 - 2017-06-20 00:39 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-07-12 11:44 - 2017-06-20 00:38 - 01451008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2017-07-12 11:44 - 2017-06-20 00:38 - 01285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-07-12 11:44 - 2017-06-20 00:38 - 01171968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-07-12 11:44 - 2017-06-20 00:38 - 00663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-07-12 11:44 - 2017-06-20 00:38 - 00648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2017-07-12 11:44 - 2017-06-20 00:38 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-07-12 11:44 - 2017-06-20 00:36 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-07-12 11:44 - 2017-06-20 00:35 - 05141504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d12warp.dll
2017-07-12 11:44 - 2017-06-20 00:35 - 02679296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2017-07-12 11:44 - 2017-06-20 00:35 - 02132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-07-12 11:44 - 2017-06-20 00:35 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-07-12 11:44 - 2017-06-20 00:34 - 04056576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-07-12 11:44 - 2017-06-20 00:34 - 02750464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-07-12 11:44 - 2017-06-20 00:34 - 02211328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-07-12 11:44 - 2017-06-20 00:34 - 01492480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2017-07-12 11:44 - 2017-06-20 00:34 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-07-12 11:44 - 2017-06-20 00:31 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2017-07-12 11:44 - 2017-06-20 00:30 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdmaud.drv
2017-07-12 11:44 - 2017-06-20 00:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2017-07-12 11:44 - 2017-06-20 00:30 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-07-12 11:44 - 2017-06-20 00:28 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2017-07-12 11:43 - 2017-07-07 10:00 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
2017-07-12 11:43 - 2017-07-07 03:27 - 01147288 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-07-12 11:43 - 2017-07-07 03:27 - 01024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-07-12 11:43 - 2017-07-07 03:27 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-07-12 11:43 - 2017-07-07 03:26 - 01065104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-07-12 11:43 - 2017-07-07 03:25 - 00899824 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-07-12 11:43 - 2017-07-07 03:23 - 02399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-07-12 11:43 - 2017-07-07 03:22 - 08318880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-07-12 11:43 - 2017-07-07 03:22 - 01186464 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-07-12 11:43 - 2017-07-07 03:22 - 00119384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2017-07-12 11:43 - 2017-07-07 03:21 - 32688336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsRaw.dll
2017-07-12 11:43 - 2017-07-07 03:21 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-07-12 11:43 - 2017-07-07 03:20 - 00923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-07-12 11:43 - 2017-07-07 03:20 - 00519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-07-12 11:43 - 2017-07-07 03:20 - 00382368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-07-12 11:43 - 2017-07-07 03:15 - 02444696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-07-12 11:43 - 2017-07-07 03:14 - 07325584 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-07-12 11:43 - 2017-07-07 03:14 - 05477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-07-12 11:43 - 2017-07-07 03:14 - 01760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-07-12 11:43 - 2017-07-07 03:14 - 01171032 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2017-07-12 11:43 - 2017-07-07 03:13 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-07-12 11:43 - 2017-07-07 03:13 - 00147800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Clipc.dll
2017-07-12 11:43 - 2017-07-07 03:12 - 00411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-07-12 11:43 - 2017-07-07 03:12 - 00318232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2017-07-12 11:43 - 2017-07-07 03:11 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-07-12 11:43 - 2017-07-07 03:10 - 21353208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-07-12 11:43 - 2017-07-07 03:10 - 01337848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-07-12 11:43 - 2017-07-07 03:10 - 01325968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-07-12 11:43 - 2017-07-07 03:10 - 00372128 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-07-12 11:43 - 2017-07-07 03:09 - 00041376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininitext.dll
2017-07-12 11:43 - 2017-07-07 03:08 - 02229152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-07-12 11:43 - 2017-07-07 03:08 - 01854880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-07-12 11:43 - 2017-07-07 03:08 - 01693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-07-12 11:43 - 2017-07-07 03:08 - 01458584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-07-12 11:43 - 2017-07-07 03:08 - 01100704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2017-07-12 11:43 - 2017-07-07 03:08 - 00848280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-07-12 11:43 - 2017-07-07 03:08 - 00846752 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-07-12 11:43 - 2017-07-07 03:08 - 00844704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-07-12 11:43 - 2017-07-07 03:08 - 00699808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-07-12 11:43 - 2017-07-07 03:08 - 00672672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-07-12 11:43 - 2017-07-07 03:08 - 00399264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-07-12 11:43 - 2017-07-07 03:07 - 01106848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2017-07-12 11:43 - 2017-07-07 03:07 - 00058488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2017-07-12 11:43 - 2017-07-07 02:40 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-07-12 11:43 - 2017-07-07 02:37 - 31652264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsRaw.dll
2017-07-12 11:43 - 2017-07-07 02:27 - 03670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-07-12 11:43 - 2017-07-07 02:27 - 01640448 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-07-12 11:43 - 2017-07-07 02:27 - 01050624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-07-12 11:43 - 2017-07-07 02:27 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2017-07-12 11:43 - 2017-07-07 02:27 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2017-07-12 11:43 - 2017-07-07 02:27 - 00360960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2017-07-12 11:43 - 2017-07-07 02:26 - 17364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-07-12 11:43 - 2017-07-07 02:25 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-07-12 11:43 - 2017-07-07 02:23 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-07-12 11:43 - 2017-07-07 02:23 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-07-12 11:43 - 2017-07-07 02:22 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-07-12 11:43 - 2017-07-07 02:22 - 00520704 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-07-12 11:43 - 2017-07-07 02:21 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-07-12 11:43 - 2017-07-07 02:20 - 23681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-07-12 11:43 - 2017-07-07 02:20 - 08331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-07-12 11:43 - 2017-07-07 02:20 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\prntvpt.dll
2017-07-12 11:43 - 2017-07-07 02:19 - 07149056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-07-12 11:43 - 2017-07-07 02:19 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-07-12 11:43 - 2017-07-07 02:19 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-07-12 11:43 - 2017-07-07 02:18 - 07336448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-07-12 11:43 - 2017-07-07 02:18 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2017-07-12 11:43 - 2017-07-07 02:18 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsExt.dll
2017-07-12 11:43 - 2017-07-07 02:17 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-07-12 11:43 - 2017-07-07 02:17 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-07-12 11:43 - 2017-07-07 02:17 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-07-12 11:43 - 2017-07-07 02:17 - 00588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-07-12 11:43 - 2017-07-07 02:17 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-07-12 11:43 - 2017-07-07 02:17 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-07-12 11:43 - 2017-07-07 02:16 - 12786176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-07-12 11:43 - 2017-07-07 02:16 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-07-12 11:43 - 2017-07-07 02:16 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-07-12 11:43 - 2017-07-07 02:15 - 08238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-07-12 11:43 - 2017-07-07 02:15 - 00922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-07-12 11:43 - 2017-07-07 02:15 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1debug3.dll
2017-07-12 11:43 - 2017-07-07 02:14 - 03784704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2017-07-12 11:43 - 2017-07-07 02:14 - 01802240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-07-12 11:43 - 2017-07-07 02:14 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2017-07-12 11:43 - 2017-07-07 02:13 - 05892096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-07-12 11:43 - 2017-07-07 02:13 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-07-12 11:43 - 2017-07-07 02:12 - 04730880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-07-12 11:43 - 2017-07-07 02:12 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-07-12 11:43 - 2017-07-07 02:12 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-07-12 11:43 - 2017-07-07 02:12 - 02055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-07-12 11:43 - 2017-07-07 02:12 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2017-07-12 11:43 - 2017-07-07 02:12 - 01420800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2017-07-12 11:43 - 2017-07-07 02:12 - 01305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-07-12 11:43 - 2017-07-07 02:12 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-07-12 11:43 - 2017-07-07 02:12 - 01142272 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-07-12 11:43 - 2017-07-07 02:12 - 00706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-07-12 11:43 - 2017-07-07 02:11 - 03139584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-07-12 11:43 - 2017-07-07 02:11 - 02829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-07-12 11:43 - 2017-07-07 02:11 - 02649600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-07-12 11:43 - 2017-07-07 02:11 - 02177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-07-12 11:43 - 2017-07-07 02:11 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-07-12 11:43 - 2017-07-07 02:11 - 01812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-07-12 11:43 - 2017-07-07 02:11 - 00986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-07-12 11:43 - 2017-07-07 02:10 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-07-12 11:43 - 2017-07-07 02:10 - 04707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-07-12 11:43 - 2017-07-07 02:10 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-07-12 11:43 - 2017-07-07 02:06 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2017-07-12 11:43 - 2017-07-07 02:06 - 00205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sensrsvc.dll
2017-07-12 11:43 - 2017-07-07 02:05 - 19335168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-07-12 11:43 - 2017-07-07 02:05 - 11870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-07-12 11:43 - 2017-07-07 02:05 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2017-07-12 11:43 - 2017-07-07 02:04 - 01403392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdc.dll
2017-07-12 11:43 - 2017-07-07 02:04 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2017-07-12 11:43 - 2017-07-07 02:02 - 00508416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2017-07-12 11:43 - 2017-07-07 02:01 - 06287360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-07-12 11:43 - 2017-07-01 18:52 - 00031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-07-12 11:43 - 2017-06-20 02:18 - 01564576 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-07-12 11:43 - 2017-06-20 02:18 - 00096672 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-07-12 11:43 - 2017-06-20 02:17 - 00629152 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-07-12 11:43 - 2017-06-20 02:17 - 00544160 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-07-12 11:43 - 2017-06-20 02:17 - 00334240 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-07-12 11:43 - 2017-06-20 02:17 - 00034720 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-07-12 11:43 - 2017-06-20 02:16 - 01214880 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-07-12 11:43 - 2017-06-20 02:16 - 00335776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-07-12 11:43 - 2017-06-20 02:15 - 00233376 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-07-12 11:43 - 2017-06-20 02:11 - 01395152 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-07-12 11:43 - 2017-06-20 02:11 - 00411992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2017-07-12 11:43 - 2017-06-20 02:10 - 02327456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-07-12 11:43 - 2017-06-20 02:10 - 01930320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-07-12 11:43 - 2017-06-20 02:08 - 01242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-07-12 11:43 - 2017-06-20 02:05 - 01057832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-07-12 11:43 - 2017-06-20 02:04 - 04847424 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-07-12 11:43 - 2017-06-20 02:04 - 00472728 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-07-12 11:43 - 2017-06-20 02:03 - 00102312 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialUIBroker.exe
2017-07-12 11:43 - 2017-06-20 02:02 - 02645688 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-07-12 11:43 - 2017-06-20 02:00 - 00558920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-07-12 11:43 - 2017-06-20 02:00 - 00255904 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-07-12 11:43 - 2017-06-20 02:00 - 00142752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-07-12 11:43 - 2017-06-20 01:59 - 06554928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-07-12 11:43 - 2017-06-20 01:59 - 01054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-07-12 11:43 - 2017-06-20 01:59 - 00583304 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2017-07-12 11:43 - 2017-06-20 01:59 - 00467504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2017-07-12 11:43 - 2017-06-20 01:58 - 00833160 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2017-07-12 11:43 - 2017-06-20 01:58 - 00406072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2017-07-12 11:43 - 2017-06-20 01:57 - 00204192 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-07-12 11:43 - 2017-06-20 01:15 - 01620368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-07-12 11:43 - 2017-06-20 01:14 - 01150784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-07-12 11:43 - 2017-06-20 01:12 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2017-07-12 11:43 - 2017-06-20 01:12 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2017-07-12 11:43 - 2017-06-20 01:11 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-07-12 11:43 - 2017-06-20 01:11 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-07-12 11:43 - 2017-06-20 01:10 - 00778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2017-07-12 11:43 - 2017-06-20 01:10 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-07-12 11:43 - 2017-06-20 01:10 - 00188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincredui.dll
2017-07-12 11:43 - 2017-06-20 01:10 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-07-12 11:43 - 2017-06-20 01:09 - 00555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgrSvc.dll
2017-07-12 11:43 - 2017-06-20 01:09 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll
2017-07-12 11:43 - 2017-06-20 01:09 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-07-12 11:43 - 2017-06-20 01:09 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Narrator.exe
2017-07-12 11:43 - 2017-06-20 01:09 - 00250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2017-07-12 11:43 - 2017-06-20 01:09 - 00208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2017-07-12 11:43 - 2017-06-20 01:09 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-07-12 11:43 - 2017-06-20 01:09 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-07-12 11:43 - 2017-06-20 01:09 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dataclen.dll
2017-07-12 11:43 - 2017-06-20 01:08 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-07-12 11:43 - 2017-06-20 01:08 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-07-12 11:43 - 2017-06-20 01:08 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2017-07-12 11:43 - 2017-06-20 01:08 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-07-12 11:43 - 2017-06-20 01:08 - 00251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-07-12 11:43 - 2017-06-20 01:07 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2017-07-12 11:43 - 2017-06-20 01:07 - 00823296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2017-07-12 11:43 - 2017-06-20 01:07 - 00626176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2017-07-12 11:43 - 2017-06-20 01:07 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-07-12 11:43 - 2017-06-20 01:06 - 00847872 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-07-12 11:43 - 2017-06-20 01:06 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-07-12 11:43 - 2017-06-20 01:06 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-07-12 11:43 - 2017-06-20 01:06 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-07-12 11:43 - 2017-06-20 01:05 - 05776384 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsDesktopEngine.exe
2017-07-12 11:43 - 2017-06-20 01:05 - 04447744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-07-12 11:43 - 2017-06-20 01:05 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-07-12 11:43 - 2017-06-20 01:05 - 00873472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-07-12 11:43 - 2017-06-20 01:05 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-07-12 11:43 - 2017-06-20 01:05 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-07-12 11:43 - 2017-06-20 01:05 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-07-12 11:43 - 2017-06-20 01:05 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-07-12 11:43 - 2017-06-20 01:04 - 01818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2017-07-12 11:43 - 2017-06-20 01:04 - 01425920 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-07-12 11:43 - 2017-06-20 01:04 - 00899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2017-07-12 11:43 - 2017-06-20 01:04 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-07-12 11:43 - 2017-06-20 01:04 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-07-12 11:43 - 2017-06-20 01:04 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2017-07-12 11:43 - 2017-06-20 01:03 - 02077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-07-12 11:43 - 2017-06-20 01:03 - 01396224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-07-12 11:43 - 2017-06-20 01:02 - 03204096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-07-12 11:43 - 2017-06-20 01:02 - 02804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-07-12 11:43 - 2017-06-20 01:02 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-07-12 11:43 - 2017-06-20 01:02 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-07-12 11:43 - 2017-06-20 01:01 - 04536320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-07-12 11:43 - 2017-06-20 01:01 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-07-12 11:43 - 2017-06-20 01:01 - 03803136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-07-12 11:43 - 2017-06-20 01:01 - 03332096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-07-12 11:43 - 2017-06-20 01:01 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-07-12 11:43 - 2017-06-20 01:01 - 01076736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-07-12 11:43 - 2017-06-20 01:00 - 03057664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-07-12 11:43 - 2017-06-20 01:00 - 02171392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2017-07-12 11:43 - 2017-06-20 00:59 - 02938880 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-07-12 11:43 - 2017-06-20 00:59 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-07-12 11:43 - 2017-06-20 00:59 - 01357824 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-07-12 11:43 - 2017-06-20 00:58 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-07-12 11:43 - 2017-06-20 00:57 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2017-07-12 11:43 - 2017-06-20 00:54 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmApiSetExtImplDesktop.dll
2017-07-12 11:43 - 2017-06-20 00:45 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-07-12 11:43 - 2017-06-20 00:42 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-07-12 11:43 - 2017-06-20 00:37 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-07-12 11:42 - 2017-07-07 03:27 - 00965024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-07-12 11:42 - 2017-07-07 03:27 - 00821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-07-12 11:42 - 2017-07-07 03:17 - 01017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2017-07-12 11:42 - 2017-07-07 03:12 - 00228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-07-12 11:42 - 2017-07-07 03:08 - 00992672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2017-07-12 11:42 - 2017-07-07 03:08 - 00774560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2017-07-12 11:42 - 2017-07-07 03:08 - 00506776 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2017-07-12 11:42 - 2017-07-07 02:27 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2017-07-12 11:42 - 2017-07-07 02:27 - 00577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\duser.dll
2017-07-12 11:42 - 2017-07-07 02:24 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
2017-07-12 11:42 - 2017-07-07 02:23 - 00113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-07-12 11:42 - 2017-07-07 02:23 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapprovp.dll
2017-07-12 11:42 - 2017-07-07 02:21 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncCsp.dll
2017-07-12 11:42 - 2017-07-07 02:19 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\raschap.dll
2017-07-12 11:42 - 2017-07-07 02:18 - 00563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2017-07-12 11:42 - 2017-07-07 02:17 - 00536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-07-12 11:42 - 2017-07-07 02:14 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-07-12 11:42 - 2017-07-07 02:11 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-07-12 11:42 - 2017-07-07 02:07 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2017-07-12 11:42 - 2017-07-07 02:07 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2017-07-12 11:42 - 2017-07-07 02:04 - 01703424 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-07-12 11:42 - 2017-06-20 02:17 - 00136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-07-12 11:42 - 2017-06-20 02:03 - 00179608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll
2017-07-12 11:42 - 2017-06-20 02:02 - 00426912 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-07-12 11:42 - 2017-06-20 01:58 - 00203168 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2017-07-12 11:42 - 2017-06-20 01:16 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfuimanager.dll
2017-07-12 11:42 - 2017-06-20 01:16 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2017-07-12 11:42 - 2017-06-20 01:14 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys
2017-07-12 11:42 - 2017-06-20 01:13 - 00216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
2017-07-12 11:42 - 2017-06-20 01:13 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2017-07-12 11:42 - 2017-06-20 01:13 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgr.dll
2017-07-12 11:42 - 2017-06-20 01:12 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Profile.RetailInfo.dll
2017-07-12 11:42 - 2017-06-20 01:10 - 00189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2017-07-12 11:42 - 2017-06-20 01:09 - 00205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipboardServer.dll
2017-07-12 11:42 - 2017-06-20 01:09 - 00135680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2017-07-12 11:42 - 2017-06-20 01:08 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\system32\certca.dll
2017-07-12 11:42 - 2017-06-20 01:07 - 00916992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2017-07-12 11:42 - 2017-06-20 01:07 - 00757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-07-12 11:42 - 2017-06-20 01:07 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2017-07-12 11:42 - 2017-06-20 01:06 - 00455680 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-07-12 11:42 - 2017-06-20 01:06 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2017-07-12 11:42 - 2017-06-20 01:06 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll
2017-07-12 11:42 - 2017-06-20 01:06 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-07-12 11:42 - 2017-06-20 01:05 - 02873344 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2017-07-12 11:42 - 2017-06-20 01:05 - 00696320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2017-07-12 11:42 - 2017-06-20 01:02 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinAUG.dll
2017-07-12 11:42 - 2017-06-20 01:01 - 00809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-07-12 11:42 - 2017-06-20 01:01 - 00397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-07-12 11:42 - 2017-06-20 00:57 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMPushRouterCore.dll
2017-07-12 11:42 - 2017-06-20 00:56 - 00600064 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2017-07-12 11:42 - 2017-06-20 00:56 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdmaud.drv
2017-07-11 13:55 - 2017-07-11 13:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby
2017-07-11 13:55 - 2017-07-11 13:55 - 00000000 ____D C:\Program Files\Dolby Digital Plus
2017-07-11 13:54 - 2017-05-04 07:11 - 00343704 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2017-07-11 13:54 - 2017-05-04 07:10 - 03677176 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2017-07-11 13:54 - 2017-05-04 07:10 - 03506632 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2017-07-11 13:54 - 2017-05-04 07:10 - 03205120 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2017-07-11 13:54 - 2017-05-04 07:10 - 01353272 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2017-07-11 13:54 - 2017-05-04 07:10 - 00151784 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEL64A.dll
2017-07-11 13:54 - 2017-05-04 07:09 - 07172912 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEP64A.dll
2017-07-11 13:54 - 2017-05-04 07:09 - 02209792 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2017-07-11 13:54 - 2017-05-04 07:09 - 00447712 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EED64A.dll
2017-07-11 13:54 - 2017-05-04 07:09 - 00378376 _____ (Dolby Laboratories) C:\WINDOWS\system32\HiFiDAX2API.dll
2017-07-11 13:54 - 2017-05-04 07:09 - 00134192 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEA64A.dll
2017-07-11 13:54 - 2017-05-04 07:09 - 00084608 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEG64A.dll
2017-07-11 13:54 - 2017-05-04 07:08 - 07096184 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64A.dll
2017-07-11 13:54 - 2017-05-04 07:08 - 01133064 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOProp.dll
2017-07-11 13:54 - 2017-05-04 07:08 - 00122312 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2017-07-11 13:54 - 2017-05-04 07:07 - 05346984 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOv211.dll
2017-07-11 13:54 - 2017-05-04 03:29 - 12671647 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2017-07-10 12:09 - 2017-07-17 00:01 - 00000000 ____D C:\Users\atbs\AppData\Local\LogMeInIgnition
2017-07-10 12:05 - 2017-07-10 12:05 - 00002032 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2017-07-10 12:05 - 2017-07-10 12:05 - 00000000 ____D C:\Users\atbs\AppData\Local\LogMeIn
2017-07-10 12:05 - 2017-07-10 12:05 - 00000000 ____D C:\Program Files (x86)\LogMeIn Ignition
2017-07-10 12:04 - 2017-07-18 01:31 - 00001072 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2017-07-10 12:04 - 2017-07-18 01:30 - 00000000 ____D C:\ProgramData\LogMeIn
2017-07-10 12:04 - 2017-07-10 12:05 - 00000000 ____D C:\Program Files (x86)\LogMeIn
2017-07-10 12:04 - 2017-07-10 12:04 - 00001024 _____ C:\.rnd
2017-07-10 12:04 - 2017-06-14 10:50 - 00114688 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIRfsClientNP.dll
2017-07-10 12:04 - 2017-06-14 10:50 - 00109024 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIinit.dll
2017-07-10 12:04 - 2017-01-11 03:08 - 00030432 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\Drivers\LMIInfo.sys
2017-07-10 12:04 - 2017-01-10 11:04 - 00081088 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\Drivers\LMIRfsDriver.sys
2017-07-10 12:04 - 2016-01-29 10:53 - 00035328 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIport.dll
2017-06-28 18:28 - 2017-06-28 18:28 - 00000000 ____D C:\Users\atbs\AppData\Local\Quicken_Inc
2017-06-28 17:49 - 2017-06-28 17:49 - 00000000 ____D C:\Users\atbs\AppData\Local\Quicken
2017-06-28 17:43 - 2017-06-28 17:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken 2017
2017-06-28 15:51 - 2017-06-28 15:51 - 00000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-726195798-3845404459-4074307453-1001
2017-06-25 22:21 - 2017-06-25 22:21 - 00000017 _____ C:\Users\atbs\AppData\Local\resmon.resmoncfg
2017-06-20 19:09 - 2017-06-20 19:09 - 00000000 ____D C:\Users\Default\Documents\Visual Studio 2008
2017-06-20 19:09 - 2017-06-20 19:09 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2017-06-20 19:09 - 2017-06-20 19:09 - 00000000 ____D C:\Users\Default User\Documents\Visual Studio 2008
2017-06-20 19:09 - 2017-06-20 19:09 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2017-06-20 16:48 - 2017-06-20 16:49 - 00000000 ____D C:\Users\atbs\AppData\Local\Deployment
2017-06-20 16:39 - 2017-06-20 16:45 - 00000000 ____D C:\Users\atbs\AppData\Local\Temporary Projects
2017-06-20 16:31 - 2017-06-20 16:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
2017-06-20 15:35 - 2017-06-20 19:09 - 00001491 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Basic 2008 Express Edition.lnk
2017-06-20 15:35 - 2017-06-20 16:39 - 00000000 ____D C:\Users\atbs\Documents\Visual Studio 2008
2017-06-20 15:35 - 2017-06-20 15:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2017-06-20 15:34 - 2017-06-20 15:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 9.0
2017-06-20 15:34 - 2017-06-20 15:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2008
2017-06-20 15:34 - 2017-06-20 15:34 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 9.0
2017-06-20 15:34 - 2017-06-20 15:34 - 00000000 ____D C:\Program Files\Microsoft SDKs
2017-06-20 13:18 - 2017-06-20 13:18 - 00000000 ____D C:\Users\atbs\.dnx
2017-06-19 19:14 - 2017-06-19 19:14 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 12.0
2017-06-19 19:10 - 2017-06-19 19:10 - 00000000 ____D C:\Program Files (x86)\NuGet
2017-06-19 19:09 - 2017-06-19 19:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Office365 Tools
2017-06-19 18:59 - 2017-06-19 18:59 - 00000000 ____D C:\Program Files (x86)\ShellDir
2017-06-19 18:51 - 2017-06-19 18:51 - 00000000 ____D C:\WINDOWS\symbols
2017-06-19 09:49 - 2017-06-19 09:49 - 02373944 _____ (Microsoft Corporation) C:\WINDOWS\system32\WudfUpdate_01011.dll
2017-06-18 23:07 - 2017-06-18 23:07 - 00000000 ____D C:\Users\atbs\AppData\Local\vsixinstaller
2017-06-18 19:35 - 2017-06-20 13:20 - 00000000 ____D C:\Users\atbs\Documents\Visual Studio 2015
2017-06-18 19:29 - 2017-06-18 19:29 - 00000000 ____D C:\Program Files (x86)\AppInsights
2017-06-18 19:24 - 2017-06-18 19:24 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 11.0
2017-06-18 19:17 - 2017-06-20 15:35 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2017-06-18 19:17 - 2017-06-18 19:17 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2017-06-18 19:16 - 2017-06-18 19:16 - 00000000 ____D C:\ProgramData\PreEmptive Solutions
2017-06-18 19:15 - 2017-06-18 19:24 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2017-06-18 19:14 - 2017-06-18 19:14 - 00000000 ____D C:\ProgramData\Microsoft DNX
2017-06-18 19:14 - 2017-06-18 19:14 - 00000000 ____D C:\Program Files\Microsoft DNX
2017-06-18 19:04 - 2017-06-19 19:10 - 00000000 ____D C:\Program Files\IIS Express
2017-06-18 19:04 - 2017-06-19 19:10 - 00000000 ____D C:\Program Files (x86)\IIS Express
2017-06-18 19:03 - 2017-06-18 19:03 - 00000000 ____D C:\ProgramData\NuGet
2017-06-18 19:02 - 2017-06-18 19:02 - 00000000 ____D C:\Program Files\IIS
2017-06-18 19:02 - 2017-06-18 19:02 - 00000000 ____D C:\Program Files (x86)\Microsoft WCF Data Services
2017-06-18 19:02 - 2017-06-18 19:02 - 00000000 ____D C:\Program Files (x86)\IIS
2017-06-18 19:01 - 2017-06-19 19:09 - 00001509 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend for Visual Studio 2015.lnk
2017-06-18 19:01 - 2017-06-18 19:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression
2017-06-18 19:00 - 2017-06-19 19:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 12.0
2017-06-18 18:59 - 2017-06-18 18:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015
2017-06-18 18:57 - 2017-06-18 18:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Help Viewer
2017-06-18 18:54 - 2017-06-19 18:54 - 00000000 ____D C:\WINDOWS\SysWOW64\1033
2017-06-18 18:54 - 2017-06-19 18:49 - 00001518 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015.lnk
2017-06-18 18:51 - 2017-06-19 18:49 - 00000000 ____D C:\WINDOWS\system32\1033
2017-06-18 18:06 - 2017-06-18 18:06 - 00000000 ____D C:\Program Files (x86)\MSDERelA
2017-06-18 17:52 - 2017-06-18 17:52 - 00000000 ____D C:\Users\atbs\AppData\Local\ApplicationHistory

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-18 10:13 - 2016-06-06 14:47 - 00000000 ____D C:\Users\atbs\Documents\Outlook Files
2017-07-18 10:10 - 2016-12-22 00:51 - 00000000 ____D C:\Users\atbs\AppData\Local\ClassicShell
2017-07-18 09:57 - 2016-01-11 13:50 - 00000000 ____D C:\Users\atbs\Documents\My Software
2017-07-18 09:39 - 2017-03-18 17:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-18 09:39 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-07-18 09:35 - 2016-11-22 12:39 - 00000000 ____D C:\Users\atbs\AppData\LocalLow\Mozilla
2017-07-18 09:31 - 2017-01-09 04:49 - 00093311 _____ C:\WINDOWS\system32\InstallUtil.InstallLog
2017-07-18 09:27 - 2016-01-03 09:42 - 00000000 __SHD C:\Users\atbs\IntelGraphicsProfiles
2017-07-18 09:26 - 2017-06-07 20:25 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-07-18 01:34 - 2016-03-19 14:00 - 00003464 _____ C:\WINDOWS\SysWOW64\VipreEdgeProtectionOff.ini
2017-07-18 01:34 - 2016-03-19 14:00 - 00003464 _____ C:\WINDOWS\system32\VipreEdgeProtectionOff.ini
2017-07-18 01:33 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2017-07-18 01:31 - 2017-06-07 20:55 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-07-18 01:30 - 2017-03-18 07:40 - 01310720 _____ C:\WINDOWS\system32\config\BBI
2017-07-17 23:00 - 2017-06-16 11:19 - 00004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7F347014-0EBD-4D11-9647-DA8BD51B5143}
2017-07-17 22:46 - 2016-01-03 09:59 - 00000000 ____D C:\Users\atbs\AppData\Local\Adobe
2017-07-17 22:06 - 2016-01-15 16:33 - 00000000 ____D C:\Temp
2017-07-17 21:27 - 2016-01-09 06:11 - 00000000 ____D C:\ProgramData\VIPRE
2017-07-17 21:25 - 2016-01-13 13:29 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-07-17 15:26 - 2017-03-18 07:40 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-07-17 15:26 - 2010-11-20 23:27 - 00565416 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-07-17 15:15 - 2017-06-07 20:30 - 00000000 ____D C:\Users\Administrator
2017-07-17 15:14 - 2016-06-27 20:23 - 00000000 __SHD C:\Users\Administrator\IntelGraphicsProfiles
2017-07-17 14:56 - 2016-06-27 20:23 - 00000000 ____D C:\Users\Administrator\AppData\Local\Packages
2017-07-17 14:55 - 2017-03-18 17:03 - 00000000 ___RD C:\WINDOWS\PrintDialog
2017-07-17 14:55 - 2017-03-18 17:03 - 00000000 ___RD C:\WINDOWS\MiracastView
2017-07-17 14:46 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-07-17 14:41 - 2017-06-07 20:55 - 00003292 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-07-17 14:41 - 2016-06-27 20:24 - 00002437 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-07-17 14:41 - 2016-06-27 20:24 - 00000000 ___RD C:\Users\Administrator\OneDrive
2017-07-17 14:39 - 2016-06-27 20:24 - 00000000 ____D C:\Users\Administrator\AppData\Local\Lenovo
2017-07-17 13:28 - 2017-06-07 20:29 - 01300376 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-07-17 10:59 - 2016-01-14 12:03 - 00000000 ____D C:\Users\atbs\AppData\Local\Packages
2017-07-15 22:34 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\rescache
2017-07-14 11:27 - 2017-06-07 20:25 - 00273936 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-07-14 11:27 - 2017-03-18 17:01 - 00000000 ____D C:\WINDOWS\INF
2017-07-14 11:23 - 2017-03-18 17:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-07-14 11:23 - 2017-03-18 17:03 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-07-14 11:23 - 2017-03-18 17:03 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-07-14 11:23 - 2017-03-18 17:03 - 00000000 ___RD C:\Program Files\Windows Defender
2017-07-14 11:23 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-07-14 11:23 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\migwiz
2017-07-14 11:23 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-07-14 11:23 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-07-14 11:23 - 2017-03-18 17:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-07-14 11:23 - 2017-03-18 17:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-07-14 11:23 - 2017-03-18 17:03 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-07-12 17:39 - 2016-07-14 16:53 - 00000000 ____D C:\Users\atbs\AppData\Local\ElevatedDiagnostics
2017-07-12 11:52 - 2017-03-18 16:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-07-12 11:49 - 2016-01-08 03:26 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-07-12 11:45 - 2016-01-08 03:26 - 135225752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-07-11 18:25 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-07-11 13:55 - 2017-06-07 20:55 - 00003342 _____ C:\WINDOWS\System32\Tasks\DolbySelectorTask
2017-07-11 13:55 - 2017-06-07 20:55 - 00003250 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_LENOVO_MICPKEY
2017-07-11 13:55 - 2017-06-07 20:55 - 00003220 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_Dolby
2017-07-11 13:55 - 2017-06-07 20:55 - 00003216 _____ C:\WINDOWS\System32\Tasks\RTKCPL
2017-07-11 13:55 - 2017-06-07 20:27 - 00301661 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2017-07-11 13:54 - 2017-06-07 20:27 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-07-11 13:54 - 2017-06-07 20:27 - 00000000 ____D C:\WINDOWS\system32\DAX2
2017-07-11 11:26 - 2015-12-18 23:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-07-11 10:58 - 2017-03-18 17:03 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-07-11 10:55 - 2017-06-13 21:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-07-11 10:55 - 2016-02-09 20:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-06-30 10:47 - 2017-03-18 17:06 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-06-30 10:47 - 2017-03-18 17:06 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-06-28 17:43 - 2016-01-05 02:32 - 00000126 _____ C:\WINDOWS\QUICKEN.INI
2017-06-28 17:43 - 2016-01-05 02:32 - 00000000 ____D C:\Program Files (x86)\Quicken
2017-06-28 15:50 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-06-28 13:11 - 2017-06-07 20:30 - 00000000 ____D C:\Users\atbs
2017-06-25 22:23 - 2017-06-07 20:55 - 00002444 _____ C:\WINDOWS\System32\Tasks\{ED275FF5-0EC3-4E87-8108-EEA30BF7B1AA}
2017-06-25 19:35 - 2016-01-05 02:34 - 00000000 ____D C:\Users\atbs\Documents\Quicken
2017-06-22 05:06 - 2016-01-14 12:05 - 00002410 _____ C:\Users\atbs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-06-22 05:06 - 2016-01-12 17:56 - 00000000 ___RD C:\Users\atbs\OneDrive
2017-06-20 16:37 - 2016-01-27 15:49 - 00000000 ____D C:\Users\atbs\AppData\Local\Microsoft Help
2017-06-20 16:32 - 2017-06-07 19:13 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2017-06-19 19:39 - 2015-12-18 23:02 - 00000000 ____D C:\ProgramData\Package Cache
2017-06-19 19:37 - 2017-03-18 17:03 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-06-19 19:31 - 2017-06-07 19:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Web Tools
2017-06-19 19:09 - 2017-06-07 19:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 14.0
2017-06-18 22:15 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\Help
2017-06-18 22:12 - 2017-06-07 18:01 - 00000028 _____ C:\WINDOWS\ODBC.INI
2017-06-18 22:06 - 2017-06-07 18:16 - 00000000 ____D C:\Users\atbs\AppData\Roaming\Visual Studio Setup
2017-06-18 22:06 - 2017-06-07 18:16 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2017-06-18 22:05 - 2017-06-08 00:09 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-06-18 22:04 - 2017-06-07 19:01 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2017-06-18 19:26 - 2017-06-07 19:13 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2017-06-18 18:57 - 2017-06-07 19:01 - 00000000 ____D C:\Program Files (x86)\Windows Kits

==================== Files in the root of some directories =======

2017-02-16 17:30 - 2017-02-16 16:07 - 0012542 _____ () C:\Program Files (x86)\Common Files\client.wyc
2016-06-07 14:49 - 2016-06-07 15:08 - 0037836 _____ () C:\Users\atbs\AppData\Roaming\Comma Separated Values.ADR
2017-04-14 22:21 - 2017-04-14 22:21 - 0003584 _____ () C:\Users\atbs\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-06-07 18:01 - 2017-06-07 18:01 - 0000092 _____ () C:\Users\atbs\AppData\Local\fusioncache.dat
2017-06-25 22:21 - 2017-06-25 22:21 - 0000017 _____ () C:\Users\atbs\AppData\Local\resmon.resmoncfg
2016-01-25 16:53 - 2016-01-25 16:53 - 0000057 _____ () C:\ProgramData\Ament.ini
2017-06-07 20:27 - 2017-06-07 20:27 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


ATTENTION: ==> Could not access BCD.

LastRegBack: 2017-07-17 01:36

==================== End of FRST.txt ============================

--------------------------------------------------------------------------------------------------------------------------------------------------------

Here is the Addition.txt.

--------------------------------------------------------------------------------------------------------------------------------------------------------

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-07-2017
Ran by atbs (18-07-2017 10:14:40)
Running from C:\Users\atbs\Documents\My Software\Malware Cleaner
Windows 10 Pro Version 1703 (X64) (2017-06-08 01:03:27)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-726195798-3845404459-4074307453-500 - Administrator - Enabled) => C:\Users\Administrator
ASPNET (S-1-5-21-726195798-3845404459-4074307453-1004 - Limited - Enabled)
atbs (S-1-5-21-726195798-3845404459-4074307453-1001 - Administrator - Enabled) => C:\Users\atbs
DefaultAccount (S-1-5-21-726195798-3845404459-4074307453-503 - Limited - Disabled)
Guest (S-1-5-21-726195798-3845404459-4074307453-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-726195798-3845404459-4074307453-1002 - Limited - Enabled)
Randolph (S-1-5-21-726195798-3845404459-4074307453-1009 - Administrator - Enabled) => C:\Users\Randolph
SQLDebugger (S-1-5-21-726195798-3845404459-4074307453-1008 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ThreatTrack Security VIPRE (Enabled - Up to date) {A328C8F0-22BE-AEDA-2D52-6C8A3089160A}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ThreatTrack Security VIPRE (Enabled - Up to date) {18492914-0484-A154-17E2-57F84B0E5CB7}
FW: ThreatTrack Security VIPRE (Disabled) {9B1349D5-68D1-AF82-060D-C5BFCE5A5171}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Active Directory Authentication Library for SQL Server (HKLM\...\{32C0D7B2-1046-43AC-98AD-B748E1910916}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Active Directory Authentication Library for SQL Server (x86) (HKLM-x32\...\{F40FA676-46B1-4609-85EF-D2F1F79E0C0E}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{0E4C791E-B78E-477D-BD5A-CDD0985BA6EC}) (Version: 7.0.20622.1 - Microsoft Corporation)
Azure AD Authentication Connected Service (HKLM-x32\...\{8A1AD070-269F-4A15-AAB5-76AB896EF195}) (Version: 14.0.25420 - Microsoft Corporation) Hidden
AzureTools.Notifications (HKLM-x32\...\{1E5CA362-39B6-4BD0-B9C0-69CF15F0FEA2}) (Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (HKLM-x32\...\{37E53780-3944-4A6A-842F-727128E8616E}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.14018 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\{C706092D-491F-4D29-BB49-FF7B47CD12F2}) (Version: 3.1.14018 - Cisco Systems, Inc.) Hidden
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix online plug-in - web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 12.1.44.1 - Citrix Systems, Inc.)
Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)
Connect2 (HKLM-x32\...\Connect2_is1) (Version: 4.2.0.3818 - Lenovo)
cwbnethlp (HKLM-x32\...\{3186ACD0-B5C5-470E-ABE1-E4110C0A72BF}) (Version: 1.00.0000 - Your Company Name) Hidden
DisplayLink Core Software (HKLM\...\{58F4C39B-D946-4A45-A314-DEFC2AFDF397}) (Version: 7.5.54609.0 - DisplayLink Corp.)
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.6.3.1 - Dolby Laboratories Inc)
Dotfuscator and Analytics Community Edition 5.22.0 (HKLM-x32\...\{60018889-9E0F-43E8-9B89-29E8C828B40A}) (Version: 5.22.0.3788 - PreEmptive Solutions) Hidden
Entity Framework 6.1.3 Tools  for Visual Studio 2015 Update 1 (HKLM-x32\...\{2A56910C-69C8-495D-8ED8-9080F0A14E58}) (Version: 14.0.41103.0 - Microsoft Corporation)
ExpressCache (HKLM\...\{44EAE7F6-8BBF-4C3F-A573-3CD5A3C067FA}) (Version: 1.3.110.0 - Condusiv Technologies)
GSKit8 SSL 32-bit (HKLM-x32\...\{6FACA056-274E-43D7-B63E-BD92FE6B40C1}) (Version: 8.0.50.67 - IBM)
HP Officejet Pro 6830 Basic Device Software (HKLM\...\{98040AB6-D667-409C-81E7-DB65836B3EE0}) (Version: 33.1.73.49987 - Hewlett-Packard Co.)
HP Officejet Pro 6830 Help (HKLM-x32\...\{28693307-6F99-4B5D-9FA3-4D9132DDA716}) (Version: 34.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IBM Content Manager for iSeries Client for Windows (HKLM-x32\...\Content Manager for iSeries Client for Windows) (Version:  - )
IBM HTTP Server V8.5 (HKLM-x32\...\IM-IBM HTTP Server V8.5) (Version:  - )
IBM i Access for Windows 7.1 (HKLM\...\{31E11496-1F84-4DCC-B07A-369B40B8B4A7}) (Version: 07.01.0900 - IBM)
IBM i Access for Windows MRI (HKLM-x32\...\{CCA40624-843E-48C6-B14F-E1070015D87C}) (Version: 07.01.0000 - IBM) Hidden
IBM Installation Manager (HKLM-x32\...\IBM Installation Manager) (Version:  - )
IBM Systems Magazine, Power Systems - July 2016 (HKLM-x32\...\{C5563575-6719-34A9-0C1A-7478B4759356}) (Version: 1.0.2 - Nxtbook Media, LLC) Hidden
IBM Systems Magazine, Power Systems - July 2016 (HKLM-x32\...\81510c00b5b001ece7468620f19c271f) (Version: 1.0.2 - Nxtbook Media, LLC)
IBM Update Installer for WebSphere software V6.1 (HKU\S-1-5-21-726195798-3845404459-4074307453-1001\...\WSBAA61UPDI) (Version:  - )
IBM WebSphere Application Server Toolkit V6.1 (HKLM-x32\...\WSAST61) (Version:  - )
IBM WebSphere Application Server V8.5 (HKLM-x32\...\IM-IBM WebSphere Application Server V8.5) (Version:  - )
IIS 10.0 Express (HKLM\...\{13FD7E30-D2F1-498D-ABC2-A4242DB6610E}) (Version: 10.0.1736 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - )
ImportQIF (HKLM-x32\...\ImportQIF) (Version: 3.0.16.0 - QuicknPerlWiz)
Intel® Chipset Device Software (HKLM-x32\...\{b23c55fa-5271-4d64-ba8f-6718be55b9a7}) (Version: 10.1.1.33 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.6.1194 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.3.60 - Intel Corporation)
Intel® WiDi (HKLM\...\{3F5D407B-86F5-4CA5-8F83-7C00BBB69080}) (Version: 5.1.23.0 - Intel Corporation)
Intel® Wireless Bluetooth®(patch version 17.1.1450.402) (HKLM\...\{302600C1-6BDF-4FD1-1411-148929CC1385}) (Version: 17.1.1411.0502 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{185db067-38cd-4521-a43e-c39b96ee1389}) (Version: 19.50.1 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{B294CE94-FE0F-4427-910C-180AF9FCFED1}) (Version: 1.0.1.620 - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
Java 7 Update 80 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417080FF}) (Version: 7.0.800 - Oracle)
Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Java™ 6 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416045FF}) (Version: 6.0.450 - Oracle)
join.me (HKU\S-1-5-21-726195798-3845404459-4074307453-1001\...\JoinMe) (Version: 3.1.0.4665 - LogMeIn, Inc.)
Lenovo Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.82.00.14 - Lenovo)
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.12 - )
Lenovo Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 3.1.17.0 - Lenovo)
Lenovo On Screen Display (HKLM\...\OnScreenDisplay) (Version: 8.85.03 - Lenovo) Hidden
Lenovo Peer Connect SDK (HKLM\...\{75C87855-9CBB-4892-B1A9-74C73A19CACA}_is1) (Version: 1.0.0.7 - Lenovo)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.12.24 - Lenovo) Hidden
Lenovo PowerENGAGE (HKLM-x32\...\{15B15395-FF53-44E1-ADAD-FCC279E3CA10}) (Version: 2.51.0040 - Lenovo Inc.)
Lenovo QuickControl (HKLM-x32\...\{04128C8C-7812-4DCC-816E-9C8AB1D6EECE}) (Version: 2.40 - Lenovo Group Limited)
Lenovo Service Bridge (HKU\S-1-5-21-726195798-3845404459-4074307453-1001\...\dda9ca0b023f4c56) (Version: 1.6.6.0 - Lenovo)
Lenovo Settings - Power (HKLM-x32\...\{A6CFC34A-56EE-4AF5-8C49-995F59E6A160}) (Version: 2.00.000 - Lenovo) Hidden
Lenovo Solution Center (HKLM\...\{AFDE512F-7BCD-46B6-91C0-230812139EEF}) (Version: 3.4.002.006 - Lenovo)
Lenovo System Interface Foundation Driver (HKLM\...\{C2E5CA37-C862-4A69-AC6D-24F450A20C16}) (Version: 1.0.078.00 - Lenovo)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.07.0053 - Lenovo)
Lenovo USB Graphics (HKLM\...\{E6B1FE9A-CB1E-4096-A0AF-163419CB971C}) (Version: 7.5.54614.0 - Lenovo)
Lenovo USB3.0 to DVI VGA Monitor Adapter (HKLM-x32\...\{454D32AD-C149-49BE-9F2E-8C089C3D6620}) (Version: 1.07.17 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0009.00 - Lenovo Group Limited)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0011.00 - Lenovo)
LogMeIn (HKLM-x32\...\{4BA0A633-1A0C-4936-8BF5-9EA537E36BA8}) (Version: 4.1.9768 - LogMeIn, Inc.)
LogMeIn Client (HKLM-x32\...\{8AFDCE81-6BDF-440F-9008-5C8CB886C91B}) (Version: 1.3.2977 - LogMeIn, Inc.)
Max Uninstaller version 2.1 (HKLM-x32\...\{C7022C9B-4DE0-4A57-B395-ED3BFDB78D73}_is1) (Version: 2.1 - hxxp://www.maxuninstaller.com/)
Message Center Plus (HKLM\...\{EE4D9822-C7F3-4386-8703-889CDDA22FAA}) (Version: 3.4.0001.00 - Lenovo Group Limited)
Metric Collection SDK (HKLM-x32\...\{DDAA788F-52E6-44EA-ADB8-92837B11BF26}) (Version: 1.1.0012.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0011.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Version Manager (x64) 1.0.0-beta5 (HKLM\...\{c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738}) (Version: 1.0.10609.0 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25420 - Microsoft Corporation)
Microsoft Office Home and Business 2016 - en-us (HKLM\...\HomeBusinessRetail - en-us) (Version: 16.0.8229.2073 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-726195798-3845404459-4074307453-1001\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (English) (HKLM-x32\...\{9D6D76A6-4328-49E8-97A7-531A74841DA5}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2016 LocalDB  (HKLM\...\{E359515A-92E6-4FA3-A2C9-E1BA02D8DE6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects  (HKLM-x32\...\{0F1C8E2F-199A-4946-B3BF-0906DACFD032}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects  (x64) (HKLM\...\{20EA85AA-2A1D-4F11-B09F-4BA2BF3C8989}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL Language Service  (HKLM-x32\...\{8BFDE775-C5B8-46DB-84EF-43FFC8A2E8AD}) (Version: 13.0.14500.10 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL ScriptDom  (HKLM\...\{D091DE8C-EA0F-49AF-8DE3-BD6C79737C6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 Design Tools English (HKLM-x32\...\{0C19D563-5F25-4621-BF10-01F741BD283F}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 English (HKLM-x32\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.60519.0) (HKLM-x32\...\{4E27B0EF-7BAB-432A-AF3D-3FC8F3F7353F}) (Version: 14.0.60519.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM\...\{96EB5054-C775-4BEF-B7B9-AA96A295EDCD}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM-x32\...\{84C23ECA-FE4D-494F-9247-3EBAD57E7F0C}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (HKLM-x32\...\Microsoft Visual Basic 2008 Express Edition with SP1 - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140) (HKLM-x32\...\{90A80D89-A0E4-33C1-B13D-B93CB3496867}.KB945140) (Version: 1 - Microsoft Corporation)
Microsoft Visual Studio Professional 2015 with Updates (HKLM-x32\...\{68432bbb-c9a5-4a7b-bab3-ae5a49b28303}) (Version: 14.0.25420.1 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{94E1227C-08A9-4962-B388-1F05D89AEA75}) (Version: 3.1238.1962 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu (HKLM\...\{DFB3AD2B-4EE2-3077-BF1D-3CA164BC5336}) (Version: 3.5.30729 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 (HKLM\...\{F5C819A5-E068-4f7d-B91A-1BD18702AFFB}) (Version: 6.1.5295.17011 - Microsoft Corporation)
Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla)
MSBuild/NuGet Integration 14.0 (x86) (HKLM-x32\...\{128C1654-3B9E-4959-8BFB-CE6F09C0A01D}) (Version: 14.0.25420 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Multi-Device Hybrid Apps using C# - Templates - ENU (HKLM-x32\...\{12D99739-FFD3-3761-8AA6-F929E0FE407E}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8229.2073 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2073 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2073 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8201.2075 - Microsoft Corporation) Hidden
PreEmptive Analytics Visual Studio Components (HKLM-x32\...\{436A18DD-5F2C-4B3C-985E-AD3C13B0CC25}) (Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT  (HKLM-x32\...\{B7E94916-7AE6-4F7F-A377-7A410A42BA19}) (Version: 13.0.1601.5 - Microsoft Corporation)
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
Product Improvement Study for HP Officejet Pro 6830 (HKLM\...\{96ABEAD3-67AE-4BF7-8A16-F745352049B3}) (Version: 33.1.73.49987 - Hewlett-Packard Co.)
Quick Screen Capture 3.0 (HKLM-x32\...\Quick Screen Capture 3.0_is1) (Version: 3.0 - Etru Software Development)
Quicken 2016 (HKLM-x32\...\{519B4ED1-AF5F-4812-B2A8-B18D783AEFE8}) (Version: 25.1.12.2 - Intuit)
Quicken 2017 (HKLM-x32\...\{E5AE4F66-CDA1-432A-A69E-C685D454ABDA}) (Version: 26.1.2.7 - Quicken)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21247 - Realtek Semiconductor Corp.)
Remote Desktop Connection (HKLM-x32\...\{3E713D52-C967-41FB-AA24-3A92CC1025A4}) (Version: 5.1.2600.2180 - Microsoft)
Roslyn Language Services - x86 (HKLM-x32\...\{6970C7E1-F99D-388D-8903-DF8FCE677FED}) (Version: 14.0.25431 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (HKLM-x32\...\{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
RTR FrontPage Server Extensions 2002 for Windows Server 2012 and Windows 8 (HKLM-x32\...\{901D0409-6000-11D3-8CFE-005004830000}) (Version: 10.0.7003.0 - Ready-to-Run Software, Inc.)
Shrew Soft VPN Client (HKLM\...\Shrew Soft VPN Client) (Version:  - )
Skypeâ„¢ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
SQL Server System CLR Types (HKLM-x32\...\{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}) (Version: 10.0.1600.22 - Microsoft Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version:  - )
Team Explorer for Microsoft Visual Studio 2015 Update 3.1 (HKLM-x32\...\{7A95671A-759E-3B83-B763-4289D1D24D73}) (Version: 14.102.25619 - Microsoft) Hidden
Test Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{9EABBFE1-7EED-47D9-8FB8-21D7E4808057}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
ThinkPad Pro Dock, Ultra Dock,Workstaion Dock Firmware Utility version 2.30.000 (HKLM-x32\...\TeslaUpdater_is1) (Version: 2.30.000 - )
ThinkPad Pro/Ultra Dock VIA Firmware version 5041 (HKLM-x32\...\VL812_is1) (Version: 5041 - )
Thinkpad USB Ethernet Adapter Driver (HKLM-x32\...\{D8102684-7BA1-4948-88B9-535F84E6E588}) (Version: 7.14.1114.2014 - Lenovo)
TypeScript Power Tool (HKLM-x32\...\{465ACA24-B8D6-4FEC-A42D-9EFCB92CD560}) (Version: 1.8.34.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{BA5762C7-D35F-4725-A4BD-525854127018}) (Version: 1.8.36.0 - Microsoft Corporation) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
VIPRE Internet Security (HKLM-x32\...\{6C00A86A-E405-4AF8-9581-78F6E620602C}) (Version: 9.3.4.3 - ThreatTrack Security, Inc.) Hidden
VIPRE Internet Security (HKLM-x32\...\{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}) (Version: 9.3.4.3 - ThreatTrack Security Inc.)
Visual Studio 2015 Update 3 (KB3022398) (HKLM-x32\...\{7a68448b-9cf2-4049-bd73-5875f1aa7ba2}) (Version: 14.0.25420 - Microsoft Corporation)
VS Update core components (HKLM-x32\...\{B2918D01-1D89-34D3-87EF-A28121BC6EB7}) (Version: 14.0.25431 - Microsoft Corporation) Hidden
vs_update3notification (HKLM-x32\...\{AB3DF932-C990-34D4-BF43-970F760DA3CD}) (Version: 14.0.25431 - Microsoft Corporation) Hidden
WCF Data Services 5.6.4 Runtime (HKLM-x32\...\{DB85E7BD-B2DD-43D4-B3C0-23D7B527B597}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{0A3B508E-5638-4471-BCC9-954E1868CB86}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
Web Server Plug-ins for IBM WebSphere Application Server V8.5 (HKLM-x32\...\IM-Web Server Plug-ins for IBM WebSphere Application Server V8.5) (Version:  - )
WebSphere Customization Toolbox V8.5 (HKLM-x32\...\IM-WebSphere Customization Toolbox V8.5) (Version:  - )
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows 7 Games for Windows 8 and 10 (HKLM-x32\...\MicrosoftGamesForWin8) (Version: 1.1.0.10 - )
Windows Driver Package - Intel (e1dexpress) Net  (07/15/2014 12.12.50.7202) (HKLM\...\9831220A78BC6CDB16870D8F80FF2AB41814019A) (Version: 07/15/2014 12.12.50.7202 - Intel)
Windows Driver Package - Intel Corporation (iaStorA) HDC  (11/06/2014 13.6.0.1002) (HKLM\...\55320B67E6FF26D5CF6A352973677B5A68BD028B) (Version: 11/06/2014 13.6.0.1002 - Intel Corporation)
Windows Driver Package - Lenovo 1.67.09.03 (11/07/2014 1.67.09.03) (HKLM\...\FA3F6F3D6E8958FDDEE1E09CC77DFA71B0D7835A) (Version: 11/07/2014 1.67.09.03 - Lenovo)
Windows Software Development Kit - Windows 10.0.15063.137 (HKLM-x32\...\{a07b4a01-ca27-4e28-9353-f325a308f128}) (Version: 10.1.15063.137 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
ContextMenuHandlers01: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers01: [FileEraserShellExt] -> {D29FEC44-36A2-4865-AE5E-175C61587F1D} => C:\Program Files (x86)\VIPRE\x64\SBFE.dll [2016-02-29] (ThreatTrack Security Inc.)
ContextMenuHandlers01: [SBAMScanShellExt] -> {D47F1671-0EAA-4c02-8AC9-960BB08DB951} => C:\Program Files (x86)\VIPRE\x64\sbamscanshellext.dll [2016-02-29] (ThreatTrack Security Inc.)
ContextMenuHandlers02: [SBAMScanShellExt] -> {D47F1671-0EAA-4c02-8AC9-960BB08DB951} => C:\Program Files (x86)\VIPRE\x64\sbamscanshellext.dll [2016-02-29] (ThreatTrack Security Inc.)
ContextMenuHandlers04: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers04: [FileEraserShellExt] -> {D29FEC44-36A2-4865-AE5E-175C61587F1D} => C:\Program Files (x86)\VIPRE\x64\SBFE.dll [2016-02-29] (ThreatTrack Security Inc.)
ContextMenuHandlers04: [SBAMScanShellExt] -> {D47F1671-0EAA-4c02-8AC9-960BB08DB951} => C:\Program Files (x86)\VIPRE\x64\sbamscanshellext.dll [2016-02-29] (ThreatTrack Security Inc.)
ContextMenuHandlers05: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers05: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-01-11] (Intel Corporation)
ContextMenuHandlers06: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers06: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\System32\StartMenuHelper64.dll [2016-07-30] (IvoSoft)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {099ECF1C-D48B-4D95-8178-1F97705E311E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {0DDEADED-3852-444E-B73D-4F2202C7F685} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {0F38E896-3E39-475A-A1DA-4422C11EDE1B} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2017-05-04] (Realtek Semiconductor)
Task: {14555937-5185-49C7-ADFE-9566CDC28A9B} - System32\Tasks\RtHDVBg_LENOVO_MICPKEY => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2017-05-04] (Realtek Semiconductor)
Task: {14D0B441-7044-4ACF-A77F-6274256C71D2} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {179667E1-D83A-4AE5-BA26-B52B9EC5569B} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [2009-02-09] ()
Task: {179E28F8-789C-4F59-8EE0-6826CB522FD1} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe
Task: {1877D3EB-0D97-4A51-B002-458C3E5B8FA5} - System32\Tasks\{0A63AD03-70C4-4526-8CD1-9B713813AE8C} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files\IBM\WebSphere\AppServer\uninstall\uninstall.exe"
Task: {1E0FAD4A-4960-4610-AFFA-DE8C5497F88B} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {20345767-907E-4866-9F1E-27D93106F8CB} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {26C3B5A7-F48B-4174-BB28-2AE29768F54C} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler  /v start /t reg_dword /d 1 /f /reg:32
Task: {29431BAD-3524-4F7F-8A89-8355153390F4} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2F8EDEC0-3A4D-456D-9864-962469076EB7} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2015-03-23] (Lenovo)
Task: {30281476-D5E9-43CD-8739-4C6889923A05} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {417B4F8F-4D68-4695-9D16-129F8710CB91} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {4743062B-ACD1-4136-AD29-F5D8741BAED1} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {563FE3B6-B6F1-405D-BE13-1393DF65FB54} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2017-05-09] ()
Task: {5A5FC828-DEAF-4672-9877-DF998D3B3810} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe
Task: {5C5895AE-2BB5-43A7-8637-7CF129B93A07} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-726195798-3845404459-4074307453-1001 => "C:\WINDOWS\system32\rundll32.exe" dfshim.dll,ShOpenVerbShortcut C:\Users\atbs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo Service Bridge.appref-ms
Task: {643113B0-5E4E-4E9A-BB5B-EECF845475B5} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-06-23] (Microsoft Corporation)
Task: {660A5C71-405F-4D31-A9B8-7BC73D5D69F1} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.UpdateStatusService.exe [2016-12-07] ()
Task: {673EA441-463A-4E8A-AB19-E2169E7E5F39} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {6B13D4D9-A330-4795-86CF-64F077DD24E6} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {763B396D-BA7B-4320-9331-66D7A5FFAFA3} - \McAfee\McAfee Idle Detection Task -> No File <==== ATTENTION
Task: {76B4D43B-9092-4523-BA08-2FB1453B7463} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {78B358CA-D11D-492F-89E5-E4408C5E8FBA} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => %windir%\system32\sc.exe START ImControllerService
Task: {799BF40E-B31F-47A7-A873-A6C944A30402} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {7CBD0F95-2362-4024-B3AA-4D2F10F885C4} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7E832025-549A-40C5-B349-482B82FEBD2D} - System32\Tasks\{FD1FBD4C-8B14-488C-9FD3-007F22C15FB9} => C:\WINDOWS\system32\pcalua.exe -a C:\ProgramData\Lenovo\tvsuinstaller\UninstallSU.exe -d C:\ProgramData\Lenovo\tvsuinstaller
Task: {82E57D84-D54F-4F3B-B85D-C42F129EC73B} - System32\Tasks\RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2017-05-04] (Realtek Semiconductor)
Task: {8A670A38-7EC1-4F3F-9B4E-36BBDB018829} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {8DDDB9F7-5348-4C15-8726-A3A0F56C2BEA} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-12-07] (Lenovo)
Task: {8E28A8E5-03F0-4CA4-B217-F69F683ABC4F} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\070ab250-9676-4f30-ada9-1d109391d583 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-06-05] (Lenovo Group Limited)
Task: {90196D2D-39B5-4F6E-90C6-52401323C62B} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {926E81B6-29B9-4017-8B6B-D97DC510DAF4} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\1a0f0bec-2f21-43b9-907d-4aa448c53861 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-06-05] (Lenovo Group Limited)
Task: {9395D454-1DC8-4DE1-83E9-910FBB5CA2F6} - \PMTask -> No File <==== ATTENTION
Task: {9B19DA89-B859-4733-9C43-92EA7FE0AD08} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {9D882655-34D7-4015-8D83-31E1FE194E65} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {9ECC330D-73DC-48DA-AF0F-A3C0A50562FD} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {AADD572E-3458-4DC7-8B25-F90EFED73328} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-01] (Lenovo)
Task: {B0ECD434-2C81-4F8D-8782-A8C460EB39FD} - System32\Tasks\Lenovo Active Protection System => C:\Windows\system32\TpShUI.exe [2017-03-21] (Lenovo.)
Task: {B143ACA0-CAD3-4FA5-A2B8-75ACB4B8C50B} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2016-12-07] (Lenovo)
Task: {B1BAA13F-5884-4ACE-9116-9971AEDB36C2} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {B2CBE1B9-D3F2-430D-80BB-EE4DCE606D2A} - System32\Tasks\Lenovo\Lenovo PowerENGAGE => C:\Program Files (x86)\Lenovo Registration\lenovoreg.exe [2015-01-09] (Aviata Inc)
Task: {B5BB7F4B-9DB4-43D5-93F9-164F1AAF0192} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {B5FB7709-A8CB-4CCD-8172-6F1F21143D9F} - System32\Tasks\{27E36E69-162C-4330-B22F-7C3B90F9E3DE} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files\IBM\HTTPServer\uninstall\uninstall.exe"
Task: {BC0979EB-A3D8-458F-8723-7B3737328350} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe [2016-06-20] (Microsoft Corporation)
Task: {BDB9B60A-9AD1-46D5-A84A-EB05B6FA0DC4} - System32\Tasks\Lenovo\Lenovo PowerENGAGE Update => C:\Program Files (x86)\Lenovo Registration\lenovoreg.exe [2015-01-09] (Aviata Inc)
Task: {BDF4BE5E-6D49-460B-AB62-912558CBA121} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {BF0382CA-A422-4DBA-A96F-70F671F4F560} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-07-07] ()
Task: {C1296238-083C-44C5-BAAF-2DA1BC676B0C} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-07-07] ()
Task: {C5A9239B-8FA6-44C6-8FE8-BD4A7F51A98F} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => C:\Windows\system32\rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {D223DEC6-C04D-4203-8398-ECDA0024E95F} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D3CC4E48-EF17-4417-B295-7E6EA458D430} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D484FB33-AB4E-4533-AA37-CFC84B0BDD30} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-02-19] (Intel® Corporation)
Task: {DADB9034-F5AD-4219-8E8D-519DD38E8A03} - System32\Tasks\TVT\LaunchFR => C:\Program Files (x86)\Lenovo\Factory Recovery\FRReminder.exe
Task: {DD1DF509-6AD2-4003-91D9-EA299C1CA0B7} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {DD2BF85F-F5E2-418E-BDDD-B58EA85F09AB} - System32\Tasks\Lenovo\Lenovo Settings Power => "C:\WINDOWS\system32\rundll32.exe" "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.dll",PwrMgrBkGndMonitor
Task: {DF382626-74D0-4F57-85AF-A19E3B53B251} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {E0E3F4F2-8CF9-4E91-80D3-EFD99D3D0922} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {E12249EF-887D-485B-941E-29CDFC450226} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {E1EE2CF3-AC81-4DAF-A2DF-A7FC07E8F58E} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E1F4AA12-875D-47E4-B0EF-A52B1951B35B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-06-23] (Microsoft Corporation)
Task: {E2BED8A8-561C-4620-81F4-2696BE65218F} - System32\Tasks\S-1-5-21-726195798-3845404459-4074307453-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-03-18] (Microsoft Corporation)
Task: {E48E1E84-67DA-4B1E-9B96-54A3C15E6310} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {E8517CCD-3415-4267-A66B-33C88E0474F6} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2017-05-09] ()
Task: {E887B0C7-E5AE-487E-910E-7591E07AD4E4} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {EA7EFDD0-E953-4950-98C9-DF5CBD91B5CE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {EAB36994-DD49-46D4-83E3-D50FBB24A097} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {EB63E2B9-4F36-4200-93FF-5E22B07FBB7A} - System32\Tasks\{ED275FF5-0EC3-4E87-8108-EEA30BF7B1AA} => C:\Windows\system32\pcalua.exe -a "C:\Users\Public\Documents\My Software\PrimoPDF\FreePrimo32Setup.exe" -d "C:\Users\Public\Documents\My Software\PrimoPDF"
Task: {EE416333-11F6-493A-8962-7F85C03F87F0} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F0D36B4C-5EFB-4C99-98AA-8570BD38FBDD} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F1127634-EEA9-4A32-AB19-E9F27105C406} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
Task: {F1F969EB-10E3-4CD9-AA7C-9B6DEAB7598D} - System32\Tasks\HPCustParticipation HP Officejet Pro 6830 => C:\Program Files\HP\HP Officejet Pro 6830\Bin\HPCustPartic.exe [2014-07-18] (Hewlett-Packard Development Company, LP)
Task: {F4D17533-EB8E-443C-A25B-976EF7A106AF} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
Task: {F5D4CAF9-8AD4-4F9F-8C6D-41A38B0B5B22} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-12-07] (Lenovo)
Task: {FA67927B-DC6C-433A-A89D-95F75BE72B37} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FD30BA6A-2ECA-4567-9BDA-1657390D6D69} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {FE9BD479-3326-4C70-BE7A-2EEEAC663B69} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Lenovo Active Protection System.job => C:\Windows\system32\TpShUI.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\atbs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IBM WebSphere\Update Installer for Websphere V6.1 Software\Information center.lnk -> C:\Program Files (x86)\IBM\WebSphere\UpdateInstaller\bin\infocenter.bat ()
Shortcut: C:\Users\atbs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IBM WebSphere\Update Installer for Websphere V6.1 Software\Online support.lnk -> C:\Program Files (x86)\IBM\WebSphere\UpdateInstaller\bin\onlinesupport.bat ()
Shortcut: C:\Users\atbs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IBM WebSphere\Update Installer for Websphere V6.1 Software\Update Installer.lnk -> C:\Program Files (x86)\IBM\WebSphere\UpdateInstaller\update.bat ()
Shortcut: C:\Users\atbs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IBM WebSphere\Application Server Toolkit V6.1\Rational Product Updater.lnk -> C:\Program Files (x86)\IBM\WebSphere\AST\updater\eclipse\rpu.bat ()

==================== Loaded Modules (Whitelisted) ==============

2016-01-12 18:34 - 2015-09-01 09:41 - 00095008 _____ () C:\WINDOWS\System32\Primomonnt.dll
2017-06-14 10:50 - 2017-06-14 10:50 - 02887160 _____ () C:\Program Files (x86)\LogMeIn\x64\ksu.dll
2017-04-22 16:43 - 2017-07-07 06:46 - 08932040 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-03-18 16:58 - 2017-03-18 16:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 16:59 - 2017-03-18 22:30 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-06-07 16:07 - 2017-04-28 08:03 - 00200560 _____ () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2017-05-09 18:51 - 2017-05-09 18:51 - 00455016 _____ () C:\Program Files (x86)\Lenovo\System Update\tvsu.exe
2017-06-05 23:43 - 2017-06-05 23:46 - 03139496 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-06-22 13:04 - 2017-06-22 13:04 - 00766464 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\WinStore.Vui.dll
2017-06-22 13:04 - 2017-06-22 13:04 - 10628608 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2017-06-22 13:04 - 2017-06-22 13:04 - 02640384 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll
2017-06-13 07:50 - 2017-06-13 07:50 - 04323840 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1706.1602.0_x64__8wekyb3d8bbwe\Calculator.exe
2017-06-13 07:49 - 2017-06-13 07:50 - 03500456 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1706.1602.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-07-11 12:11 - 2017-07-11 12:14 - 00020480 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-07-11 12:11 - 2017-07-11 12:14 - 27590144 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-07-11 12:11 - 2017-07-11 12:14 - 00428032 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.AGM.Native.Windows.dll
2017-07-11 12:11 - 2017-07-11 12:14 - 20649984 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2017-07-11 12:11 - 2017-07-11 12:13 - 02305536 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2017-07-11 12:11 - 2017-07-11 12:13 - 02856448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2017-06-05 23:43 - 2017-06-05 23:46 - 03139496 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-06-05 23:43 - 2017-06-05 23:46 - 00046080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2016-06-03 10:31 - 2016-06-03 10:31 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2017-07-11 12:11 - 2017-07-11 12:14 - 01127936 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-05-09 10:24 - 2017-05-09 10:29 - 01062400 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2017-07-18 09:32 - 2017-07-18 09:38 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-07-18 09:32 - 2017-07-18 09:38 - 00203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-07-18 09:32 - 2017-07-18 09:38 - 43573248 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-07-18 09:32 - 2017-07-18 09:38 - 02435584 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\skypert.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2016-01-26 11:16 - 00002345 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost
10.183.10.52  MC-RSCMGR
10.1.14.16  alexlee
10.0.0.115   ncjua400
10.10.2.3   scslc400
10.1.1.10   S103bmvm
192.168.243.1   nclbgc
192.168.38.11  BCp520
172.16.1.201  eductr400144.42.210.23  cm83ls
144.42.204.4   objsrv602
144.42.208.32  objsrv720
144.42.208.31  tos192.168.0.5 sdjti5
192.168.0.9 x3650imgsrv
192.168.0.9 x3650imgsrv.sdjt.local
192.168.0.9 s10451bm
192.168.0.5 s654337f
192.168.0.4 x3400imgsvr
192.168.0.4 x3400imgsvr.sdjt.local
192.168.0.40 sdjscanstation
97.75.157.149 sdjcitrix192.20.10.1   sfoods
10.0.1.10   ddm400172.17.2.5 cfi
172.17.2.101 cfitest
172.17.2.14  prodcpy1
172.17.2.22  r0b-cmlb01
172.17.2.23  r0b-cmrm01
172.17.2.24  r0b-cmdm01
172.17.2.208 r0b-ascn01
172.17.2.207 r0b-hdsk01172.18.6.10  r0b-apps02
172.17.2.222 r0b-ii4c01
172.17.2.223 r0b-ii4c02

There are 16 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-726195798-3845404459-4074307453-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\atbs\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.100.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run32: => "Cisco AnyConnect Secure Mobility Agent for Windows"
HKLM\...\StartupApproved\Run32: => "Client Access Service"
HKU\S-1-5-21-726195798-3845404459-4074307453-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{DD2FEAC1-4469-4F6B-B97D-38453F964BFC}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{65886B0D-15B8-4D94-A0D1-B75654CA82E2}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{DB04BF53-A799-4B9C-AC8B-63EA48D02039}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{5C4403F8-7BE4-4821-9B6B-05F964B97B96}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{905BF851-ECA9-4E57-B4BB-5F8FFB9937B1}] => (Allow) C:\Users\atbs\AppData\Local\Temp\7zS701B\HPDiagnosticCoreUI.exe
FirewallRules: [{A9F814E8-391C-4717-A973-1AB847AA667E}] => (Allow) C:\Users\atbs\AppData\Local\Temp\7zS701B\HPDiagnosticCoreUI.exe
FirewallRules: [{0BEF3A4B-58ED-43A2-9690-3711EC0D8AA9}] => (Allow) C:\Users\atbs\AppData\Local\Temp\7zS6A4A\HPDiagnosticCoreUI.exe
FirewallRules: [{F35F2B65-5AD7-4737-A394-8DF15C1456D5}] => (Allow) C:\Users\atbs\AppData\Local\Temp\7zS6A4A\HPDiagnosticCoreUI.exe
FirewallRules: [{531809FE-E401-4183-8CFF-000A75C17B2D}] => (Allow) C:\Users\atbs\AppData\Local\Temp\7zS6128\HPDiagnosticCoreUI.exe
FirewallRules: [{7AA45E1C-EBC5-494B-9E38-92655187BE26}] => (Allow) C:\Users\atbs\AppData\Local\Temp\7zS6128\HPDiagnosticCoreUI.exe
FirewallRules: [{41BE4E34-A3E9-4143-AF14-958D6D52C735}] => (Allow) C:\Users\atbs\AppData\Local\Temp\7zS60D0\HPDiagnosticCoreUI.exe
FirewallRules: [{1C2FF812-7AB5-4150-9608-80264E9DAC77}] => (Allow) C:\Users\atbs\AppData\Local\Temp\7zS60D0\HPDiagnosticCoreUI.exe
FirewallRules: [{9774F7AB-2F5F-4D32-A140-59FE6000A84B}] => (Allow) C:\Program Files (x86)\Lenovo\Connect2\Connect2.exe
FirewallRules: [{C4A1AFBC-DFC7-4505-8535-3D815ED0F9ED}] => (Allow) C:\Program Files (x86)\Lenovo\Connect2\Connect2.exe
FirewallRules: [{D37A4726-FA91-46D3-88FF-C3BB15A1D629}] => (Allow) C:\Program Files (x86)\Lenovo\Connect2\Connect2.exe
FirewallRules: [{B4E3CA21-0F02-4A83-B126-61931E37CC9E}] => (Allow) C:\Users\atbs\AppData\Local\Temp\7zS1FF1\HPDiagnosticCoreUI.exe
FirewallRules: [{279A66FD-6F6A-45CC-86F5-9BC1F0205ABF}] => (Allow) C:\Users\atbs\AppData\Local\Temp\7zS1FF1\HPDiagnosticCoreUI.exe
FirewallRules: [{2D4A8371-31D0-47EE-B1BD-28D62657B144}] => (Allow) C:\Users\atbs\AppData\Local\Temp\7zS145C\HPDiagnosticCoreUI.exe
FirewallRules: [{206AFD21-B353-4F15-ACD5-F6CF0E60D7EA}] => (Allow) C:\Users\atbs\AppData\Local\Temp\7zS145C\HPDiagnosticCoreUI.exe
FirewallRules: [{04E3A082-7D7F-4DC9-9794-EC3ABA06A52F}] => (Allow) C:\Users\atbs\AppData\Local\Temp\7zS141B\HPDiagnosticCoreUI.exe
FirewallRules: [{7AB798AF-037D-4C63-B31F-7334347DBD8C}] => (Allow) C:\Users\atbs\AppData\Local\Temp\7zS141B\HPDiagnosticCoreUI.exe
FirewallRules: [{00E48A78-12A8-4A3B-876A-EC3C42204CF8}] => (Allow) C:\Users\atbs\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{8ED74EB8-F8C1-4345-8212-4F8F6A265673}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{5335BBE3-BB95-4252-B1B8-2FC5C6DD6A13}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{2D98E320-908D-4159-8FCE-67F3DFB45054}] => (Allow) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
FirewallRules: [{A18EA838-071F-4ECF-996F-CA00A4C89FB1}] => (Allow) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
FirewallRules: [{E3292231-083D-440C-93BB-C6DAC5EEFA08}] => (Allow) C:\ProgramData\VIPRE\PatchManagement\VIPRE.PMAgent.exe
FirewallRules: [{A501A821-A17F-42DC-B412-C2D2A726B024}] => (Allow) C:\ProgramData\VIPRE\PatchManagement\VIPRE.PMAgent.exe
FirewallRules: [{5F0C1C9D-5EDB-4745-A3AB-030762B3824E}] => (Allow) C:\ProgramData\VIPRE\PatchManagement\VIPRE.PMAgent.exe
FirewallRules: [{2F7E4CCF-245A-4C52-80E6-C332D7DBEBE6}] => (Allow) C:\ProgramData\VIPRE\PatchManagement\VIPRE.PMAgent.exe
FirewallRules: [{88646E6C-48AC-4CDA-9C9B-D08980CE057F}] => (Allow) C:\ProgramData\VIPRE\PatchManagement\VIPRE.PMAgent.exe
FirewallRules: [{76EA64DF-6B5A-4A2E-9BD1-0232FE857502}] => (Allow) C:\ProgramData\VIPRE\PatchManagement\VIPRE.PMAgent.exe
FirewallRules: [{5562294D-EC18-4B63-8AA4-C20E710EE205}] => (Allow) C:\Users\atbs\AppData\Local\Temp\7zS0E21\HPDiagnosticCoreUI.exe
FirewallRules: [{CE5E0CCF-C43D-4974-9A78-BC0FE20795AA}] => (Allow) C:\Users\atbs\AppData\Local\Temp\7zS0E21\HPDiagnosticCoreUI.exe
FirewallRules: [{CFDBAF80-7796-4908-88F8-781E05A2C1EE}] => (Allow) C:\Users\atbs\AppData\Local\Temp\7zS6DC8\HPDiagnosticCoreUI.exe
FirewallRules: [{417AF2A2-022A-4CD7-B721-46564CDC30F9}] => (Allow) C:\Users\atbs\AppData\Local\Temp\7zS6DC8\HPDiagnosticCoreUI.exe
FirewallRules: [{D61E06BF-89AA-4471-A8B5-4D177F63DB35}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1DF3D41C-371F-487C-B927-ACBCFEF374BB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9456956C-9C47-4A34-A0F8-6E26CCA1E32B}] => (Allow) C:\Users\atbs\AppData\Local\Temp\7zS41AB\HPDiagnosticCoreUI.exe
FirewallRules: [{C7674B7F-5CF5-4312-B308-CAAC333657E3}] => (Allow) C:\Users\atbs\AppData\Local\Temp\7zS41AB\HPDiagnosticCoreUI.exe
FirewallRules: [{41F469A9-7942-49AB-B55B-1F33DD1A853C}] => (Allow) C:\Users\atbs\AppData\Local\Temp\7zS7623\HPDiagnosticCoreUI.exe
FirewallRules: [{314F4149-2E50-46BD-AADE-9F387476B304}] => (Allow) C:\Users\atbs\AppData\Local\Temp\7zS7623\HPDiagnosticCoreUI.exe
FirewallRules: [{D7987DF1-12D3-41D5-8ACC-9F9F1237E02D}] => (Allow) C:\Users\atbs\AppData\Local\Temp\7zS7A04\HPDiagnosticCoreUI.exe
FirewallRules: [{96830CF5-843D-4F74-BE52-775DE02B86BF}] => (Allow) C:\Users\atbs\AppData\Local\Temp\7zS7A04\HPDiagnosticCoreUI.exe
FirewallRules: [{F2111F5B-3CB6-4444-A50F-F390FDC64ED9}] => (Allow) C:\Users\atbs\AppData\Local\Temp\7zS0E98\HPDiagnosticCoreUI.exe
FirewallRules: [{4B56BF4C-B90D-47BB-A06A-892409FD127A}] => (Allow) C:\Users\atbs\AppData\Local\Temp\7zS0E98\HPDiagnosticCoreUI.exe
FirewallRules: [{1A25EFCF-C70A-4A84-94D3-668AA96ABEC3}] => (Allow) C:\Users\atbs\AppData\Local\Temp\7zS3A22\HPDiagnosticCoreUI.exe
FirewallRules: [{3D85014F-E65E-476E-8F7A-5BF6B9EF0C22}] => (Allow) C:\Users\atbs\AppData\Local\Temp\7zS3A22\HPDiagnosticCoreUI.exe
FirewallRules: [{45D7DAFE-482D-4EA8-8821-58EE56F1AC33}] => (Allow) C:\Users\atbs\AppData\Local\Temp\7zS2C1C\HPDiagnosticCoreUI.exe
FirewallRules: [{087DBB2A-960D-45DB-B7CC-3D6A8742826E}] => (Allow) C:\Users\atbs\AppData\Local\Temp\7zS2C1C\HPDiagnosticCoreUI.exe
FirewallRules: [{3E60EF1B-D726-441F-8244-E6DB5BBDDA4C}] => (Allow) C:\Temp\7zS6EB6\HPDiagnosticCoreUI.exe
FirewallRules: [{A59AE798-68CD-406B-8CD5-386CCC1700D8}] => (Allow) C:\Temp\7zS6EB6\HPDiagnosticCoreUI.exe
FirewallRules: [{BF1E6CD3-2DBB-48F0-B8CF-EE54A5D9A5F7}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\bin\FaxApplications.exe
FirewallRules: [{E6D76550-89D1-4B78-8E26-63C0F9B3FE57}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\bin\DigitalWizards.exe
FirewallRules: [{BEF925AF-8F4A-4A94-BE57-7DB53E86785B}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\bin\SendAFax.exe
FirewallRules: [{BC985A2D-FEF5-4325-ADBE-1C269776E44C}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\Bin\DeviceSetup.exe
FirewallRules: [{C4BF41DD-105C-4E1C-9223-0D67B1FF2ED6}] => (Allow) LPort=5357
FirewallRules: [{BD380B1B-0524-4806-BD80-5D0C6AAA9B02}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{FA6084DE-3F2E-473E-83FC-15019A73F197}C:\temp\temp1_c1g0qml.zip\jdk\jre.pak\repository\package.java.jre\java\jre\bin\java.exe] => (Allow) C:\temp\temp1_c1g0qml.zip\jdk\jre.pak\repository\package.java.jre\java\jre\bin\java.exe
FirewallRules: [UDP Query User{130A9B4B-EBD5-48A4-8ED6-BE2B13178742}C:\temp\temp1_c1g0qml.zip\jdk\jre.pak\repository\package.java.jre\java\jre\bin\java.exe] => (Allow) C:\temp\temp1_c1g0qml.zip\jdk\jre.pak\repository\package.java.jre\java\jre\bin\java.exe
FirewallRules: [TCP Query User{BA7B6B16-0488-4FCD-9F64-4626C49091EE}C:\program files\ibm\websphere\appserver\java\bin\java.exe] => (Allow) C:\program files\ibm\websphere\appserver\java\bin\java.exe
FirewallRules: [UDP Query User{CA6BFD91-A15E-4330-BE35-C70998FED988}C:\program files\ibm\websphere\appserver\java\bin\java.exe] => (Allow) C:\program files\ibm\websphere\appserver\java\bin\java.exe
FirewallRules: [TCP Query User{9357CD49-A8FA-4CF8-B6D3-87A28633A55C}C:\program files\ibm\websphere\appserver\uninstall\java\jre\bin\java.exe] => (Allow) C:\program files\ibm\websphere\appserver\uninstall\java\jre\bin\java.exe
FirewallRules: [UDP Query User{421FB644-C4FB-45EC-BD51-0A270F3EA104}C:\program files\ibm\websphere\appserver\uninstall\java\jre\bin\java.exe] => (Allow) C:\program files\ibm\websphere\appserver\uninstall\java\jre\bin\java.exe
FirewallRules: [TCP Query User{722CBD26-A03D-486C-9ED0-D3791E4B5E9A}C:\program files (x86)\ibm\client access\cwbunnav.exe] => (Allow) C:\program files (x86)\ibm\client access\cwbunnav.exe
FirewallRules: [UDP Query User{91D1D4FD-F5E3-4B3F-B776-69B8BE46BE4D}C:\program files (x86)\ibm\client access\cwbunnav.exe] => (Allow) C:\program files (x86)\ibm\client access\cwbunnav.exe
FirewallRules: [TCP Query User{31AD7B3B-0A9B-4ECF-A835-05CF98F86381}C:\program files (x86)\ibm\client access\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\ibm\client access\jre\bin\javaw.exe
FirewallRules: [UDP Query User{483901B9-2C6A-4F07-A5BE-5E9D988847BF}C:\program files (x86)\ibm\client access\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\ibm\client access\jre\bin\javaw.exe
FirewallRules: [TCP Query User{E378E854-F42E-4B19-B59D-606A1519DD71}C:\windows\system32\ftp.exe] => (Allow) C:\windows\system32\ftp.exe
FirewallRules: [UDP Query User{19D8F9AD-2EC6-4FAB-8C33-BF4A549BCDEE}C:\windows\system32\ftp.exe] => (Allow) C:\windows\system32\ftp.exe
FirewallRules: [{091B7676-A595-4B03-AAFA-051353E9550A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{885DB550-AFC7-4D62-B89C-1D0E22F0575F}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [TCP Query User{558642E7-602D-4E0B-9BAD-9FB91C260C90}C:\program files (x86)\logmein ignition\lmiignition.exe] => (Allow) C:\program files (x86)\logmein ignition\lmiignition.exe
FirewallRules: [UDP Query User{868219DB-86C1-4ECC-A3B8-7A641E209AF2}C:\program files (x86)\logmein ignition\lmiignition.exe] => (Allow) C:\program files (x86)\logmein ignition\lmiignition.exe

==================== Restore Points =========================

10-07-2017 12:03:34 Installed LogMeIn
17-07-2017 14:45:07 Removed Adobe Reader XI (11.0.20)  MUI.

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Unknown USB Device (Device Descriptor Request Failed)
Description: Unknown USB Device (Device Descriptor Request Failed)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/18/2017 10:10:25 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\WINDOWS\SysWOW64\cwbunpls.dll".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/18/2017 09:26:54 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\WINDOWS\SysWOW64\cwbunpls.dll".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/18/2017 04:27:51 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\WINDOWS\cwbunrse.exe".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/18/2017 04:27:49 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\WINDOWS\SysWOW64\cwbunplp.exe".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/18/2017 04:27:47 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\IBM\Client Access\cwbadgen.exe".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/18/2017 04:27:47 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\IBM\Client Access\cwb3uic.exe".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/18/2017 04:27:45 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\IBM\Client Access\Shared\cwbundbs.exe".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/18/2017 04:27:40 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\IBM\Client Access\lstjbl.exe".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/18/2017 04:27:40 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\IBM\Client Access\wrkmsg.exe".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/18/2017 04:27:40 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\IBM\Client Access\wrkusrj.exe".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (07/18/2017 09:42:10 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (07/18/2017 02:10:07 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (07/18/2017 01:37:54 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (07/18/2017 01:31:51 AM) (Source: HTTP) (EventID: 15005) (User: )
Description: Unable to bind to the underlying transport for [::]:80. The IP Listen-Only list may contain a reference to an interface which may not exist on this machine.  The data field contains the error number.

Error: (07/18/2017 01:31:51 AM) (Source: W3SVC) (EventID: 1004) (User: )
Description: The World Wide Web Publishing Service (WWW Service) did not register the URL prefix http://*:80/ for site 1. The site has been disabled. The data field contains the error number.

Error: (07/18/2017 01:31:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error:
The request is not supported.

Error: (07/18/2017 12:57:41 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (07/18/2017 12:09:14 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (07/17/2017 10:41:52 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (07/17/2017 10:33:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


==================== Memory info ===========================

Processor: Intel® Core™ i7-5600U CPU @ 2.60GHz
Percentage of memory in use: 66%
Total physical RAM: 7888.23 MB
Available physical RAM: 2675.84 MB
Total Virtual: 15824.23 MB
Available Virtual: 10257.48 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:448.28 GB) (Free:138.15 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:15.19 GB) (Free:4.52 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: D50DDE1C)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=448.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=841 MB) - (Type=27)
Partition 4: (Not Active) - (Size=15.2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 14.9 GB) (Disk ID: D50DDE16)
Partition 1: (Not Active) - (Size=14.9 GB) - (Type=73)

==================== End of Addition.txt ============================

--------------------------------------------------------------------------------------------------------------------------------------------------------



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:55 PM

Posted 19 July 2017 - 07:07 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove these OLD VERSION OF JAVA in bold via the Control Panel > Programs > Programs and Features.
Java 7 Update 80 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417080FF}) (Version: 7.0.800 - Oracle)
Java™ 6 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416045FF}) (Version: 6.0.450 - Oracle)

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <==== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <==== ATTENTION
GroupPolicy: Restriction <==== ATTENTION
GroupPolicyScripts: Restriction <==== ATTENTION
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
S4 LMIRfsClientNP; no ImagePath
ContextMenuHandlers05: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {099ECF1C-D48B-4D95-8178-1F97705E311E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {1E0FAD4A-4960-4610-AFFA-DE8C5497F88B} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {30281476-D5E9-43CD-8739-4C6889923A05} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {417B4F8F-4D68-4695-9D16-129F8710CB91} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {4743062B-ACD1-4136-AD29-F5D8741BAED1} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {763B396D-BA7B-4320-9331-66D7A5FFAFA3} - \McAfee\McAfee Idle Detection Task -> No File <==== ATTENTION
Task: {8A670A38-7EC1-4F3F-9B4E-36BBDB018829} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {9395D454-1DC8-4DE1-83E9-910FBB5CA2F6} - \PMTask -> No File <==== ATTENTION
Task: {9D882655-34D7-4015-8D83-31E1FE194E65} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {B1BAA13F-5884-4ACE-9116-9971AEDB36C2} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {B5BB7F4B-9DB4-43D5-93F9-164F1AAF0192} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {BDF4BE5E-6D49-460B-AB62-912558CBA121} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {DF382626-74D0-4F57-85AF-A19E3B53B251} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {E12249EF-887D-485B-941E-29CDFC450226} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {EA7EFDD0-E953-4950-98C9-DF5CBD91B5CE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F
====

Please let me know what problem persists with this computer.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:55 PM

Posted 19 July 2017 - 07:08 AM

Sorry for the duplicate post.

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove these OLD VERSION OF JAVA in bold via the Control Panel > Programs > Programs and Features.
Java 7 Update 80 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417080FF}) (Version: 7.0.800 - Oracle)
Java™ 6 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416045FF}) (Version: 6.0.450 - Oracle)

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <==== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <==== ATTENTION
GroupPolicy: Restriction <==== ATTENTION
GroupPolicyScripts: Restriction <==== ATTENTION
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
S4 LMIRfsClientNP; no ImagePath
ContextMenuHandlers05: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {099ECF1C-D48B-4D95-8178-1F97705E311E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {1E0FAD4A-4960-4610-AFFA-DE8C5497F88B} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {30281476-D5E9-43CD-8739-4C6889923A05} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {417B4F8F-4D68-4695-9D16-129F8710CB91} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {4743062B-ACD1-4136-AD29-F5D8741BAED1} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {763B396D-BA7B-4320-9331-66D7A5FFAFA3} - \McAfee\McAfee Idle Detection Task -> No File <==== ATTENTION
Task: {8A670A38-7EC1-4F3F-9B4E-36BBDB018829} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {9395D454-1DC8-4DE1-83E9-910FBB5CA2F6} - \PMTask -> No File <==== ATTENTION
Task: {9D882655-34D7-4015-8D83-31E1FE194E65} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {B1BAA13F-5884-4ACE-9116-9971AEDB36C2} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {B5BB7F4B-9DB4-43D5-93F9-164F1AAF0192} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {BDF4BE5E-6D49-460B-AB62-912558CBA121} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {DF382626-74D0-4F57-85AF-A19E3B53B251} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {E12249EF-887D-485B-941E-29CDFC450226} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {EA7EFDD0-E953-4950-98C9-DF5CBD91B5CE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F
====

Please let me know what problem persists with this computer.

Edited by nasdaq, 19 July 2017 - 07:09 AM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:55 PM

Posted 25 July 2017 - 08:21 AM

Are you still with me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users