Jump to content

Infected by RiskWareIStealer, help needed


Recommended Posts

Hi Folks,

My computer recently became slow, especially my browser (Chrome). I ran a Malwarebytes scan and it reported RiskWareIStealer in the following folder: 

c:\ProgramData\KMSAudio\bin\KMSSS.exe.

I've attached the log file below. Any help in removing this malware would be greatly appreciated.

Not sure how I got this virus---suspect my children might have been browsing---but it would be good to know if there are any current advice on how to avoid this kinds of attacks? 

Kind regards,

Hazel.

 

Malwarebytes Log:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 08/09/2016
Scan Time: 11:21
Logfile: riskwareisstealerlog.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.09.08.04
Rootkit Database: v2016.08.15.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled

OS: Windows 10
CPU: x64
File System: NTFS
User: User

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 504438
Time Elapsed: 2 hr, 11 min, 36 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Warn

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
RiskWare.IStealer, C:\ProgramData\KMSAutoS\bin\KMSSS.exe, , [24901758aceeb482c380c27ead5507f9], 

Physical Sectors: 0
(No malicious items detected)


(end)

 

Link to post
Share on other sites

  • Staff

Hello Hazel,

I'd like to get a look at what else is on the machine.  This next scanner will not make any changes to your machine on its own, nor will it divulge any personal information that may compromise your security.

Please download Farbar Recovery Scan Tool from here http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ and save it to your desktop.

Note: You need to run the version compatible with your system

**After you click the Download Now 64-bit, or the Download Now 32-bit, another page will open -- DO NOT CLICK ANY ADDITIONAL 'download now' buttons, just wait and look toward the bottom of your browser for the option to Run or Save. Click Save.

•Double-click to run it. When the tool opens click Yes to the disclaimer.

Note: If you are prompted by Windows SmartScreen, click More info followed by Run anyway.

•Click the Scan button.

•When the scan has finished, it will make a log (FRST.txt) in the same directory the tool is run. Please attach the FRST.txt in your reply.

•The first time the tool is run, it also creates another log named Addition.txt. Please attach that to your next reply as well.

Many thanks.

Link to post
Share on other sites

12 hours ago, Ried said:

Hi Ried,

Below are the scans you requested: FRST.txt and Addition.txt.

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by User (administrator) on ALLTURF1 (09-09-2016 10:35:36)
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 10 Enterprise Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
(Microsoft Corporation) C:\Program Files (x86)\MSSQL.1\MSSQL\Binn\msftesql.exe
(Microsoft Corporation) C:\Program Files (x86)\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Winstep Software Technologies) C:\Program Files (x86)\Winstep\WsxService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Winstep Software Technologies) C:\Program Files (x86)\Winstep\Nexus.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.7.113.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office16\EXCEL.EXE
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1608.2213.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Windows\System32\LicensingUI.exe
(Microsoft Corporation) C:\Windows\System32\LicensingUI.exe
(Microsoft Corporation) C:\Windows\System32\LicensingUI.exe
(Microsoft Corporation) C:\Windows\System32\LicensingUI.exe
(Microsoft Corporation) C:\Windows\System32\LicensingUI.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office16\WINWORD.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office16\OUTLOOK.EXE
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BullGuard] => C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe [1456920 2016-08-25] (BullGuard Ltd.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-07-26] (Apple Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25197248 2016-08-30] (Dropbox, Inc.)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3776824 2015-03-18] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-06-16] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [1944576 2013-03-07] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKU\S-1-5-21-2347456373-1113129142-1104710265-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50670720 2016-03-01] (Skype Technologies S.A.)
HKU\S-1-5-21-2347456373-1113129142-1104710265-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23375200 2016-07-29] (Google)
HKU\S-1-5-21-2347456373-1113129142-1104710265-1001\...\Run: [Nexus] => C:\Program Files (x86)\Winstep\Nexus.exe [13047936 2016-06-27] (Winstep Software Technologies)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [BackupOverlayErr] -> {8749448C-D907-45BF-A842-4D3898894AC8} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [2016-08-25] (BullGuard Ltd.)
ShellIconOverlayIdentifiers: [BackupOverlayInProgress] -> {3FFBF330-7839-476B-BE14-2C8597CE11B6} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [2016-08-25] (BullGuard Ltd.)
ShellIconOverlayIdentifiers: [BackupOverlaySynced] -> {C62CF4DB-48CB-4B03-BFD0-30A29125FA49} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [2016-08-25] (BullGuard Ltd.)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2016-03-19]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Limited.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2016-03-19]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE (Intuit Limited.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{6b620e55-7289-492c-bc57-b587007725fe}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2016-07-12] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-08-01] (Oracle Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2016-07-13] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-01] (Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2016-07-30] (IvoSoft)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-08-01] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2016-07-13] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-01] (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
Handler-x32: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files (x86)\Intuit\QuickBooks 2014\HelpAsyncPluggableProtocol.dll [2015-03-18] (Intuit, Inc.)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-07-12] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-07-12] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-07-12] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-07-12] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6pp5kegc.default
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-01] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-01] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-01] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-12] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-12] (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [antiphishing@bullguard] - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\FF\antiphishing@bullguard => not found

Chrome: 
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-19]
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-19]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-19]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2016-09-08]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-19]
CHR Extension: (Google Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-19]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-19]
CHR Extension: (Slither.io Mods, Zoom, Create Skins SLITHERE) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkfpaolkkchfafkhdleklbddpcolkdea [2016-08-18]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-04-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-19]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-24]
CHR Extension: (Chither.com - insane slither & agar.io bots !) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmedcepkcjldmmkmfkeniapbaedjlfic [2016-08-28]
CHR HKU\S-1-5-21-2347456373-1113129142-1104710265-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
R2 BsBackup; C:\Program Files\BullGuard Ltd\BullGuard\BsBackup.dll [1370392 2016-08-25] (BullGuard Ltd.)
R2 BsBhvScan; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [707352 2016-08-25] (BullGuard Ltd.)
R2 BsCache; C:\Program Files\BullGuard Ltd\BullGuard\BsCache.dll [176920 2016-08-25] (BullGuard Ltd.)
R2 BsFileScan; c:\program files\bullguard ltd\bullguard\BsFileScan.dll [478488 2016-08-25] (BullGuard Ltd.)
R2 BsFire; c:\program files\bullguard ltd\bullguard\BsFire.dll [825112 2016-08-25] (BullGuard Ltd.)
R2 BsMailProxy; c:\program files\bullguard ltd\bullguard\BsMailProxy\BsMailProxy.dll [5635864 2016-08-25] (BullGuard Ltd.)
R2 BsMain; C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll [609560 2016-08-25] (BullGuard Ltd.)
R2 BsScanner; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [310040 2016-08-25] (BullGuard Ltd.)
R2 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [399128 2016-08-25] (BullGuard Ltd.)
S3 cplspcon; C:\Windows\system32\IntelCpHDCPSvc.exe [449112 2016-08-22] (Intel Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-03-19] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-03-19] (Dropbox, Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [374360 2016-08-22] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 msftesql$ALLORDERS; C:\Program Files (x86)\MSSQL.1\MSSQL\Binn\msftesql.exe [95592 2007-06-22] (Microsoft Corporation)
R2 MSSQL$ALLORDERS; C:\Program Files (x86)\MSSQL.1\MSSQL\Binn\sqlservr.exe [29263712 2008-11-24] (Microsoft Corporation)
S3 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2015-03-18] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2015-03-18] (Intuit Inc.) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-07-16] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 Winstep Xtreme Service; C:\Program Files (x86)\Winstep\WsxService [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 afw; C:\Windows\system32\DRIVERS\afw.sys [52904 2016-01-13] (Agnitum Ltd.)
R3 afwcore; C:\Windows\system32\DRIVERS\afwcore.sys [465072 2016-01-13] (Agnitum Ltd.)
R1 BdAgent; C:\Windows\System32\DRIVERS\BdAgent.sys [117184 2016-01-13] (BullGuard Ltd.)
R3 BdNet; C:\Windows\system32\DRIVERS\BdNet.sys [51856 2016-01-13] (BullGuard Ltd.)
R1 BdSpy; C:\Windows\System32\drivers\BdSpy.sys [94952 2016-01-13] (BullGuard Ltd.)
R2 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [140672 2016-03-10] (Malwarebytes)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-09-09] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 netr28ux; C:\Windows\System32\drivers\netr28ux.sys [2224128 2016-07-16] (MediaTek Inc.)
R1 NovaShieldFilterDriver; C:\Windows\System32\DRIVERS\NSKernel.sys [276144 2016-07-27] (BullGuard Ltd.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )
R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [485512 2016-04-15] (BitDefender S.R.L.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2016-08-22] (Intel Corporation)

========================== Drivers MD5 =======================

C:\Windows\System32\drivers\1394ohci.sys A7901875F89D011C38CF52C98ACF5B29
C:\Windows\System32\drivers\3ware.sys EE1CCC54F75C24727A218F98FC5349DA
C:\Windows\System32\drivers\ACPI.sys 73C73E1AA0D4D727A04AAAB120B7F56A
C:\Windows\System32\drivers\AcpiDev.sys 0935496EF9624B46B935CB35ECE1F205
C:\Windows\System32\Drivers\acpiex.sys D6794C31F4077B71433988787BAA926E
C:\Windows\System32\drivers\acpipagr.sys FE5F656D6B35089DA39112E74EC6A85A
C:\Windows\System32\drivers\acpipmi.sys 2F242941E4DFF69B883D77A16F039557
C:\Windows\System32\drivers\acpitime.sys C247E35A21682DA8D0DC3AF9F025FCC5
C:\Windows\System32\drivers\ADP80XX.SYS 49B9DB97AFC85DCCBDACDAB2E90085B7
C:\Windows\system32\drivers\afd.sys 983266DA83FFF73DBDDD3730A4712228
C:\Windows\system32\DRIVERS\afw.sys 20A097D973450A0947F5A20AAF017C4B
C:\Windows\system32\DRIVERS\afwcore.sys B3ED3395EDD1A0AA41D427EF03C5D2D8
C:\Windows\System32\DRIVERS\ahcache.sys E44DB3F7225EC3E119560738B3619972
C:\Windows\System32\drivers\amdk8.sys DF21E05E41E5AC3F13F304D91457649A
C:\Windows\System32\drivers\amdppm.sys 45D0AA4BB90B821DF92E8F19ABED0C5E
C:\Windows\System32\drivers\amdsata.sys 74FFBC43B4B899C9A8CA06A892F2CE73
C:\Windows\System32\drivers\amdsbs.sys AAB0F1D8D7E54761ABAB13AF161F1680
C:\Windows\System32\drivers\amdxata.sys F91BAAC4237C40352A807000F3B716F9
C:\Windows\System32\drivers\appid.sys BC121C099C6C659126AD2102AFDFF8CF
C:\Windows\System32\drivers\applockerfltr.sys 68190E2BADF23BD782344970E5B5DE9E
C:\Windows\system32\drivers\AppvStrm.sys FC51FBAF73621601693DA24262353DE3
C:\Windows\system32\drivers\AppvVemgr.sys 8DC924848E20F890BEFC6B31136D46BE
C:\Windows\system32\drivers\AppvVfs.sys 9ADC5A8BEE10E174F95349E9232D8E76
C:\Windows\System32\drivers\arcsas.sys E6AB1F0B4C3D4E0D2A88332D76FECD03
C:\Windows\System32\drivers\asyncmac.sys 61C5A480C43E7E8E49C42869F49D0D3E
C:\Windows\System32\drivers\atapi.sys A10F989A812B57B9695F6C305907C9C6
C:\Windows\System32\drivers\bxvbda.sys 61BAC67048CA5C1D08C48FCC8012B613
C:\Windows\System32\drivers\BasicDisplay.sys 68F72B05EBC6D1779C0D60A147C7CA0B
C:\Windows\System32\drivers\BasicRender.sys 23156E7EDAF613D839E2839746B168D3
C:\Windows\System32\drivers\bcmfn.sys 3F5523DCEFE42B385659C5CB46A6B810
C:\Windows\System32\drivers\bcmfn2.sys 0B750A6A6D847E73CA48ADD7A0F5A393
C:\Windows\System32\DRIVERS\BdAgent.sys 8227E7E1F24A92C81501E4B4E1C933E4
C:\Windows\system32\DRIVERS\BdNet.sys 7548B1C7F26A067A0AB0F14FA4501B16
C:\Windows\System32\drivers\BdSpy.sys 674900289FA1061426B95CC83D31E406
C:\Windows\System32\Drivers\Beep.sys 0A508274355745EEF01C6BE3198D02C4
C:\Windows\System32\DRIVERS\bowser.sys EEBFAEB4702E1049ECD44B10485E6C0C
C:\Windows\System32\drivers\BthAvrcpTg.sys 722036C26D2C4E50EC2A2EC5FD678846
C:\Windows\System32\drivers\bthhfenum.sys C2E31BE025D46D189E38DD1EDF07837A
C:\Windows\System32\drivers\BthHFHid.sys F7CD605FC0B0B22F3F6F247595E3A655
C:\Windows\System32\drivers\bthmodem.sys 535DC41A33630AE4C262406F9E981C03
C:\Windows\System32\drivers\buttonconverter.sys 23F9EF739F685E07482116425E7879AA
C:\Windows\System32\drivers\capimg.sys 4C61113687EB66035A70A55EE9B7DB4A
C:\Windows\System32\DRIVERS\cdfs.sys F8FB51B9EF6372610E9B31A1D86B62FC
C:\Windows\System32\drivers\cdrom.sys 613D0137C269187FA298A157E3D14A18
C:\Windows\System32\drivers\cht4sx64.sys 0AED948DA8D5F08B3D6F12E4E2089736
C:\Windows\System32\drivers\cht4vx64.sys 0002A0FDE087C1657AB31CE73077539C
C:\Windows\System32\drivers\circlass.sys 6B4F90A287D75CCD78694F6790C911B2
C:\Windows\System32\drivers\CLFS.sys 09D0B94D3A06EFD1EB70189EC4B26DF7
C:\Windows\System32\drivers\registry.sys EEC3A4A98AE1A337E3CD1483AD6F2E15
C:\Windows\System32\drivers\CmBatt.sys 429623E266EF067A44E8CF148E9DFB9B
C:\Windows\System32\Drivers\cng.sys 3E502EB1701CF54CF237B6250FBE38EA
C:\Windows\System32\DRIVERS\cnghwassist.sys 3DB10C59405931E2C72EFB82C1AF97D1
C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys 34C935AF2A414572B412B3556586D783
C:\Windows\System32\drivers\condrv.sys 44EEEB2382F566999287E13F2067693C
C:\Windows\System32\drivers\csc.sys 03214883D52FAD46573233852344C72C
C:\Windows\System32\drivers\dam.sys 68B1E0DA1BB1680494227E88CE821E2F
C:\Windows\System32\Drivers\dfsc.sys 7EAFDEF51136E8F2452CEBD8D084F108
C:\Windows\System32\drivers\disk.sys 35B9D46560339A5A7F0CAC6ED702C817
C:\Windows\System32\drivers\dmvsc.sys 815F45161A4571C2C44491564F3D5968
C:\Windows\system32\DRIVERS\drmkaud.sys AE6BD4C879A8C849E53947C92DF3B3A0
C:\Windows\System32\drivers\dxgkrnl.sys A39F5D1A0BB032DDDBAD3A0C050B1049
C:\Windows\System32\drivers\evbda.sys 7EC6FC0266D74BD47ABB130A328B70EC
C:\Windows\System32\drivers\EhStorClass.sys 8D74B8B5D6F7C5BC4C525BAF2B083FF1
C:\Windows\System32\drivers\EhStorTcgDrv.sys 4D49B99DCACA1FC782A94DB596246504
C:\Windows\System32\drivers\errdev.sys 77B60DEC7DCB4233E4A69D3F52E5DB24
C:\Windows\System32\Drivers\exfat.sys FCD2C63754C2E739A8EEAD9BC63F9DDC
C:\Windows\System32\Drivers\fastfat.sys C077AA74EDDAF69985EB27597BCB342A
C:\Windows\System32\drivers\fdc.sys 99598ECA5E41996E005D5B9D9FF1EFA2
C:\Windows\System32\drivers\filecrypt.sys F44F666B0EACC3181544FFCF8CA0FFC7
C:\Windows\System32\drivers\fileinfo.sys 78A210DDFDF2C9EC884631D2DAA573F0
C:\Windows\System32\drivers\filetrace.sys 1A97DB5E701A186989F3795223C3BE39
C:\Windows\System32\drivers\flpydisk.sys 46626665F0E5906E45619B4EFD6186B8
C:\Windows\System32\drivers\fltmgr.sys FDA72ACA14D516D18C33AFCD0FD9260F
C:\Windows\System32\drivers\FsDepends.sys D152CCBFC8251670BF0AAFE00D6BC782
C:\Windows\System32\Drivers\Fs_Rec.sys 6D6BB5C7363CD35FA715E826F3D029EE
C:\Windows\System32\DRIVERS\fvevol.sys B719EAA1EC93586955B013BD7DD61356
C:\Windows\System32\drivers\vmgencounter.sys EF78034773CE506323655A868C949144
C:\Windows\System32\drivers\genericusbfn.sys B55FEBC6A00DAA1FE074F020B6907516
C:\Windows\System32\Drivers\msgpioclx.sys DDD8A8CDDC7F13EF57D1DAAE71865936
C:\Windows\System32\drivers\gpuenergydrv.sys 7ACD8F69B5D6EC97E6D2C006E19BED88
C:\Windows\system32\DRIVERS\HdAudio.sys 217230B984AB2954E2FA5E36578D7B08
C:\Windows\System32\drivers\HDAudBus.sys 10E3515FE5DBA6656FA62C29342EC4A1
C:\Windows\System32\drivers\HidBatt.sys B90D284B97CD4CA9DE7430AAAD887A56
C:\Windows\System32\drivers\hidbth.sys B2FE11643CC6ACDEE6C247DD36018FDB
C:\Windows\System32\drivers\hidi2c.sys D24355488A2D4D2323518EC1AC7A6D9E
C:\Windows\System32\drivers\hidinterrupt.sys 0AF9ABBA4F3F55C6C803890D64BC3C29
C:\Windows\System32\drivers\hidir.sys CDBCF8E9AB06D88A1E1191D32F320C5D
C:\Windows\System32\drivers\hidusb.sys D8536CB438CC4CCDAE047B768EED22B2
C:\Windows\System32\drivers\HpSAMD.sys F5CA18197B4646E04DB9EB2D6642CC4D
C:\Windows\System32\drivers\HTTP.sys 65E358D604267CBAACB74A2598BBE22B
C:\Windows\System32\drivers\hvservice.sys 9B6C35343348CC1B5E9D81F0702A3271
C:\Windows\System32\drivers\hwpolicy.sys 771EDDA9830A3079F996F34D681FB6E5
C:\Windows\System32\drivers\hyperkbd.sys 3B9F315E7FA72CC25228EB097DD9C694
C:\Windows\System32\drivers\i8042prt.sys B54B30992620C97230013A74461C8517
C:\Windows\System32\drivers\iagpio.sys C6B8743B213F06AA60943D8366FE968F
C:\Windows\System32\drivers\iai2c.sys 9A2A2F3C69B9A30B6E78536F6D258BAD
C:\Windows\System32\drivers\iaLPSS2i_GPIO2.sys 5A0E850F8CD17791A3E6A3CF81D0CA28
C:\Windows\System32\drivers\iaLPSS2i_I2C.sys 7508F1096803385D6376BFD0BD473AC4
C:\Windows\System32\drivers\iaLPSSi_GPIO.sys 16A10CCEDCF5AC4CAAE43DC9FC40392F
C:\Windows\System32\drivers\iaLPSSi_I2C.sys EB82A11613326691508D9ED9A4FE29E7
C:\Windows\System32\drivers\iaStorAV.sys 97E553D03219D3D51705C7235D9EAEBD
C:\Windows\System32\drivers\iaStorV.sys 8350FE3BCDE3428BC040877BB7E9EAEB
C:\Windows\System32\drivers\ibbus.sys 3BA03F7C7700DDF4C383DDE9252F5817
C:\Windows\system32\DRIVERS\igdkmd64.sys F9A737A52B484D5871230BA591010508
C:\Windows\System32\drivers\IndirectKmd.sys 2A01C96DF5802D3434634E55C91232D8
C:\Windows\system32\DRIVERS\IntcDAud.sys 75EF6707AC6470DBE7F7EE6AD7020851
C:\Windows\System32\drivers\intelide.sys 9F7E87F6595D065A8A200A291043045E
C:\Windows\System32\drivers\intelpep.sys A6BD2E20AE1BC5CB2776C87C28E4F4CA
C:\Windows\System32\drivers\intelppm.sys 2A48DA39542636DB0FA3BA915385D1B3
C:\Windows\System32\drivers\iorate.sys 4A922CAB4AB5F29F1BECC9D95B4B7F05
C:\Windows\System32\DRIVERS\ipfltdrv.sys FE85D0A86CA7A5A99CF8CD04DE7F80AE
C:\Windows\System32\drivers\IPMIDrv.sys 450DBDD716C7911F83E05F78EE18BFA2
C:\Windows\System32\drivers\ipnat.sys F1DAECC3B3D6399875D4F10529D6A77C
C:\Windows\system32\drivers\irda.sys 7475A2903BB704B446AA6309E34D3362
C:\Windows\System32\drivers\irenum.sys 9725E7F0C64CE9916A5CDABE8D6E13C3
C:\Windows\System32\drivers\isapnp.sys 58040898883A96160D41739C80328BBF
C:\Windows\System32\drivers\msiscsi.sys C9FD02D62E09337B67B0C61EC8CA38CC
C:\Windows\System32\drivers\kbdclass.sys 210808437570BDDEE71A43535E3A2D30
C:\Windows\System32\drivers\kbdhid.sys 2D05785B0C58D90A34EA15032EADBBA9
C:\Windows\System32\drivers\kdnic.sys 813BA3EB2CE038F2A5382DDD75CAD60B
C:\Windows\System32\Drivers\ksecdd.sys 9FA1B5D84F596F0664F0465F302044DC
C:\Windows\System32\Drivers\ksecpkg.sys 55AD13E2BAFC5AB53A10F8C271F5D242
C:\Windows\system32\drivers\ksthunk.sys 4ED115CD1A1099705F56B5E0FFF97CC6
C:\Windows\System32\drivers\lltdio.sys 5933A6673F00D8255C52957E40C2D601
C:\Windows\System32\drivers\lsi_sas.sys 8E1B0946948CCC0BC1FA3CB70374A795
C:\Windows\System32\drivers\lsi_sas2i.sys 4F68163FC04C973500DC4DA0946917B0
C:\Windows\System32\drivers\lsi_sas3i.sys E5AC5F2815938651CDCC27F425474673
C:\Windows\System32\drivers\lsi_sss.sys CCF6EC9FB9B8F18E05B4253E81013E48
C:\Windows\system32\drivers\luafv.sys C9579D32219E5B936AC3A48D470117EC
C:\WINDOWS\system32\drivers\mbamchameleon.sys 1239597BAB7EED2BB16D035AF87E65D9
C:\WINDOWS\system32\drivers\mbam.sys 78BFF5425E044086E74E78650A359FBB
C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys 78488AF2AB2111D67B3C4044707A519B
C:\WINDOWS\system32\drivers\mwac.sys 898415AC0B5F1D2A9A48ABCB68A6DC4B
C:\Windows\System32\drivers\megasas.sys C3CDCCF07486BD2616A7B82946E07AC0
C:\Windows\System32\drivers\megasr.sys FADB2FE017E69EECE0E1BA78661C2E8C
C:\Windows\System32\drivers\TeeDriverW8x64.sys EA96E9A0E593647206A2F0303E521D95
C:\Windows\System32\drivers\mlx4_bus.sys FD60818B66B2E8A5415EA840E99A9D8F
C:\Windows\system32\drivers\mmcss.sys 68F6977F1CFBAAC770D940A8C0326FA1
C:\Windows\System32\drivers\modem.sys D842ADDB5911945D51F61A0B1C8F36E3
C:\Windows\System32\drivers\monitor.sys 9CCCB7FC3EDADEBA461D78615A6011A6
C:\Windows\System32\drivers\mouclass.sys 27A07B2FB2E3057DA8DAEA4F25D843C7
C:\Windows\System32\drivers\mouhid.sys 7BD6E7F7C9001AB21B8362CFFEE80B25
C:\Windows\System32\drivers\mountmgr.sys F5BDAEE4B7D369D4C74668DCFBA3FF10
C:\Windows\System32\drivers\mpsdrv.sys 30844BD376F9D01E62C820BEF446F1F8
C:\Windows\system32\drivers\mrxdav.sys 50C2389CD04C5B8632E3DC2D733EF15D
C:\Windows\System32\DRIVERS\mrxsmb.sys 4D5F17C23D25B5BDF7EB35A54F483C9B
C:\Windows\System32\DRIVERS\mrxsmb10.sys 8F58AEAE00B39AC9AD93755E777B19D8
C:\Windows\System32\DRIVERS\mrxsmb20.sys FC501F50E6214AF38D4B22220537187A
C:\Windows\System32\drivers\bridge.sys 74C9D21523DAE0C18F413C196DF0058A
C:\Windows\System32\Drivers\Msfs.sys F01B849D9D4A8CEAF32D4FDBD0B83C92
C:\Windows\System32\drivers\msgpiowin32.sys 22ECD8F5D1DFADF2011BBB1700CB871D
C:\Windows\System32\drivers\mshidkmdf.sys FD870F6968A145E4D2BA8A8842686B03
C:\Windows\System32\drivers\mshidumdf.sys 30364757963A028CE5DF0FBAAC270173
C:\Windows\System32\drivers\msisadrv.sys 6BB0FEDDAE7135FA37FFAFF4D9E0E876
C:\Windows\system32\DRIVERS\MSKSSRV.sys 13D614E6B51ECF36746C48CE829FA7F6
C:\Windows\System32\drivers\mslldp.sys 642CDE46351D5D2D90311E77072AB46D
C:\Windows\system32\DRIVERS\MSPCLOCK.sys F2302A5CE63CA7673200FAFCEEEDB6AF
C:\Windows\system32\DRIVERS\MSPQM.sys 6114512EA26E835BA522C63635429DB5
C:\Windows\System32\Drivers\MsRPC.sys AA538E16E644D00E3BA5349BBA9598EC
C:\Windows\System32\drivers\mssecflt.sys 7ACFE7435317E791FF9EED2F49B402F2
C:\Windows\System32\drivers\mssmbios.sys 0543BEFD41EC4D25C7F7CF36409CEC7D
C:\Windows\system32\DRIVERS\MSTEE.sys C1569E4DB8EFE3617847BF041A3C842F
C:\Windows\System32\drivers\MTConfig.sys 130B16970154BA9876B09E5C4BAC63BE
C:\Windows\System32\Drivers\mup.sys 15D987C8F6CCD4AC94E070C5986762CB
C:\Windows\System32\drivers\mvumis.sys 3D2C5B4995CA0751D32DEA0DE9FDFE44
C:\Windows\System32\DRIVERS\nwifi.sys DB31EBB04C871F422C36A0962DA7D38B
C:\Windows\System32\drivers\ndfltr.sys 629CB21AC49C8867E0F29DF1C16DB7B4
C:\Windows\System32\drivers\ndis.sys 36DD2C614720EC2970CB5E870BA69D8D
C:\Windows\System32\drivers\ndiscap.sys 6DD605338FAAF6BA17662AA874E0D162
C:\Windows\System32\drivers\NdisImPlatform.sys E34196F285F8B8879E1FF36C31F7179E
C:\Windows\System32\DRIVERS\ndistapi.sys 1FAD2398673F30CEC616B89C46B7DCBA
C:\Windows\System32\drivers\ndisuio.sys AEB8ECBE66CC46854066CB1F5623E179
C:\Windows\System32\drivers\NdisVirtualBus.sys 7340104C2BF2F126714F7CDE85E63610
C:\Windows\System32\drivers\ndiswan.sys 07ADC1F8DCBEB8104D75129B11584B8C
C:\Windows\System32\DRIVERS\ndiswan.sys 07ADC1F8DCBEB8104D75129B11584B8C
C:\Windows\System32\DRIVERS\NDProxy.sys 78A12E3DF035B5D054986949B19BE43C
C:\Windows\System32\drivers\Ndu.sys 04C8859355C1DC9C0FA198D1894D71C2
C:\Windows\System32\drivers\netaapl64.sys EE00C544C025958AF50C7B199F3C8595
C:\Windows\System32\drivers\NetAdapterCx.sys 6C76780A01FC2B885BD6E957B5C36B02
C:\Windows\System32\drivers\netbios.sys 5D1513BD6430307C9DB86C6E351372ED
C:\Windows\System32\DRIVERS\netbt.sys 6FEBB0A847FFD5F057B9AC8889F1B9A7
C:\Windows\System32\drivers\netr28ux.sys BA0C8F0B8B10968B63D85D665A6C280E
C:\Windows\System32\DRIVERS\NSKernel.sys 16BF367C804224B3C7245A575774CE74
C:\Windows\System32\Drivers\Npfs.sys 001CBD7A2CD45C4EB39C01C3C677EF73
C:\Windows\System32\drivers\npsvctrig.sys 90F5DC9802AAA00CD0B6E2AD9E7FFADC
C:\Windows\System32\drivers\nsiproxy.sys 0C6218321A09A7B51BA7FFAFBA4CCB21
C:\Windows\System32\Drivers\NTFS.sys BE43EC0D5AD467CFC5C9770F2F8EBCC2
C:\Windows\System32\Drivers\Null.sys 6E6DD6F9DD2A034CF85E94047DBDB992
C:\Windows\System32\drivers\nvraid.sys D261DF41F0840F734856A2B4F5E072C7
C:\Windows\System32\drivers\nvstor.sys 23B702B555EB0436B9DAA0BC63DA65CE
C:\Windows\System32\drivers\parport.sys 6B81BF7853D161DB8AC62CD8B9C2DE6B
C:\Windows\System32\drivers\partmgr.sys 64E0AA114871B2A37908E44A18F35A73
C:\Windows\System32\drivers\pci.sys 55E45E0A89429AE9C62D728B9C4891C0
C:\Windows\System32\drivers\pciide.sys 214DCC87E3898F738075D1341252A552
C:\Windows\System32\drivers\pcmcia.sys AED76A3333B3A31536E430020E0226FC
C:\Windows\System32\drivers\pcw.sys E63FB38B6E75B39467492FBAD2CD512A
C:\Windows\System32\drivers\pdc.sys 9EA203A07EFA6D74F07F32EF0DAB5CA6
C:\Windows\System32\drivers\peauth.sys 1509A77F840AA9E72CF8247D0CF2FBDE
C:\Windows\System32\drivers\percsas2i.sys 540116170E2135FCD5DDE77702166B67
C:\Windows\System32\drivers\percsas3i.sys 8356F87553BF49C703CF382033815898
C:\Windows\System32\drivers\raspptp.sys 5645B9D9788CCA2C88B9534996ED2D6D
C:\Windows\System32\drivers\processr.sys 372913E12677A8CBBBABDD8311894F9D
C:\Windows\System32\drivers\pacer.sys FC98407B85A31161851FDE245517574F
C:\Windows\system32\drivers\qwavedrv.sys 819602BBBFDB0BD46DEA3715BF0DD452
C:\Windows\System32\DRIVERS\rasacd.sys CDF47037A0939F56D11F699629C276AD
C:\Windows\System32\drivers\AgileVpn.sys 28C2EA278070EE12701D0EDF8CB0EC36
C:\Windows\System32\drivers\rasl2tp.sys 17E565710172ED71B8531D8822E1C5D1
C:\Windows\System32\DRIVERS\raspppoe.sys 9387DF155233D45D4E010F4F2FB52A57
C:\Windows\System32\drivers\rassstp.sys F0F4EEDEEBEE7A4244FAFB96A16B5712
C:\Windows\System32\DRIVERS\rdbss.sys 392CD98739F4A8F188A3CB34F6AB193E
C:\Windows\System32\drivers\rdpbus.sys 79A415E6FA915EFC00297DAB16EC2635
C:\Windows\System32\drivers\rdpdr.sys 7135785C21CA79D270D11037C43D3F19
C:\Windows\System32\drivers\rdpvideominiport.sys 97A61A3CB2B5CB4FC32B3224EF333448
C:\Windows\System32\drivers\rdyboost.sys 69BB204AE07EE84ECFAB1BF13C4BD04B
C:\Windows\System32\Drivers\ReFSv1.sys 940D6F5A2B0A61EE4170DF84F6C95C20
C:\Windows\System32\drivers\rspndr.sys 5FF28F097C9699097B473F8FC7C1AA7D
C:\Windows\System32\drivers\rt640x64.sys F9265C902BB9146C6BFF97BDF35C04DE
C:\Windows\System32\drivers\vms3cap.sys B5DAEE69BACA64D2BB004568E22D8756
C:\Windows\System32\drivers\sbp2port.sys 5E73FB63E2DBC75FE0C17DEB0010CE0E
C:\Windows\System32\DRIVERS\scfilter.sys 3D9A82B03C92D1FEC42CB171D6F57778
C:\Windows\System32\drivers\scmbus.sys 9055ADDFBA4C8B914C914CE693B55C0A
C:\Windows\System32\drivers\scmdisk0101.sys B6F2363584E62960846F7C3F00124A4F
C:\Windows\System32\drivers\sdbus.sys FCBB8A17B4437B2CA8CC8DA8CB1D306E
C:\Windows\System32\drivers\sdstor.sys 120DFCB71D6C502613A9E2D50E16850C
C:\Windows\System32\drivers\SerCx.sys 401D706DDC0A7AF18C3DD228ADF74551
C:\Windows\System32\drivers\SerCx2.sys 7084D11083F0CDCA8B5C76F9846ABF5D
C:\Windows\System32\drivers\serenum.sys 3FF478A8ED32A83C36581425F6282B6C
C:\Windows\System32\drivers\serial.sys 92509187AA171A80521528B36F753E1D
C:\Windows\System32\drivers\sermouse.sys 433D38FF6D08B993847EA2A10EB8CB52
C:\Windows\System32\drivers\sfloppy.sys 697D3EE0740AEAB62B66ABCA1C83D13B
C:\Windows\System32\drivers\SiSRaid2.sys A34CE1830E45DA98932295FDE4B7908A
C:\Windows\System32\drivers\sisraid4.sys A7B5C670770E908DA5FEF5BF1136E933
C:\Windows\System32\drivers\spaceport.sys 3DB9C2950439B61A038BF83E697C7A14
C:\Windows\System32\drivers\SpbCx.sys E03264C4C25B568F92ED1656AD541E64
C:\Windows\System32\DRIVERS\srv.sys EDCDCD95B916DB156A903AC6256F0CCF
C:\Windows\System32\DRIVERS\srv2.sys DF7147DE10921DBAAE9F9EEF94590E10
C:\Windows\System32\DRIVERS\srvnet.sys 416D224AF7481A4179F018FB1F9A5B6B
C:\Windows\System32\drivers\stexstor.sys 29D26E1347AE1BBD4201014E19880B2C
C:\Windows\system32\DRIVERS\serscan.sys B11724BFE7DA1BA55903B4D849415F1A
C:\Windows\System32\drivers\storahci.sys 0FE3B9A9E40DE1029B0AC2368A3F765D
C:\Windows\System32\drivers\vmstorfl.sys C5E0ACE4771F5575D9D5B457ABF3AD03
C:\Windows\System32\drivers\stornvme.sys B739FF1C1FAF9D0ADFBFB0FD59A5AB37
C:\Windows\System32\drivers\storqosflt.sys BEBF85EB4D90E6996047DA027D0ED26E
C:\Windows\System32\drivers\storufs.sys 8E73037A6F8938475692FFCC26EBF385
C:\Windows\System32\drivers\storvsc.sys 9D9DED47DA10E845EFF2DD57C94C809B
C:\Windows\System32\drivers\swenum.sys 505E0C40B5D0ADDCBB414640F59BD2E0
C:\Windows\System32\drivers\Synth3dVsc.sys 32F46FB0F290D16DAA452B289C985795
C:\Windows\System32\drivers\tcpip.sys E93C3AB8B29AB4905541B5AB87963906
C:\Windows\System32\drivers\tcpip.sys E93C3AB8B29AB4905541B5AB87963906
C:\Windows\System32\drivers\tcpipreg.sys 8DBB1BE20C36E6D19BCC89EEA00B953C
C:\Windows\system32\DRIVERS\tdx.sys 9D2DD64A0B51C56285512DC9454340F6
C:\Windows\System32\drivers\teamviewervpn.sys F5520DBB47C60EE83024B38720ABDA24
C:\Windows\System32\drivers\terminpt.sys 06130AFFECEB94525FC2352936576B70
C:\Windows\System32\drivers\tpm.sys 798C8CB861EB09C5AFB77468E5449BBB
C:\Windows\System32\DRIVERS\Trufos.sys 40A8AB90F3CB342F037B493A8EADE4B9
C:\Windows\System32\drivers\TsUsbFlt.sys A6F4025664C9D4BC2A9EDAB4092706D7
C:\Windows\System32\drivers\TsUsbGD.sys 37A96AD493E110C0BF1EE0AC0F9E7DBD
C:\Windows\System32\drivers\tsusbhub.sys 5A91FDBA4D3FCB56DAEB8C091B3EB8E1
C:\Windows\System32\drivers\tunnel.sys 79E264287F17D56D768440B0270466DE
C:\Windows\System32\drivers\uaspstor.sys AA65954F512BA097DD190790876DD991
C:\Windows\System32\Drivers\UcmCx.sys AB6268022C3A5B529075A39C33904DA6
C:\Windows\System32\Drivers\UcmTcpciCx.sys 7ED2EDA43D21C7A5F589A7960E265C52
C:\Windows\System32\drivers\UcmUcsi.sys 169351463039B45F5CDED9768879F712
C:\Windows\System32\drivers\ucx01000.sys 08A9E3AD29B215484FBB68CDC175DF3A
C:\Windows\System32\drivers\udecx.sys DA70AEE267491AA56BC63AA0C0C96CA2
C:\Windows\System32\DRIVERS\udfs.sys FBC5ECF6D5A868D0B116C2DBB02B8168
C:\Windows\System32\drivers\UEFI.sys B918E40FAA9CD118CCA4AD388B748C98
C:\Windows\system32\drivers\UevAgentDriver.sys 166B17AE1DD24D8BA8CA474C7C31148F
C:\Windows\System32\drivers\ufx01000.sys 0FD75222C1AD2687AB365BEBEA400DD4
C:\Windows\System32\drivers\UfxChipidea.sys C1A78C53E01C641AE41BFA65797819F5
C:\Windows\System32\drivers\ufxsynopsys.sys 767307212110EBEFB93EC9A5BE9E85B9
C:\Windows\System32\drivers\umbus.sys DC460AAA18CA2342FBBFB2DF9B044472
C:\Windows\System32\drivers\umpass.sys C3CF0377917ECE6D65D7623E1E61568F
C:\Windows\System32\drivers\urschipidea.sys 6B46FC140C9AF68E6E7697D66D59CB4D
C:\Windows\System32\drivers\urscx01000.sys B4402E7F0923F660270442CE76877ABE
C:\Windows\System32\drivers\urssynopsys.sys 9DD431F1B94789CFB527E5D19261F124
C:\Windows\System32\Drivers\usbaapl64.sys F957092C63CD71D85903CA0D8370F473
C:\Windows\System32\drivers\usbccgp.sys C87E32B90F085970D9637FBAD45EF6FE
C:\Windows\System32\drivers\usbcir.sys 0B663856474AC41924D9E9112203858F
C:\Windows\System32\drivers\usbehci.sys F83D2250256203AC5DA5E8601C1AFDD7
C:\Windows\System32\drivers\usbhub.sys 7FFD26742321919590ED77FCA556D65F
C:\Windows\System32\drivers\UsbHub3.sys 7A749B2863B5561BE34B39E8E249AD8F
C:\Windows\System32\drivers\usbohci.sys D2109F1F4FEBF1DAC415CDC5DE876479
C:\Windows\System32\drivers\usbprint.sys 29C9572F2D061CFC3C0BD48A3163E343
C:\Windows\System32\drivers\usbser.sys 429477D6DEF3321FF7D3EF23CAAADA00
C:\Windows\System32\drivers\USBSTOR.SYS 0CC16F7B91C57AE9A4E44425A295FDAA
C:\Windows\System32\drivers\usbuhci.sys C917D09064CDBD18F75ADC9B2C48F847
C:\Windows\System32\drivers\USBXHCI.SYS 95BCCEFBC40D06484CF16144FE79B8A5
C:\Windows\System32\drivers\vdrvroot.sys 0CBDE344FB48E42D78E29469F202ADBC
C:\Windows\System32\drivers\VerifierExt.sys 723195568C8755CAD57F7933C5F2C5C2
C:\Windows\System32\drivers\vhdmp.sys C12B4859FC255AA6B3021CF8BB14A11F
C:\Windows\System32\drivers\vhf.sys 7929228F0E8B0C2FA0495A17A4FC27F6
C:\Windows\System32\drivers\vmbus.sys AEE432ED868831B1F068E373598F6D93
C:\Windows\System32\drivers\VMBusHID.sys 9444B23FC694B5F90F21B0FC7F10D8DD
C:\Windows\System32\drivers\vmgid.sys 4D0287F566B36536DD812A54C015FC4A
C:\Windows\System32\drivers\volmgr.sys 29075915F9BDC3437F8BED71C067D399
C:\Windows\System32\drivers\volmgrx.sys 6BDB6CE6D2D9E3D3F28F1C97E12B62E2
C:\Windows\System32\drivers\volsnap.sys BF2546583BB75F01DDA60A7921DFB230
C:\Windows\System32\drivers\volume.sys AC2E20A74D09D24485BE8396CE04F07B
C:\Windows\System32\drivers\vpci.sys 04BEC879AD7B3FDDD0339B19FECB0160
C:\Windows\System32\drivers\vsmraid.sys FD9BCB8920973CEAD4D49DC7A6D8A618
C:\Windows\System32\drivers\vstxraid.sys 0C111F220798CCE80484026E06822379
C:\Windows\System32\drivers\vwifibus.sys 607639716E9DB1CEF4E18B5B229293B4
C:\Windows\System32\drivers\vwififlt.sys B1ED64E628763148BF84FBE23F2AD711
C:\Windows\System32\drivers\vwifimp.sys 59920894C38A827091A06AF559834E47
C:\Windows\System32\drivers\wacompen.sys 55D00B785A7587F4263D125817871283
C:\Windows\System32\DRIVERS\wanarp.sys CEF3D306C09BEC1A800E9B4A06F859F6
C:\Windows\System32\DRIVERS\wanarp.sys CEF3D306C09BEC1A800E9B4A06F859F6
C:\Windows\system32\drivers\wcifs.sys CD24DEEA22152524CCFE859591D12A57
C:\Windows\system32\drivers\wcnfs.sys AEA1093B751339267D8C8C1EF3D669CF
C:\Windows\system32\drivers\WdBoot.sys D520B1B849B6D4D707AB31722B952C2D
C:\Windows\System32\drivers\Wdf01000.sys 5030C76047D756263093A47B82970868
C:\Windows\system32\drivers\WdFilter.sys 29FF9199EDEB4F5470BB134D1A2563D2
C:\Windows\System32\DRIVERS\wdiwifi.sys 373DF27CD5D5E50FFA2A90FEE0C0D994
C:\Windows\System32\Drivers\WdNisDrv.sys 17CF416CFF408190F5A4CBD79AB12E55
C:\Windows\System32\drivers\wfplwfs.sys E1785942AC51FEE6826CDF02075C5AA9
C:\Windows\System32\drivers\wimmount.sys 0CF79A0EACFFBB75A50A469A27696D02
C:\Windows\System32\drivers\WindowsTrustedRT.sys 0DE131733317EB4BE67028366B0CAAC6
C:\Windows\System32\drivers\WindowsTrustedRTProxy.sys 92EB5D38BDF10C790450F3E46BF93A0E
C:\Windows\System32\drivers\winmad.sys F95DE20312ACCA7761446DE152BD1F7C
C:\Windows\System32\drivers\WinUSB.SYS 4EFB346BFDAEEB29316AA52BBB9852B1
C:\Windows\System32\drivers\winverbs.sys 8B9AFF5F08E66A6F1F1063DEC9457FB6
C:\Windows\System32\drivers\wmiacpi.sys 6F4F4F5A007D1710BD76FB311DA97C07
C:\Windows\System32\Drivers\Wof.sys 43C8D087B31C592163B33A4BDA540E40
C:\Windows\System32\drivers\WpdUpFltr.sys 75A9284F01FE7CB1A7D5EAE5C1EB4F33
C:\Windows\system32\drivers\ws2ifsl.sys 36D7B73ADC3E10607ED6EC874AFB5D1E
C:\Windows\System32\drivers\WSDPrint.sys 696EC2EAA2A42A137CCBB9A84D6917C0
C:\Windows\system32\DRIVERS\WSDScan.sys 46E4A69825A7554A5DB784A55F8AD203
C:\Windows\System32\drivers\WudfPf.sys AED7FE551E8672B824A56324076183EB
C:\Windows\System32\drivers\WudfRd.sys CEFAB17FD7DFCFA515626C306262E89D
C:\Windows\System32\drivers\xboxgip.sys 59335CEA021FB89E07AD5DB5D17F09D0
C:\Windows\System32\drivers\xinputhid.sys 63088A3361D9A308F328F11E9099DD87
C:\Windows\System32\drivers\XtuAcpiDriver.sys DCF1C283860C3CAB0BF0A71528A0136C

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-09 10:35 - 2016-09-09 10:36 - 00051906 _____ C:\Users\User\Desktop\FRST.txt
2016-09-09 10:34 - 2016-09-09 10:35 - 02397696 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2016-09-09 10:34 - 2016-09-09 10:35 - 00000000 ____D C:\FRST
2016-09-08 15:47 - 2016-09-08 15:47 - 00064283 _____ C:\Users\User\Downloads\All Turf Limited_TransactionListbyCustomer.xlsx
2016-09-08 15:47 - 2016-09-08 15:47 - 00000165 ____H C:\Users\User\Downloads\~$All Turf Limited_TransactionListbyCustomer.xlsx
2016-09-08 11:48 - 2016-09-08 11:48 - 00017781 _____ C:\Users\User\Downloads\Transaction (49).pdf
2016-09-08 11:20 - 2016-09-09 10:24 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-09-08 11:20 - 2016-09-08 11:20 - 00001211 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-09-08 11:20 - 2016-09-08 11:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-09-08 11:20 - 2016-09-08 11:20 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-09-08 11:20 - 2016-09-08 11:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-09-08 11:20 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-09-08 11:20 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-09-08 11:20 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-09-08 11:19 - 2016-09-08 11:19 - 22851472 _____ (Malwarebytes ) C:\Users\User\Downloads\mbam-setup-2.2.1.1043.exe
2016-09-07 15:12 - 2016-09-07 15:12 - 00369405 _____ C:\Users\User\Documents\Trojan 15 Manual.pdf
2016-09-02 21:49 - 2016-09-02 21:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-09-02 12:31 - 2016-08-27 05:58 - 03893376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-09-02 12:31 - 2016-08-27 05:58 - 00121368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-09-02 12:31 - 2016-08-27 05:38 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2016-09-02 12:31 - 2016-08-27 05:37 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2016-09-02 12:31 - 2016-08-20 06:46 - 01570680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-09-02 12:31 - 2016-08-20 06:34 - 01430200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-09-02 12:31 - 2016-08-20 06:34 - 00782176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-09-02 12:31 - 2016-08-20 06:33 - 05722312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-09-02 12:31 - 2016-08-20 06:33 - 00852824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-09-02 12:31 - 2016-08-20 06:29 - 20965240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-09-02 12:31 - 2016-08-20 06:29 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-09-02 12:31 - 2016-08-20 06:29 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-09-02 12:31 - 2016-08-20 06:25 - 01264912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-09-02 12:31 - 2016-08-20 06:16 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2016-09-02 12:31 - 2016-08-20 06:14 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2016-09-02 12:31 - 2016-08-20 06:14 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll
2016-09-02 12:31 - 2016-08-20 06:13 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.UXRes.dll
2016-09-02 12:31 - 2016-08-20 06:08 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-09-02 12:31 - 2016-08-20 06:08 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ClipboardServer.dll
2016-09-02 12:31 - 2016-08-20 06:07 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-09-02 12:31 - 2016-08-20 06:07 - 00554496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-09-02 12:31 - 2016-08-20 06:06 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-09-02 12:31 - 2016-08-20 06:06 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2016-09-02 12:31 - 2016-08-20 06:04 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2016-09-02 12:31 - 2016-08-20 06:04 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-09-02 12:31 - 2016-08-20 06:04 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-09-02 12:31 - 2016-08-20 06:04 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-09-02 12:31 - 2016-08-20 06:03 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2016-09-02 12:31 - 2016-08-20 06:01 - 04612096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-09-02 12:31 - 2016-08-20 06:01 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dll
2016-09-02 12:31 - 2016-08-20 06:00 - 19423232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-09-02 12:31 - 2016-08-20 06:00 - 01316352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2016-09-02 12:31 - 2016-08-20 06:00 - 00141824 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\SysWOW64\DscCoreConfProv.dll
2016-09-02 12:31 - 2016-08-20 05:59 - 07624192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-09-02 12:31 - 2016-08-20 05:59 - 01106944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2016-09-02 12:31 - 2016-08-20 05:59 - 01077760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll
2016-09-02 12:31 - 2016-08-20 05:59 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smphost.dll
2016-09-02 12:31 - 2016-08-20 05:58 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi_passthru.dll
2016-09-02 12:31 - 2016-08-20 05:57 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2016-09-02 12:31 - 2016-08-20 05:56 - 02711040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2016-09-02 12:31 - 2016-08-20 05:56 - 02143232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2016-09-02 12:31 - 2016-08-20 05:56 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\delegatorprovider.dll
2016-09-02 12:31 - 2016-08-20 05:53 - 01220608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2016-09-02 12:31 - 2016-08-20 05:52 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2016-09-02 12:31 - 2016-08-20 05:51 - 06044672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-09-02 12:31 - 2016-08-20 05:51 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-09-02 12:31 - 2016-08-20 05:50 - 01875456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-09-02 12:31 - 2016-08-20 05:49 - 02999296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-09-02 12:31 - 2016-08-20 05:46 - 03105792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2016-09-02 12:30 - 2016-08-27 10:37 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfksproxy.dll
2016-09-02 12:30 - 2016-08-27 05:43 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\encapi.dll
2016-09-02 12:30 - 2016-08-20 07:26 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-09-02 12:30 - 2016-08-20 06:34 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll
2016-09-02 12:30 - 2016-08-20 06:32 - 02166232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-09-02 12:30 - 2016-08-20 06:32 - 00846552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-09-02 12:30 - 2016-08-20 06:14 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\C_G18030.DLL
2016-09-02 12:30 - 2016-08-20 06:14 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\C_IS2022.DLL
2016-09-02 12:30 - 2016-08-20 06:14 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\c_GSM7.DLL
2016-09-02 12:30 - 2016-08-20 06:11 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2016-09-02 12:30 - 2016-08-20 06:09 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-09-02 12:30 - 2016-08-20 06:07 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2016-09-02 12:30 - 2016-08-20 06:05 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-09-02 12:30 - 2016-08-20 05:55 - 19418624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-09-02 12:30 - 2016-08-20 05:54 - 00806912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2016-09-02 12:30 - 2016-08-20 05:51 - 01992704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-09-02 12:29 - 2016-08-27 06:12 - 04130944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-09-02 12:29 - 2016-08-27 06:12 - 00244816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-09-02 12:29 - 2016-08-27 05:39 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2016-09-02 12:29 - 2016-08-27 05:38 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2016-09-02 12:29 - 2016-08-27 05:25 - 00804864 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2016-09-02 12:29 - 2016-08-20 07:06 - 00108384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-09-02 12:29 - 2016-08-20 07:04 - 07814488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-09-02 12:29 - 2016-08-20 07:03 - 02257248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-09-02 12:29 - 2016-08-20 07:03 - 01883784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-09-02 12:29 - 2016-08-20 06:52 - 07219672 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-09-02 12:29 - 2016-08-20 06:52 - 02190688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-09-02 12:29 - 2016-08-20 06:52 - 01859264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-09-02 12:29 - 2016-08-20 06:52 - 01279328 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-09-02 12:29 - 2016-08-20 06:52 - 00857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-09-02 12:29 - 2016-08-20 06:52 - 00658776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-09-02 12:29 - 2016-08-20 06:52 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-09-02 12:29 - 2016-08-20 06:51 - 00681312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ClipSp.sys
2016-09-02 12:29 - 2016-08-20 06:50 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-09-02 12:29 - 2016-08-20 06:47 - 22218808 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-09-02 12:29 - 2016-08-20 06:47 - 01453992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-09-02 12:29 - 2016-08-20 06:47 - 01071728 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-09-02 12:29 - 2016-08-20 06:43 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-09-02 12:29 - 2016-08-20 06:42 - 02537824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-09-02 12:29 - 2016-08-20 06:22 - 22571008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-09-02 12:29 - 2016-08-20 06:22 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2016-09-02 12:29 - 2016-08-20 06:21 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2016-09-02 12:29 - 2016-08-20 06:21 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.UXRes.dll
2016-09-02 12:29 - 2016-08-20 06:21 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\C_G18030.DLL
2016-09-02 12:29 - 2016-08-20 06:21 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2016-09-02 12:29 - 2016-08-20 06:21 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll
2016-09-02 12:29 - 2016-08-20 06:21 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2016-09-02 12:29 - 2016-08-20 06:21 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\c_GSM7.DLL
2016-09-02 12:29 - 2016-08-20 06:20 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2016-09-02 12:29 - 2016-08-20 06:20 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll
2016-09-02 12:29 - 2016-08-20 06:20 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2016-09-02 12:29 - 2016-08-20 06:20 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\C_IS2022.DLL
2016-09-02 12:29 - 2016-08-20 06:19 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2016-09-02 12:29 - 2016-08-20 06:19 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2016-09-02 12:29 - 2016-08-20 06:18 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2016-09-02 12:29 - 2016-08-20 06:18 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-09-02 12:29 - 2016-08-20 06:18 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2016-09-02 12:29 - 2016-08-20 06:17 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2016-09-02 12:29 - 2016-08-20 06:17 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-09-02 12:29 - 2016-08-20 06:17 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerSvc.dll
2016-09-02 12:29 - 2016-08-20 06:16 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipboardServer.dll
2016-09-02 12:29 - 2016-08-20 06:15 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2016-09-02 12:29 - 2016-08-20 06:15 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2016-09-02 12:29 - 2016-08-20 06:15 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2016-09-02 12:29 - 2016-08-20 06:15 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-09-02 12:29 - 2016-08-20 06:14 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2016-09-02 12:29 - 2016-08-20 06:14 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2016-09-02 12:29 - 2016-08-20 06:13 - 01081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-09-02 12:29 - 2016-08-20 06:13 - 00743424 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-09-02 12:29 - 2016-08-20 06:13 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-09-02 12:29 - 2016-08-20 06:12 - 01014784 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-09-02 12:29 - 2016-08-20 06:12 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-09-02 12:29 - 2016-08-20 06:12 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-09-02 12:29 - 2016-08-20 06:12 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-09-02 12:29 - 2016-08-20 06:12 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-09-02 12:29 - 2016-08-20 06:11 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-09-02 12:29 - 2016-08-20 06:11 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-09-02 12:29 - 2016-08-20 06:10 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2016-09-02 12:29 - 2016-08-20 06:10 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-09-02 12:29 - 2016-08-20 06:09 - 09128448 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-09-02 12:29 - 2016-08-20 06:09 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-09-02 12:29 - 2016-08-20 06:09 - 00642048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll
2016-09-02 12:29 - 2016-08-20 06:08 - 01906176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2016-09-02 12:29 - 2016-08-20 06:08 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2016-09-02 12:29 - 2016-08-20 06:08 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2016-09-02 12:29 - 2016-08-20 06:08 - 00204288 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\DscCoreConfProv.dll
2016-09-02 12:29 - 2016-08-20 06:07 - 01403392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Editing.dll
2016-09-02 12:29 - 2016-08-20 06:07 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\smphost.dll
2016-09-02 12:29 - 2016-08-20 06:06 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi_passthru.dll
2016-09-02 12:29 - 2016-08-20 06:04 - 23682560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-09-02 12:29 - 2016-08-20 06:04 - 03245056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2016-09-02 12:29 - 2016-08-20 06:04 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\delegatorprovider.dll
2016-09-02 12:29 - 2016-08-20 06:03 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-09-02 12:29 - 2016-08-20 06:03 - 02846208 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2016-09-02 12:29 - 2016-08-20 06:02 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2016-09-02 12:29 - 2016-08-20 06:01 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2016-09-02 12:29 - 2016-08-20 06:00 - 08124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-09-02 12:29 - 2016-08-20 05:59 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-09-02 12:29 - 2016-08-20 05:58 - 01643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-09-02 12:29 - 2016-08-20 05:57 - 02680832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-09-02 12:29 - 2016-08-20 05:57 - 01282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-09-02 12:29 - 2016-08-20 05:56 - 02315264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-09-02 12:29 - 2016-08-20 05:56 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-09-02 12:29 - 2016-08-20 05:56 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-09-02 12:29 - 2016-08-20 05:55 - 00726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-09-02 12:29 - 2016-08-20 05:53 - 03617792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-09-02 12:29 - 2016-08-20 05:53 - 03299328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2016-09-02 12:29 - 2016-08-19 02:33 - 00162850 _____ C:\WINDOWS\system32\C_932.NLS
2016-09-02 12:28 - 2016-08-27 13:45 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfksproxy.dll
2016-09-02 12:28 - 2016-08-27 05:44 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\encapi.dll
2016-09-02 12:28 - 2016-08-20 07:13 - 00590952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-09-02 12:28 - 2016-08-20 07:06 - 01046976 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-09-02 12:28 - 2016-08-20 07:06 - 00885832 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-09-02 12:28 - 2016-08-20 07:05 - 01377008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2016-09-02 12:28 - 2016-08-20 07:04 - 01349120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-09-02 12:28 - 2016-08-20 07:04 - 01163696 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-09-02 12:28 - 2016-08-20 06:52 - 00178528 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll
2016-09-02 12:28 - 2016-08-20 06:50 - 02913104 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-09-02 12:28 - 2016-08-20 06:50 - 01267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-09-02 12:28 - 2016-08-20 06:50 - 01099608 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2016-09-02 12:28 - 2016-08-20 06:50 - 00987992 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2016-09-02 12:28 - 2016-08-20 06:50 - 00942424 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2016-09-02 12:28 - 2016-08-20 06:50 - 00807776 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2016-09-02 12:28 - 2016-08-20 06:50 - 00073568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2016-09-02 12:28 - 2016-08-20 06:50 - 00020320 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll
2016-09-02 12:28 - 2016-08-20 06:20 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-09-02 12:28 - 2016-08-20 06:16 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2016-09-02 12:28 - 2016-08-20 06:12 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-09-02 12:28 - 2016-08-20 06:12 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-09-02 12:28 - 2016-08-20 06:11 - 00410624 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-09-02 12:28 - 2016-08-20 06:10 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-09-02 12:28 - 2016-08-20 06:07 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2016-09-02 12:28 - 2016-08-20 06:07 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CastLaunch.dll
2016-09-02 12:28 - 2016-08-20 06:05 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2016-09-02 12:28 - 2016-08-20 06:03 - 00944640 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-09-02 12:28 - 2016-08-20 05:59 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2016-09-02 12:28 - 2016-08-20 05:59 - 01690112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-09-02 12:28 - 2016-08-20 05:57 - 02264064 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-09-02 12:28 - 2016-08-20 05:56 - 02289664 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-09-02 12:28 - 2016-08-20 05:56 - 01006080 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2016-09-01 15:17 - 2016-09-01 15:18 - 00003481 _____ C:\Users\User\Desktop\Customer database.lnk
2016-09-01 13:41 - 2016-09-01 13:41 - 03225042 _____ C:\Users\User\Downloads\Helmshore_PDR_Information.pdf
2016-08-30 12:32 - 2016-08-30 12:32 - 01856552 _____ (LogMeIn, Inc.) C:\Users\User\Downloads\Support-LogMeInRescue (9).exe
2016-08-30 10:00 - 2016-08-30 10:00 - 00019778 _____ C:\Users\User\Downloads\Transaction (48).pdf
2016-08-30 09:42 - 2016-08-30 09:42 - 00001858 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-08-30 09:42 - 2016-08-30 09:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-08-30 09:42 - 2016-08-30 09:42 - 00000000 ____D C:\Program Files\iTunes
2016-08-30 09:42 - 2016-08-30 09:42 - 00000000 ____D C:\Program Files\iPod
2016-08-30 09:42 - 2016-08-30 09:42 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-08-25 18:51 - 2016-08-25 18:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-08-25 18:47 - 2016-08-25 18:47 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2016-08-25 18:47 - 2016-08-25 18:47 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2016-08-25 18:36 - 2016-08-25 18:36 - 00300548 _____ C:\Users\User\Downloads\BoardingPass (2).pdf
2016-08-25 15:13 - 2016-08-25 15:13 - 00169656 _____ (BullGuard Ltd.) C:\WINDOWS\system32\BgGamingMonitor.dll
2016-08-25 15:13 - 2016-08-25 15:13 - 00148008 _____ (BullGuard Ltd.) C:\WINDOWS\SysWOW64\BgGamingMonitor.dll
2016-08-25 15:13 - 2016-08-25 15:13 - 00076568 _____ (BullGuard Ltd.) C:\WINDOWS\system32\BGLsp.dll
2016-08-25 15:13 - 2016-08-25 15:13 - 00061720 _____ (BullGuard Ltd.) C:\WINDOWS\SysWOW64\BGLsp.dll
2016-08-25 11:35 - 2016-08-25 11:35 - 00000000 ____D C:\Users\User\AppData\LocalLow\Adobe
2016-08-25 11:35 - 2016-08-25 11:35 - 00000000 ____D C:\Users\User\AppData\Local\Adobe
2016-08-25 11:34 - 2016-08-25 11:36 - 00000000 ____D C:\ProgramData\Adobe
2016-08-25 11:34 - 2016-08-25 11:34 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-08-25 11:34 - 2016-08-25 11:34 - 00002132 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2016-08-25 11:34 - 2016-08-25 11:34 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-08-25 11:29 - 2016-08-25 11:29 - 141015434 _____ C:\Users\User\Downloads\AdbeRdr11000_mui_Std.zip
2016-08-24 13:37 - 2016-08-06 05:33 - 00354264 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-08-24 13:37 - 2016-08-06 05:31 - 00041824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SysResetErr.exe
2016-08-24 13:37 - 2016-08-06 05:29 - 00128352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-08-24 13:37 - 2016-08-06 05:17 - 00450400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-08-24 13:37 - 2016-08-06 05:17 - 00224096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-08-24 13:37 - 2016-08-06 05:16 - 00435040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-08-24 13:37 - 2016-08-06 04:41 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncPolicy.dll
2016-08-24 13:37 - 2016-08-06 04:40 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafpos.dll
2016-08-24 13:37 - 2016-08-06 04:33 - 01082368 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-08-24 13:37 - 2016-08-06 04:31 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2016-08-24 13:37 - 2016-08-06 04:19 - 01812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2016-08-24 13:37 - 2016-08-05 10:14 - 01066328 _____ (Microsoft Corporation) C:\WINDOWS\system32\pidgenx.dll
2016-08-24 13:37 - 2016-08-05 10:12 - 05622600 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2016-08-24 13:37 - 2016-08-05 10:10 - 00939872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pidgenx.dll
2016-08-24 13:37 - 2016-08-05 10:05 - 00665768 _____ (Microsoft Corporation) C:\WINDOWS\system32\GenValObj.exe
2016-08-24 13:37 - 2016-08-05 09:22 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll
2016-08-24 13:37 - 2016-08-05 09:20 - 00538112 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2016-08-24 13:37 - 2016-08-05 09:08 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\slc.dll
2016-08-24 13:36 - 2016-08-06 05:31 - 00077664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2016-08-24 13:36 - 2016-08-06 05:29 - 00199008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys
2016-08-24 13:36 - 2016-08-06 05:26 - 01176664 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-08-24 13:36 - 2016-08-06 05:23 - 00168800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-24 13:36 - 2016-08-06 05:18 - 02745224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-24 13:36 - 2016-08-06 05:18 - 00584032 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-08-24 13:36 - 2016-08-06 05:18 - 00396168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-08-24 13:36 - 2016-08-06 05:17 - 00790760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2016-08-24 13:36 - 2016-08-06 05:17 - 00619368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-24 13:36 - 2016-08-06 05:15 - 00408600 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsmf.dll
2016-08-24 13:36 - 2016-08-06 05:13 - 01847048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2016-08-24 13:36 - 2016-08-06 05:13 - 01694200 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2016-08-24 13:36 - 2016-08-06 05:13 - 01066096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-08-24 13:36 - 2016-08-06 05:13 - 00595488 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2016-08-24 13:36 - 2016-08-06 05:13 - 00381760 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-08-24 13:36 - 2016-08-06 05:13 - 00044472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
2016-08-24 13:36 - 2016-08-06 05:09 - 00151224 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-24 13:36 - 2016-08-06 05:08 - 02251432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-24 13:36 - 2016-08-06 05:08 - 01469120 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-08-24 13:36 - 2016-08-06 05:08 - 00587968 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-08-24 13:36 - 2016-08-06 05:08 - 00509784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-08-24 13:36 - 2016-08-06 05:08 - 00313560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2016-08-24 13:36 - 2016-08-06 05:08 - 00050880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-08-24 13:36 - 2016-08-06 05:04 - 00361096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsmf.dll
2016-08-24 13:36 - 2016-08-06 05:03 - 01557296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2016-08-24 13:36 - 2016-08-06 05:03 - 01343928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2016-08-24 13:36 - 2016-08-06 05:03 - 00955008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-08-24 13:36 - 2016-08-06 05:03 - 00529928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2016-08-24 13:36 - 2016-08-06 05:03 - 00036168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfpmp.exe
2016-08-24 13:36 - 2016-08-06 05:02 - 00321280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-08-24 13:36 - 2016-08-06 04:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2016-08-24 13:36 - 2016-08-06 04:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2016-08-24 13:36 - 2016-08-06 04:48 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll
2016-08-24 13:36 - 2016-08-06 04:48 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanhlp.dll
2016-08-24 13:36 - 2016-08-06 04:48 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.exe
2016-08-24 13:36 - 2016-08-06 04:48 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\spwmp.dll
2016-08-24 13:36 - 2016-08-06 04:48 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spwmp.dll
2016-08-24 13:36 - 2016-08-06 04:48 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdxm.ocx
2016-08-24 13:36 - 2016-08-06 04:48 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxmasf.dll
2016-08-24 13:36 - 2016-08-06 04:47 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys
2016-08-24 13:36 - 2016-08-06 04:47 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2016-08-24 13:36 - 2016-08-06 04:47 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll
2016-08-24 13:36 - 2016-08-06 04:47 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdxm.ocx
2016-08-24 13:36 - 2016-08-06 04:47 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxmasf.dll
2016-08-24 13:36 - 2016-08-06 04:46 - 09260032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmploc.DLL
2016-08-24 13:36 - 2016-08-06 04:46 - 09260032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmploc.DLL
2016-08-24 13:36 - 2016-08-06 04:46 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dasHost.exe
2016-08-24 13:36 - 2016-08-06 04:46 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModelOOBE.exe
2016-08-24 13:36 - 2016-08-06 04:46 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2016-08-24 13:36 - 2016-08-06 04:46 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2016-08-24 13:36 - 2016-08-06 04:45 - 00327680 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll
2016-08-24 13:36 - 2016-08-06 04:45 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll
2016-08-24 13:36 - 2016-08-06 04:45 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2016-08-24 13:36 - 2016-08-06 04:45 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2016-08-24 13:36 - 2016-08-06 04:45 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2016-08-24 13:36 - 2016-08-06 04:45 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\netiougc.exe
2016-08-24 13:36 - 2016-08-06 04:45 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2016-08-24 13:36 - 2016-08-06 04:45 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netiougc.exe
2016-08-24 13:36 - 2016-08-06 04:44 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2016-08-24 13:36 - 2016-08-06 04:44 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceassociation.dll
2016-08-24 13:36 - 2016-08-06 04:44 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceassociation.dll
2016-08-24 13:36 - 2016-08-06 04:43 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_WorkAccess.dll
2016-08-24 13:36 - 2016-08-06 04:43 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-08-24 13:36 - 2016-08-06 04:43 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-08-24 13:36 - 2016-08-06 04:43 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2016-08-24 13:36 - 2016-08-06 04:42 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-08-24 13:36 - 2016-08-06 04:41 - 13867520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-08-24 13:36 - 2016-08-06 04:41 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2016-08-24 13:36 - 2016-08-06 04:41 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2016-08-24 13:36 - 2016-08-06 04:41 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-08-24 13:36 - 2016-08-06 04:41 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2016-08-24 13:36 - 2016-08-06 04:41 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2016-08-24 13:36 - 2016-08-06 04:41 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2016-08-24 13:36 - 2016-08-06 04:40 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-08-24 13:36 - 2016-08-06 04:40 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-08-24 13:36 - 2016-08-06 04:40 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpipcfg.dll
2016-08-24 13:36 - 2016-08-06 04:40 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncPolicy.dll
2016-08-24 13:36 - 2016-08-06 04:39 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2016-08-24 13:36 - 2016-08-06 04:39 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2016-08-24 13:36 - 2016-08-06 04:39 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2016-08-24 13:36 - 2016-08-06 04:39 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tcpipcfg.dll
2016-08-24 13:36 - 2016-08-06 04:38 - 17187328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-08-24 13:36 - 2016-08-06 04:38 - 00526848 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-08-24 13:36 - 2016-08-06 04:37 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-08-24 13:36 - 2016-08-06 04:36 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\das.dll
2016-08-24 13:36 - 2016-08-06 04:33 - 00396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-08-24 13:36 - 2016-08-06 04:31 - 12174336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-08-24 13:36 - 2016-08-06 04:31 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-08-24 13:36 - 2016-08-06 04:31 - 01052672 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2016-08-24 13:36 - 2016-08-06 04:31 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-08-24 13:36 - 2016-08-06 04:30 - 13080576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-08-24 13:36 - 2016-08-06 04:30 - 12345344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-08-24 13:36 - 2016-08-06 04:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2016-08-24 13:36 - 2016-08-06 04:29 - 13433856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-08-24 13:36 - 2016-08-06 04:29 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2016-08-24 13:36 - 2016-08-06 04:29 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2016-08-24 13:36 - 2016-08-06 04:29 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-08-24 13:36 - 2016-08-06 04:28 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2016-08-24 13:36 - 2016-08-06 04:28 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2016-08-24 13:36 - 2016-08-06 04:28 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-08-24 13:36 - 2016-08-06 04:26 - 02422784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAJApi.dll
2016-08-24 13:36 - 2016-08-06 04:26 - 00758784 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-08-24 13:36 - 2016-08-06 04:26 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-08-24 13:36 - 2016-08-06 04:25 - 03116032 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAJApi.dll
2016-08-24 13:36 - 2016-08-06 04:25 - 01595904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-24 13:36 - 2016-08-06 04:24 - 02095616 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-08-24 13:36 - 2016-08-06 04:24 - 02026496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-08-24 13:36 - 2016-08-06 04:23 - 02370048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2016-08-24 13:36 - 2016-08-06 04:23 - 01780736 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-24 13:36 - 2016-08-06 04:23 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-24 13:36 - 2016-08-06 04:23 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-24 13:36 - 2016-08-06 04:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-08-24 13:36 - 2016-08-06 04:23 - 01062400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-08-24 13:36 - 2016-08-06 04:23 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-08-24 13:36 - 2016-08-06 04:23 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\system32\w32time.dll
2016-08-24 13:36 - 2016-08-06 04:21 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2016-08-24 13:36 - 2016-08-06 04:19 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2016-08-24 13:36 - 2016-08-05 09:29 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll
2016-08-24 13:36 - 2016-08-05 09:28 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll
2016-08-24 13:36 - 2016-08-05 09:23 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppc.dll
2016-08-24 13:36 - 2016-08-05 09:20 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2016-08-24 13:36 - 2016-08-05 09:18 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slc.dll
2016-08-23 14:43 - 2016-08-23 14:43 - 01856552 _____ (LogMeIn, Inc.) C:\Users\User\Downloads\Support-LogMeInRescue (8).exe
2016-08-23 14:19 - 2016-08-23 14:19 - 01856552 _____ (LogMeIn, Inc.) C:\Users\User\Downloads\Support-LogMeInRescue (7).exe
2016-08-23 12:57 - 2016-08-23 12:57 - 00022353 _____ C:\Users\User\Downloads\Transaction (47).pdf
2016-08-22 19:19 - 2016-08-29 09:49 - 00000000 ___DC C:\WINDOWS\Panther
2016-08-22 19:16 - 2016-08-22 19:16 - 01708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2016-08-22 19:16 - 2016-08-22 19:16 - 01656320 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-22 19:16 - 2016-08-22 19:16 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-08-22 19:16 - 2016-08-22 19:16 - 01456640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-08-22 19:16 - 2016-08-22 19:16 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-08-22 19:16 - 2016-08-22 19:16 - 00770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-08-22 19:16 - 2016-08-22 19:16 - 00509952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
2016-08-22 19:16 - 2016-08-22 19:16 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-08-22 19:16 - 2016-08-22 19:16 - 00389000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2016-08-22 19:16 - 2016-08-22 19:16 - 00297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2016-08-22 19:16 - 2016-08-22 19:16 - 00062816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2016-08-22 19:16 - 2016-08-22 19:16 - 00000000 ____D C:\Program Files\CMAK
2016-08-22 19:16 - 2016-08-22 19:16 - 00000000 ____D C:\Program Files (x86)\CMAK
2016-08-22 19:14 - 2016-08-22 19:14 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-08-22 19:12 - 2016-08-22 19:12 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-08-22 19:12 - 2016-08-22 19:12 - 00000000 ____D C:\Program Files\MSBuild
2016-08-22 19:12 - 2016-08-22 19:12 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-08-22 19:12 - 2016-08-22 19:12 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-08-22 19:12 - 2016-05-25 23:31 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2016-08-22 19:12 - 2016-05-25 23:31 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2016-08-22 19:12 - 2016-05-25 23:31 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2016-08-22 19:12 - 2016-05-25 20:03 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2016-08-22 19:12 - 2016-05-25 20:03 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-08-22 19:12 - 2016-05-25 20:03 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2016-08-22 10:53 - 2016-08-22 10:54 - 00000000 ____D C:\Users\User\AppData\Local\Foxit Reader
2016-08-22 10:47 - 2016-08-22 10:47 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-08-22 10:46 - 2016-08-22 10:46 - 00000000 ____D C:\ProgramData\USOShared
2016-08-22 10:45 - 2016-08-22 10:46 - 00000000 ____D C:\Users\User\AppData\Local\ConnectedDevicesPlatform
2016-08-22 10:45 - 2016-08-22 10:45 - 00000020 ___SH C:\Users\User\ntuser.ini
2016-08-22 10:45 - 2016-08-22 10:45 - 00000000 ____D C:\Users\User\AppData\Local\Comms
2016-08-22 10:40 - 2016-09-08 15:00 - 00000356 _____ C:\WINDOWS\system32\config\afw_hm.conf
2016-08-22 10:40 - 2016-09-08 15:00 - 00000004 _____ C:\WINDOWS\system32\config\afw_db.conf
2016-08-22 10:40 - 2016-08-22 10:40 - 00000000 _SHDL C:\Users\Default\My Documents
2016-08-22 10:40 - 2016-08-22 10:40 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2016-08-22 10:40 - 2016-08-22 10:40 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2016-08-22 10:40 - 2016-08-22 10:40 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2016-08-22 10:40 - 2016-08-22 10:40 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2016-08-22 10:40 - 2016-08-22 10:40 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2016-08-22 10:40 - 2016-08-22 10:40 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2016-08-22 10:38 - 2016-08-22 10:39 - 00007623 _____ C:\WINDOWS\diagwrn.xml
2016-08-22 10:38 - 2016-08-22 10:39 - 00007623 _____ C:\WINDOWS\diagerr.xml
2016-08-22 10:36 - 2016-09-08 15:00 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-22 10:36 - 2016-08-22 10:36 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2016-08-22 10:36 - 2016-08-22 10:36 - 00003450 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2016-08-22 10:36 - 2016-08-22 10:36 - 00003432 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-08-22 10:36 - 2016-08-22 10:36 - 00003308 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B50A4829-9A97-43BC-A96B-48FBE93FFA74}
2016-08-22 10:36 - 2016-08-22 10:36 - 00003226 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2016-08-22 10:36 - 2016-08-22 10:36 - 00003208 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-08-22 10:36 - 2016-08-22 10:36 - 00003126 _____ C:\WINDOWS\System32\Tasks\KMSAutoNet
2016-08-22 10:36 - 2016-08-22 10:36 - 00002798 _____ C:\WINDOWS\System32\Tasks\klcp_update
2016-08-22 10:36 - 2016-08-22 10:36 - 00000000 ____D C:\WINDOWS\System32\Tasks\BullGuard
2016-08-22 10:36 - 2016-08-22 10:36 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2016-08-22 10:31 - 2016-08-22 10:31 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-08-22 10:31 - 2016-08-22 10:31 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2016-08-22 10:31 - 2016-08-22 10:31 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2016-08-22 10:27 - 2016-08-22 10:31 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2016-08-22 10:25 - 2016-08-22 10:25 - 00000000 _SHDL C:\Users\User\My Documents
2016-08-22 10:25 - 2016-08-22 10:25 - 00000000 _SHDL C:\Users\User\Documents\My Videos
2016-08-22 10:25 - 2016-08-22 10:25 - 00000000 _SHDL C:\Users\User\Documents\My Pictures
2016-08-22 10:25 - 2016-08-22 10:25 - 00000000 _SHDL C:\Users\User\Documents\My Music
2016-08-22 10:22 - 2016-09-08 15:01 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-08-22 10:22 - 2016-08-22 10:22 - 00000568 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2016-08-22 10:22 - 2016-08-22 10:22 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2016-08-22 10:22 - 2016-08-22 10:22 - 00000000 ____D C:\Program Files\Intel
2016-08-22 10:22 - 2016-08-22 10:22 - 00000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2016-08-22 10:22 - 2016-08-22 09:25 - 00100488 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2016-08-22 10:21 - 2016-07-16 12:41 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2016-08-22 10:20 - 2016-09-09 10:00 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-08-22 10:20 - 2016-09-02 20:45 - 00350848 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-08-22 10:20 - 2016-08-22 10:20 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2016-08-22 09:25 - 2016-08-22 09:25 - 39862976 _____ (Intel Corporation) C:\WINDOWS\system32\igdumdim64.dll
2016-08-22 09:25 - 2016-08-22 09:25 - 38902400 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdumdim32.dll
2016-08-22 09:25 - 2016-08-22 09:25 - 34821952 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igd11dxva32.dll
2016-08-22 09:25 - 2016-08-22 09:25 - 33477440 _____ (Intel Corporation) C:\WINDOWS\system32\igd11dxva64.dll
2016-08-22 09:25 - 2016-08-22 09:25 - 29102216 _____ (Intel Corporation) C:\WINDOWS\system32\common_clang64.dll
2016-08-22 09:25 - 2016-08-22 09:25 - 19862152 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\common_clang32.dll
2016-08-22 09:25 - 2016-08-22 09:25 - 15488544 _____ (Intel Corporation) C:\WINDOWS\system32\igc64.dll
2016-08-22 09:25 - 2016-08-22 09:25 - 14615072 _____ (Intel Corporation) C:\WINDOWS\system32\igd10iumd64.dll
2016-08-22 09:25 - 2016-08-22 09:25 - 13619848 _____ (Intel Corporation) C:\WINDOWS\system32\ig9icd64.dll
2016-08-22 09:25 - 2016-08-22 09:25 - 13483232 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igc32.dll
2016-08-22 09:25 - 2016-08-22 09:25 - 11921664 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igd10iumd32.dll
2016-08-22 09:25 - 2016-08-22 09:25 - 10316936 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\ig9icd32.dll
2016-08-22 09:25 - 2016-08-22 09:25 - 07946328 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\igdkmd64.sys
2016-08-22 09:25 - 2016-08-22 09:25 - 06695832 _____ (Intel Corporation) C:\WINDOWS\system32\igdusc64.dll
2016-08-22 09:25 - 2016-08-22 09:25 - 05799386 _____ C:\WINDOWS\system32\igdclbif.bin
2016-08-22 09:25 - 2016-08-22 09:25 - 05689480 _____ (Intel Corporation) C:\WINDOWS\system32\igdmcl64.dll
2016-08-22 09:25 - 2016-08-22 09:25 - 05234312 _____ (Intel Corporation) C:\WINDOWS\system32\GfxResources.dll
2016-08-22 09:25 - 2016-08-22 09:25 - 05139576 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdusc32.dll
2016-08-22 09:25 - 2016-08-22 09:25 - 04937352 _____ (Intel Corporation) C:\WINDOWS\system32\igdrcl64.dll
2016-08-22 09:25 - 2016-08-22 09:25 - 04366472 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdrcl32.dll
2016-08-22 09:25 - 2016-08-22 09:25 - 04247192 _____ (Intel Corporation) C:\WINDOWS\system32\igd12umd64.dll
2016-08-22 09:25 - 2016-08-22 09:25 - 04214680 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igd12umd32.dll
2016-08-22 09:25 - 2016-08-22 09:25 - 03972232 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdmcl32.dll
2016-08-22 09:25 - 2016-08-22 09:25 - 02813952 _____ C:\WINDOWS\system32\iglhxa64.cpa
2016-08-22 09:25 - 2016-08-22 09:25 - 02063496 _____ (Intel Corporation) C:\WINDOWS\system32\igfxLHM.dll
2016-08-22 09:25 - 2016-08-22 09:25 - 01897096 _____ (Intel Corporation) C:\WINDOWS\system32\igdmd64.dll
2016-08-22 09:25 - 2016-08-22 09:25 - 01817360 _____ (Intel Corporation) C:\WINDOWS\system32\iglhsip64.dll
2016-08-22 09:25 - 2016-08-22 09:25 - 01814704 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\iglhsip32.dll
2016-08-22 09:25 - 2016-08-22 09:25 - 01813392 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01011.dll
2016-08-22 09:25 - 2016-08-22 09:25 - 01591432 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcmjit64.dll
2016-08-22 09:25 - 2016-08-22 09:25 - 01470544 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdmd32.dll
2016-08-22 09:25 - 2016-08-22 09:25 - 01179272 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxcmjit32.dll
2016-08-22 09:25 - 2016-08-22 09:25 - 00967256 _____ (Intel Corporation) C:\WINDOWS\system32\Gfxv4_0.exe
2016-08-22 09:25 - 2016-08-22 09:25 - 00963680 _____ (Intel Corporation) C:\WINDOWS\system32\Gfxv2_0.exe
2016-08-22 09:25 - 2016-08-22 09:25 - 00818898 _____ C:\WINDOWS\system32\DisplayAudiox64.cab
2016-08-22 09:25 - 2016-08-22 09:25 - 00757896 _____ (Intel Corporation) C:\WINDOWS\system32\igfxDH.dll
2016-08-22 09:25 - 2016-08-22 09:25 - 00644696 _____ (Intel Corporation) C:\WINDOWS\system32\igfxSDK.exe
2016-08-22 09:25 - 2016-08-22 09:25 - 00641530 _____ C:\WINDOWS\system32\FilmModeDetection.wmv
2016-08-22 09:25 - 2016-08-22 09:25 - 00633480 _____ (Intel Corporation) C:\WINDOWS\system32\MetroIntelGenericUIFramework.dll
2016-08-22 09:25 - 2016-08-22 09:25 - 00537184 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiUMS64.exe
2016-08-22 09:25 - 2016-08-22 09:25 - 00511260 _____ C:\WINDOWS\system32\cp_resources.bin
2016-08-22 09:25 - 2016-08-22 09:25 - 00467544 _____ (Intel Corporation) C:\WINDOWS\system32\GfxUIEx.exe
2016-08-22 09:25 - 2016-08-22 09:25 - 00449112 _____ (Intel Corporation) C:\WINDOWS\system32\IntelCpHDCPSvc.exe
2016-08-22 09:25 - 2016-08-22 09:25 - 00439944 _____ (Intel Corporation) C:\WINDOWS\system32\igdbcl64.dll
2016-08-22 09:25 - 2016-08-22 09:25 - 00416904 _____ (Intel Corporation) C:\WINDOWS\system32\IntelOpenCL64.dll
2016-08-22 09:25 - 2016-08-22 09:25 - 00403671 _____ C:\WINDOWS\system32\ImageStabilization.wmv
2016-08-22 09:25 - 2016-08-22 09:25 - 00402520 _____ C:\WINDOWS\system32\igfxTray.exe
2016-08-22 09:25 - 2016-08-22 09:25 - 00397448 _____ (Intel Corporation) C:\WINDOWS\system32\igfxDI.dll
2016-08-22 09:25 - 2016-08-22 09:25 - 00390792 _____ (Intel Corporation) C:\WINDOWS\system32\igfxOSP.dll
2016-08-22 09:25 - 2016-08-22 09:25 - 00389256 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdbcl32.dll
2016-08-22 09:25 - 2016-08-22 09:25 - 00375173 _____ C:\WINDOWS\system32\ColorImageEnhancement.wmv
2016-08-22 09:25 - 2016-08-22 09:25 - 00374360 _____ (Intel Corporation) C:\WINDOWS\system32\igfxCUIService.exe
2016-08-22 09:25 - 2016-08-22 09:25 - 00355424 _____ (Intel Corporation) C:\WINDOWS\system32\igfxEM.exe
2016-08-22 09:25 - 2016-08-22 09:25 - 00350824 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiMCComp64.dll
2016-08-22 09:25 - 2016-08-22 09:25 - 00319112 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\IntelOpenCL32.dll
2016-08-22 09:25 - 2016-08-22 09:25 - 00312944 _____ (Intel Corporation) C:\WINDOWS\system32\igd10idpp64.dll
2016-08-22 09:25 - 2016-08-22 09:25 - 00302168 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\IntelCpHeciSvc.exe
2016-08-22 09:25 - 2016-08-22 09:25 - 00297808 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igd10idpp32.dll
2016-08-22 09:25 - 2016-08-22 09:25 - 00274056 _____ C:\WINDOWS\system32\igfxCPL.cpl
2016-08-22 09:25 - 2016-08-22 09:25 - 00269400 _____ (Intel Corporation) C:\WINDOWS\system32\igfxHK.exe
2016-08-22 09:25 - 2016-08-22 09:25 - 00266888 _____ (Intel Corporation) C:\WINDOWS\system32\igdfcl64.dll
2016-08-22 09:25 - 2016-08-22 09:25 - 00255624 _____ (Intel Corporation) C:\WINDOWS\system32\igfxDTCM.dll
2016-08-22 09:25 - 2016-08-22 09:25 - 00242800 _____ (Intel Corporation) C:\WINDOWS\system32\iglhcp64.dll
2016-08-22 09:25 - 2016-08-22 09:25 - 00237656 _____ (Intel Corporation) C:\WINDOWS\system32\igfxext.exe
2016-08-22 09:25 - 2016-08-22 09:25 - 00233048 _____ (Intel Corporation) C:\WINDOWS\system32\DPTopologyApp.exe
2016-08-22 09:25 - 2016-08-22 09:25 - 00232536 _____ (Intel Corporation) C:\WINDOWS\system32\DPTopologyAppv2_0.exe
2016-08-22 09:25 - 2016-08-22 09:25 - 00225928 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdfcl32.dll
2016-08-22 09:25 - 2016-08-22 09:25 - 00223888 _____ (Intel Corporation) C:\WINDOWS\system32\igdde64.dll
2016-08-22 09:25 - 2016-08-22 09:25 - 00210056 _____ (Intel Corporation) C:\WINDOWS\system32\igfxCoIn_v4474.dll
2016-08-22 09:25 - 2016-08-22 09:25 - 00206000 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\iglhcp32.dll
2016-08-22 09:25 - 2016-08-22 09:25 - 00193672 _____ (Intel Corporation) C:\WINDOWS\system32\igdail64.dll
2016-08-22 09:25 - 2016-08-22 09:25 - 00184624 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcmrt64.dll
2016-08-22 09:25 - 2016-08-22 09:25 - 00183600 _____ (Intel Corporation) C:\WINDOWS\system32\igfx11cmrt64.dll
2016-08-22 09:25 - 2016-08-22 09:25 - 00182480 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdde32.dll
2016-08-22 09:25 - 2016-08-22 09:25 - 00175704 _____ (Intel Corporation) C:\WINDOWS\system32\difx64.exe
2016-08-22 09:25 - 2016-08-22 09:25 - 00174216 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdail32.dll
2016-08-22 09:25 - 2016-08-22 09:25 - 00160912 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxcmrt32.dll
2016-08-22 09:25 - 2016-08-22 09:25 - 00160904 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfx11cmrt32.dll
2016-08-22 09:25 - 2016-08-22 09:25 - 00112264 _____ ( ) C:\WINDOWS\system32\igfxSDKLibv2_0.dll
2016-08-22 09:25 - 2016-08-22 09:25 - 00104584 _____ (Khronos Group) C:\WINDOWS\SysWOW64\Intel_OpenCL_ICD32.dll
2016-08-22 09:25 - 2016-08-22 09:25 - 00104072 _____ C:\WINDOWS\system32\igfxCUIServicePS.dll
2016-08-22 09:25 - 2016-08-22 09:25 - 00101512 _____ ( ) C:\WINDOWS\system32\igfxSDKLib.dll
2016-08-22 09:25 - 2016-08-22 09:25 - 00100488 _____ (Khronos Group) C:\WINDOWS\system32\Intel_OpenCL_ICD64.dll
2016-08-22 09:25 - 2016-08-22 09:25 - 00095880 _____ ( ) C:\WINDOWS\system32\igfxDHLibv2_0.dll
2016-08-22 09:25 - 2016-08-22 09:25 - 00085120 _____ ( ) C:\WINDOWS\system32\igfxDHLib.dll
2016-08-22 09:25 - 2016-08-22 09:25 - 00063840 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\XtuAcpiDriver.sys
2016-08-22 09:25 - 2016-08-22 09:25 - 00055888 _____ (Intel Corporation) C:\WINDOWS\system32\igfxexps.dll
2016-08-22 09:25 - 2016-08-22 09:25 - 00053384 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxexps32.dll
2016-08-22 09:25 - 2016-08-22 09:25 - 00041296 _____ C:\WINDOWS\system32\iglhxc64_dev.vp
2016-08-22 09:25 - 2016-08-22 09:25 - 00040931 _____ C:\WINDOWS\system32\iglhxo64_dev.vp
2016-08-22 09:25 - 2016-08-22 09:25 - 00040343 _____ C:\WINDOWS\system32\iglhxo64.vp
2016-08-22 09:25 - 2016-08-22 09:25 - 00040316 _____ C:\WINDOWS\system32\iglhxc64.vp
2016-08-22 09:25 - 2016-08-22 09:25 - 00039798 _____ C:\WINDOWS\system32\iglhxg64_dev.vp
2016-08-22 09:25 - 2016-08-22 09:25 - 00039658 _____ C:\WINDOWS\system32\iglhxg64.vp
2016-08-22 09:25 - 2016-08-22 09:25 - 00029832 _____ ( ) C:\WINDOWS\system32\igfxDILibv2_0.dll
2016-08-22 09:25 - 2016-08-22 09:25 - 00029832 _____ ( ) C:\WINDOWS\system32\igfxDILib.dll
2016-08-22 09:25 - 2016-08-22 09:25 - 00028296 _____ ( ) C:\WINDOWS\system32\igfxEMLibv2_0.dll
2016-08-22 09:25 - 2016-08-22 09:25 - 00028296 _____ ( ) C:\WINDOWS\system32\igfxEMLib.dll
2016-08-22 09:25 - 2016-08-22 09:25 - 00023176 _____ ( ) C:\WINDOWS\system32\igfxLHMLibv2_0.dll
2016-08-22 09:25 - 2016-08-22 09:25 - 00023176 _____ ( ) C:\WINDOWS\system32\igfxLHMLib.dll
2016-08-22 09:25 - 2016-08-22 09:25 - 00004842 _____ C:\WINDOWS\system32\iglhxs64.vp
2016-08-22 09:25 - 2016-08-22 09:25 - 00001125 _____ C:\WINDOWS\system32\iglhxa64.vp
2016-08-22 09:25 - 2016-08-22 09:25 - 00000935 _____ C:\WINDOWS\system32\Gfxv4_0.exe.config
2016-08-22 09:25 - 2016-08-22 09:25 - 00000935 _____ C:\WINDOWS\system32\DPTopologyApp.exe.config
2016-08-22 09:25 - 2016-08-22 09:25 - 00000895 _____ C:\WINDOWS\system32\Gfxv2_0.exe.config
2016-08-22 09:25 - 2016-08-22 09:25 - 00000895 _____ C:\WINDOWS\system32\DPTopologyAppv2_0.exe.config
2016-08-16 12:19 - 2016-08-16 12:19 - 00024633 _____ C:\Users\User\Downloads\Transaction (46).pdf
2016-08-16 11:13 - 2016-08-16 11:13 - 00047711 _____ C:\Users\User\Downloads\RyanairBoardingPass-SQ22HW_MLA-LPL.pdf
2016-08-15 09:57 - 2016-08-22 10:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
2016-08-15 09:57 - 2016-08-15 09:57 - 00000000 ____D C:\Program Files\Classic Shell
2016-08-15 09:53 - 2016-08-15 09:53 - 07220496 _____ (IvoSoft) C:\Users\User\Downloads\ClassicShellSetup_4_3_0.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-09 10:36 - 2016-03-19 01:37 - 00000000 ____D C:\ProgramData\BullGuard
2016-09-09 10:32 - 2016-03-19 01:30 - 00000000 ____D C:\Users\User\AppData\Local\ClassicShell
2016-09-09 10:26 - 2016-04-18 15:30 - 00000000 ___RD C:\Users\User\Google Drive
2016-09-09 09:37 - 2016-03-19 22:14 - 00000000 ____D C:\Users\User\Documents\Outlook
2016-09-09 08:34 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-09-09 08:34 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-09-08 15:47 - 2016-03-19 01:17 - 00000000 ____D C:\Users\User\AppData\Local\Packages
2016-09-08 15:06 - 2016-03-19 01:20 - 01051154 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-09-08 15:02 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2016-09-08 15:02 - 2016-03-29 11:00 - 00000000 ___RD C:\Users\User\Dropbox
2016-09-08 15:01 - 2016-03-19 01:22 - 00000000 __SHD C:\Users\User\IntelGraphicsProfiles
2016-09-08 14:59 - 2016-07-16 07:04 - 00262144 _____ C:\WINDOWS\system32\config\BBI
2016-09-07 15:13 - 2016-03-19 14:53 - 165990400 ____R C:\Users\User\Documents\All Turf Limited 2012.QBW
2016-09-07 15:13 - 2016-03-19 14:53 - 05832704 ____R C:\Users\User\Documents\All Turf Limited 2012.QBW.TLG
2016-09-07 15:13 - 2016-03-19 14:53 - 00000351 _____ C:\Users\User\Documents\All Turf Limited 2012.QBW.ND
2016-09-07 15:01 - 2016-03-19 14:54 - 00000000 ____D C:\Users\User\Documents\All Turf Limited 2012.QBW.SearchIndex
2016-09-07 13:08 - 2016-07-27 12:20 - 00000000 ____D C:\Users\User\AppData\Roaming\WhatsApp
2016-09-07 07:51 - 2016-03-19 14:54 - 00000000 ____D C:\Users\User\Documents\QuickBooksAutoDataRecovery
2016-09-05 10:47 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\rescache
2016-09-02 21:49 - 2016-03-19 01:37 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-09-02 20:47 - 2016-03-19 01:17 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-09-02 18:25 - 2016-07-16 15:24 - 00000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2016-09-02 18:25 - 2016-07-16 12:47 - 00000000 ___SD C:\WINDOWS\system32\dsc
2016-09-02 18:25 - 2016-07-16 12:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-09-02 18:25 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-09-02 18:25 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2016-09-02 18:25 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2016-09-02 18:25 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\et-EE
2016-09-02 18:25 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\es-MX
2016-09-02 18:25 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\en-GB
2016-09-02 18:25 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-09-02 18:25 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\Provisioning
2016-09-02 18:25 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-09-02 12:51 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-09-01 10:33 - 2016-07-16 12:43 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2016-09-01 10:33 - 2016-07-16 12:43 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2016-09-01 10:33 - 2016-07-16 12:43 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2016-09-01 10:33 - 2016-07-16 12:43 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2016-09-01 10:33 - 2016-07-16 12:43 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-09-01 10:33 - 2016-07-16 12:43 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-09-01 10:33 - 2016-07-16 12:42 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2016-09-01 10:33 - 2016-07-16 12:42 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-09-01 10:33 - 2016-07-16 12:42 - 00409952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2016-09-01 10:33 - 2016-07-16 12:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-09-01 10:33 - 2016-07-16 12:42 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-09-01 10:33 - 2016-07-16 12:42 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-09-01 10:33 - 2016-07-16 12:42 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-09-01 10:32 - 2016-07-16 12:43 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2016-09-01 10:32 - 2016-07-16 12:42 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-09-01 10:32 - 2016-07-16 12:42 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-09-01 10:32 - 2016-07-16 12:42 - 00114192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2016-09-01 10:32 - 2016-07-16 12:42 - 00079544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2016-08-30 17:56 - 2016-05-09 11:09 - 00000000 ____D C:\Users\Public\Documents\Winstep
2016-08-30 09:42 - 2016-03-19 01:43 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-08-26 10:05 - 2016-03-19 22:01 - 00000000 ____D C:\IRIS Payroll
2016-08-26 06:43 - 2016-07-16 12:49 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-08-26 06:43 - 2016-07-16 12:49 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-08-25 19:45 - 2016-03-19 01:32 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-08-25 19:45 - 2016-03-19 01:32 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-08-25 18:49 - 2016-03-19 01:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-08-25 11:35 - 2016-03-19 01:17 - 00000000 ____D C:\Users\User\AppData\Roaming\Adobe
2016-08-24 17:32 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-08-23 07:37 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\appcompat
2016-08-22 19:19 - 2016-07-16 12:47 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-08-22 19:15 - 2016-07-16 15:13 - 00000000 ____D C:\WINDOWS\OCR
2016-08-22 10:48 - 2016-03-19 01:19 - 00002400 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-08-22 10:48 - 2016-03-19 01:19 - 00000000 ___RD C:\Users\User\OneDrive
2016-08-22 10:46 - 2016-07-16 12:47 - 00000000 ____D C:\ProgramData\USOPrivate
2016-08-22 10:40 - 2016-03-19 01:41 - 00000674 __RSH C:\ProgramData\ntuser.pol
2016-08-22 10:39 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\Registration
2016-08-22 10:38 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-08-22 10:38 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2016-08-22 10:35 - 2016-07-16 12:47 - 00000000 __RHD C:\Users\Public\Libraries
2016-08-22 10:31 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2016-08-22 10:31 - 2016-05-23 17:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\All Orders
2016-08-22 10:31 - 2016-05-23 17:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2005
2016-08-22 10:31 - 2016-05-09 11:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winstep
2016-08-22 10:31 - 2016-04-18 15:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-08-22 10:31 - 2016-04-01 11:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IRIS Payroll Business
2016-08-22 10:31 - 2016-03-19 14:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2016-08-22 10:31 - 2016-03-19 14:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickBooks
2016-08-22 10:31 - 2016-03-19 01:41 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BullGuard
2016-08-22 10:31 - 2016-03-19 01:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BullGuard
2016-08-22 10:31 - 2016-03-19 01:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2016-08-22 10:31 - 2016-03-19 01:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2016-08-22 10:31 - 2016-03-19 01:34 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-08-22 10:31 - 2016-03-19 01:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-08-22 10:31 - 2016-03-19 01:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-08-22 10:31 - 2016-03-19 01:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-08-22 10:31 - 2016-03-19 01:29 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2016-08-22 10:31 - 2015-07-10 14:29 - 00000000 ____D C:\WINDOWS\ShellNew
2016-08-22 10:31 - 2015-07-10 10:05 - 00000000 ____D C:\Users\Default.migrated
2016-08-22 10:28 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2016-08-22 10:28 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\spool
2016-08-22 10:28 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-08-22 10:28 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-08-22 10:28 - 2016-06-13 09:46 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2016-08-22 10:28 - 2016-03-19 01:34 - 00000000 ____D C:\WINDOWS\SysWOW64\Adobe
2016-08-22 10:27 - 2016-07-16 12:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-08-22 10:27 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files\Common Files\System
2016-08-22 10:27 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-08-22 10:27 - 2016-03-19 01:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-08-22 10:27 - 2015-07-10 12:04 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-08-22 10:26 - 2016-07-27 12:20 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2016-08-22 10:25 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-08-22 10:22 - 2016-07-16 12:47 - 00000000 ___RD C:\WINDOWS\PrintDialog
2016-08-22 10:22 - 2016-07-16 12:47 - 00000000 ___RD C:\WINDOWS\MiracastView
2016-08-22 09:49 - 2016-03-19 01:32 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-22 09:42 - 2016-03-19 01:37 - 00000936 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-08-22 09:36 - 2016-03-19 01:37 - 00000932 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-08-22 09:36 - 2016-03-19 01:32 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-22 09:25 - 2016-07-16 15:24 - 00104584 _____ (Khronos Group) C:\WINDOWS\SysWOW64\opencl.dll
2016-08-19 19:18 - 2016-03-19 14:58 - 00013504 _____ C:\WINDOWS\BRRBCOM.INI
2016-08-15 13:02 - 2016-03-19 01:51 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-15 12:57 - 2016-03-19 01:51 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-15 09:52 - 2016-03-19 01:32 - 00002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

==================== Files in the root of some directories =======

2016-07-27 17:39 - 2016-07-28 15:15 - 0022901 _____ () C:\Users\User\AppData\Roaming\Comma Separated Values.ADR
2016-07-27 17:27 - 2016-07-27 17:28 - 0007027 _____ () C:\Users\User\AppData\Roaming\Comma Separated Values.EML

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Firmware Boot Manager
---------------------
identifier              {fwbootmgr}
displayorder            {bootmgr}
                        {b76e8d7e-eda8-11e5-8c08-e49d365c11a9}
                        {b76e8d7f-eda8-11e5-8c08-e49d365c11a9}
timeout                 1

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume2
path                    \EFI\MICROSOFT\BOOT\BOOTMGFW.EFI
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {b76e8d86-eda8-11e5-8c08-e49d365c11a9}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Firmware Application (101fffff)
-------------------------------
identifier              {b76e8d7e-eda8-11e5-8c08-e49d365c11a9}
description             CD/DVD Drive

Firmware Application (101fffff)
-------------------------------
identifier              {b76e8d7f-eda8-11e5-8c08-e49d365c11a9}
description             Hard Drive

Windows Boot Loader
-------------------
identifier              {b76e8d83-eda8-11e5-8c08-e49d365c11a9}
device                  ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{b76e8d84-eda8-11e5-8c08-e49d365c11a9}
path                    \windows\system32\winload.efi
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{b76e8d84-eda8-11e5-8c08-e49d365c11a9}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \WINDOWS\system32\winload.efi
description             Windows 10
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {b76e8d88-eda8-11e5-8c08-e49d365c11a9}
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
osdevice                partition=C:
systemroot              \WINDOWS
resumeobject            {b76e8d86-eda8-11e5-8c08-e49d365c11a9}
nx                      OptIn
bootmenupolicy          Standard

Windows Boot Loader
-------------------
identifier              {b76e8d88-eda8-11e5-8c08-e49d365c11a9}
device                  ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{b76e8d89-eda8-11e5-8c08-e49d365c11a9}
path                    \windows\system32\winload.efi
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{b76e8d89-eda8-11e5-8c08-e49d365c11a9}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {b76e8d81-eda8-11e5-8c08-e49d365c11a9}
device                  partition=C:
path                    \Windows\system32\winresume.efi
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {b76e8d83-eda8-11e5-8c08-e49d365c11a9}
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Resume from Hibernate
---------------------
identifier              {b76e8d86-eda8-11e5-8c08-e49d365c11a9}
device                  partition=C:
path                    \WINDOWS\system32\winresume.efi
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {b76e8d88-eda8-11e5-8c08-e49d365c11a9}
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume2
path                    \EFI\Microsoft\Boot\memtest.efi
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 No

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {b76e8d84-eda8-11e5-8c08-e49d365c11a9}
description             Windows Recovery
ramdisksdidevice        partition=\Device\HarddiskVolume1
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier              {b76e8d85-eda8-11e5-8c08-e49d365c11a9}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Device options
--------------
identifier              {b76e8d89-eda8-11e5-8c08-e49d365c11a9}
description             Windows Recovery
ramdisksdidevice        partition=\Device\HarddiskVolume1
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

LastRegBack: 2016-09-08 10:43

==================== End of FRST.txt ============================

 

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by User (09-09-2016 10:36:41)
Running from C:\Users\User\Desktop
Windows 10 Enterprise Version 1607 (X64) (2016-08-22 09:40:41)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2347456373-1113129142-1104710265-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2347456373-1113129142-1104710265-503 - Limited - Disabled)
Doug (S-1-5-21-2347456373-1113129142-1104710265-1006 - Limited - Enabled)
Guest (S-1-5-21-2347456373-1113129142-1104710265-501 - Limited - Disabled)
User (S-1-5-21-2347456373-1113129142-1104710265-1001 - Administrator - Enabled) => C:\Users\User

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: BullGuard Antivirus (Enabled - Up to date) {EDBB5818-2352-E06B-028A-4E6873B92CC5}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: BullGuard Antispyware (Enabled - Up to date) {56DAB9FC-0568-EFE5-383A-751A083E6678}
FW: BullGuard Firewall (Enabled) {D580D93D-693D-E133-29D5-E75D8D6A6BBE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader XI  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.)
All Orders64 (HKLM-x32\...\InstallShield_{70058C98-9D5D-48C0-AC7E-2E6EFDBC1733}) (Version:  - )
All Orders64 (Version: 6.2.3 - NumberCruncher.com, Inc.) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother MFL-Pro Suite MFC-J5320DW (HKLM-x32\...\{7FC49664-DAA4-4E7C-ADD0-614ABB43691B}) (Version: 1.0.5.0 - Brother Industries, Ltd.)
BullGuard Internet Security (HKLM\...\BullGuard) (Version: 16.0 - BullGuard Ltd.)
Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)
Dropbox (HKLM-x32\...\Dropbox) (Version: 9.4.49 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.35.1 - Dropbox, Inc.) Hidden
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.3.4.311 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\{8B441F7D-FAE4-3F66-BB1D-430B2F76423B}) (Version: 49.0.2623.87 - Google, Inc.)
Google Drive (HKLM-x32\...\{459CE109-4E46-4340-92BC-054642BC3BC2}) (Version: 1.31.2873.2758 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Herramientas de corrección de Microsoft Office 2016: español (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
IRIS Payroll Business (HKLM-x32\...\InstallShield_{C1DB6793-0705-4E98-8E64-39750262D783}) (Version: 2.15.56.0 - IRIS Software Ltd)
IRIS Payroll Business (x32 Version: 2.15.56.0 - IRIS Software Ltd) Hidden
iTunes (HKLM\...\{955524E7-79EB-4CA9-BA4D-FD2DF587651B}) (Version: 12.4.3.1 - Apple Inc.)
Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
K-Lite Codec Pack 12.0.1 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.0.1 - KLCP)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server Management Studio Express (HKLM\...\{B6C87B73-79A5-401A-A12A-4DD96EC40442}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{86177DAE-38B1-49DD-912E-35CB703AB779}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
MindMaster (HKLM-x32\...\{D5A2C78C-5D8F-40D2-A130-7696D4F22953}) (Version: 2.2.9 - MindMaster)
Nexus 16.3 (HKLM-x32\...\Winstep Xtreme_is1) (Version:  - )
Outils de vérification linguistique 2016 de Microsoft Office - Français (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
QuickBooks (x32 Version: 24.0.4009.2403 - Intuit Limited) Hidden
QuickBooks Pro 2014 (HKLM-x32\...\{4A21D17E-2FE8-42CD-88B7-ACF8E8860834}) (Version: 24.0.4009.2403 - Intuit Limited)
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
Skype™ 7.21 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.21.100 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.2 - VideoLAN)
WhatsApp (HKU\S-1-5-21-2347456373-1113129142-1104710265-1001\...\WhatsApp) (Version: 0.2.1455 - WhatsApp)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2347456373-1113129142-1104710265-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {004714CD-90F5-4062-9831-1B0F00B23464} - System32\Tasks\BullGuard\BullGuardUpdate2 => C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate2.exe [2016-08-25] (BullGuard Ltd.)
Task: {01C7238A-8420-4F1E-BE1A-DA63E5ACA932} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {34058A02-CFA4-445E-9FDA-1F364A9DD497} - System32\Tasks\KMSAutoNet => C:\ProgramData\KMSAutoS\KMSAuto Net.exe
Task: {3EF80CAA-A044-49BE-9F86-8003034771F6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-19] (Google Inc.)
Task: {6EE21BAE-96F3-4A75-A651-9881D94561BF} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2016-03-02] ()
Task: {7BB1EFF4-91D2-4CB0-B50A-5CB98289484F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {A2D91315-E4F3-46FA-A388-E9FCC3CCDBA4} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-03-19] (Dropbox, Inc.)
Task: {A411A6D7-7A62-4A83-8C05-F7C5CEF54E46} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-03-19] (Dropbox, Inc.)
Task: {A50E46A1-662B-4D5B-AD63-846927735C5C} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)
Task: {AB12DF99-4420-41E0-B060-D5F447D3EF83} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-19] (Google Inc.)
Task: {F9AA63F1-58BF-401C-848C-A5915B59B80D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-07-16 12:42 - 2016-07-16 12:42 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-08-25 15:13 - 2016-08-25 15:13 - 00727320 _____ () c:\program files\bullguard ltd\bullguard\SQLite.dll
2016-08-25 15:13 - 2016-08-25 15:13 - 00084248 _____ () c:\program files\bullguard ltd\bullguard\zlib1.dll
2016-08-25 15:13 - 2016-08-25 15:13 - 00644888 _____ () c:\program files\bullguard ltd\bullguard\LibXml2.dll
2016-08-25 15:13 - 2016-08-25 15:13 - 00644888 _____ () C:\Program Files\BullGuard Ltd\BullGuard\LibXml2.dll
2016-08-25 15:13 - 2016-08-25 15:13 - 00064792 _____ () C:\Program Files\BullGuard Ltd\BullGuard\LIBBZ2.dll
2016-08-25 15:13 - 2016-08-25 15:13 - 00084248 _____ () C:\Program Files\BullGuard Ltd\BullGuard\zlib1.dll
2016-03-19 14:58 - 2005-04-22 05:36 - 00143360 _____ () C:\WINDOWS\system32\BrSNMP64.dll
2016-08-22 09:25 - 2016-08-22 09:25 - 00402520 _____ () C:\WINDOWS\system32\igfxTray.exe
2016-07-16 12:42 - 2016-07-16 12:42 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-08-22 10:48 - 2016-08-22 10:48 - 00959168 _____ () C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-07-16 12:42 - 2016-07-16 12:42 - 00130048 _____ () C:\WINDOWS\SYSTEM32\CHARTV.dll
2016-07-16 12:42 - 2016-07-16 12:42 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-07-16 12:43 - 2016-09-01 10:33 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-07-16 12:43 - 2016-09-01 10:33 - 00693248 _____ () C:\Windows\ShellExperiences\MtcUvc.dll
2016-07-16 12:43 - 2016-09-01 10:33 - 09761280 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-09-02 12:28 - 2016-08-20 05:54 - 01401344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-16 12:43 - 2016-09-01 10:33 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-07-16 12:43 - 2016-09-01 10:33 - 01033728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-09-02 12:28 - 2016-08-20 05:54 - 02438144 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-09-02 12:28 - 2016-08-20 05:56 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-08-25 15:13 - 2016-08-25 15:13 - 00727320 _____ () C:\Program Files\BullGuard Ltd\BullGuard\SQLite.dll
2016-08-30 07:10 - 2016-08-30 07:10 - 00071168 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.7.113.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-08-30 07:10 - 2016-08-30 07:10 - 00178176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.7.113.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-08-30 07:10 - 2016-08-30 07:10 - 35288064 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.7.113.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-08-25 07:09 - 2016-08-25 07:09 - 03763712 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1608.2213.0_x64__8wekyb3d8bbwe\Calculator.exe
2016-08-15 09:52 - 2016-08-03 00:41 - 02366280 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libglesv2.dll
2016-08-15 09:52 - 2016-08-03 00:40 - 00107848 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libegl.dll
2015-07-30 04:32 - 2015-07-30 04:32 - 02210480 _____ () C:\Program Files\Microsoft Office\Office16\tmpod.dll
2015-07-31 10:58 - 2015-07-31 10:58 - 01455784 _____ () C:\Program Files\Microsoft Office\Office16\ADDINS\UmOutlookAddin.dll
2016-08-16 08:59 - 2016-08-16 08:59 - 00017408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-08-16 08:59 - 2016-08-16 08:59 - 13475840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-08-16 08:59 - 2016-08-16 08:59 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2016-03-19 02:01 - 2016-03-19 02:01 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-08-15 09:51 - 2016-08-03 00:04 - 31541952 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\PepperFlash\pepflashplayer.dll
2016-07-12 06:21 - 2016-07-12 06:21 - 08911552 _____ () C:\Program Files\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-03-19 14:57 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2016-05-09 11:11 - 2012-06-08 19:40 - 01086176 _____ () C:\Program Files (x86)\Winstep\wodTelnetDLX.dll
2016-03-19 01:37 - 2016-08-06 04:21 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-09-02 21:49 - 2016-08-06 04:21 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-09-02 21:49 - 2016-08-06 04:22 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-09-02 21:49 - 2016-08-06 04:21 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-03-19 01:37 - 2016-08-06 04:21 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-03-19 01:37 - 2016-08-06 04:21 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-03-19 01:37 - 2016-08-30 22:38 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-03-19 01:37 - 2016-08-06 04:21 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-09-02 21:49 - 2016-08-30 22:38 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-03-19 01:37 - 2016-08-06 04:22 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-09-02 21:49 - 2016-08-30 22:38 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-09-02 21:49 - 2016-08-30 22:38 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2016-03-19 01:37 - 2016-08-06 04:24 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-08-06 09:44 - 2016-08-30 22:38 - 00021312 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2016-09-02 21:49 - 2016-08-30 22:38 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-09-02 21:49 - 2016-08-30 22:38 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-09-02 21:49 - 2016-08-06 04:19 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2016-09-02 21:49 - 2016-08-06 04:24 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-03-19 01:37 - 2016-08-06 04:24 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2016-03-19 01:37 - 2016-08-06 04:24 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-03-19 01:37 - 2016-08-30 22:38 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-03-19 01:37 - 2016-08-06 04:24 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-08-06 09:44 - 2016-08-30 22:38 - 00025424 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-03-19 01:37 - 2016-08-06 04:24 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-03-19 01:37 - 2016-08-06 04:24 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-03-19 01:37 - 2016-08-06 04:24 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-03-19 01:37 - 2016-08-06 04:24 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-03-19 01:37 - 2016-08-06 04:24 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-03-19 01:37 - 2016-08-06 04:24 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2016-03-19 01:37 - 2016-08-06 04:24 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-09-02 21:49 - 2016-08-30 22:38 - 00246592 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-09-02 21:49 - 2016-08-30 22:38 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-03-19 01:37 - 2016-08-06 04:25 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-03-19 01:37 - 2016-08-06 04:21 - 00144848 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd
2016-08-06 09:44 - 2016-08-06 04:22 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2016-03-19 01:37 - 2016-08-30 22:38 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-03-19 01:37 - 2016-08-30 22:38 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-03-19 01:37 - 2016-08-30 22:38 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-09-02 21:49 - 2016-08-30 22:38 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-03-19 01:37 - 2016-08-30 22:38 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-03-19 01:37 - 2016-08-06 04:25 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-03-19 01:37 - 2016-08-30 22:38 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-09-02 21:49 - 2016-08-30 22:38 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-09-02 21:49 - 2016-08-06 04:18 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-09-02 21:49 - 2016-08-30 22:38 - 00031568 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2016-09-02 21:49 - 2016-08-30 22:13 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2016-09-02 21:49 - 2016-08-30 22:38 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-09-02 21:49 - 2016-08-30 22:38 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-03-19 01:37 - 2016-08-06 04:22 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-09-02 21:49 - 2016-08-30 22:38 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-09-02 21:49 - 2016-08-30 22:38 - 01972528 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-09-02 21:49 - 2016-08-30 22:38 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-09-02 21:49 - 2016-08-30 22:38 - 00133424 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-09-02 21:49 - 2016-08-30 22:38 - 00224056 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-09-02 21:49 - 2016-08-30 22:38 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-08-06 09:44 - 2016-08-30 22:38 - 00020288 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32._winffi_user32.pyd
2016-03-19 01:37 - 2016-08-06 04:24 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2016-04-16 03:40 - 2016-08-30 22:38 - 00037192 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2016-08-06 09:44 - 2016-08-30 22:38 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2016-09-02 21:49 - 2016-08-30 22:38 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2016-09-02 21:49 - 2016-08-30 22:38 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2016-09-02 21:49 - 2016-08-30 22:38 - 00042808 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2016-09-02 21:49 - 2016-08-30 22:38 - 00168760 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2016-09-02 21:49 - 2016-08-06 04:29 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2016-09-02 21:49 - 2016-08-06 04:31 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2016-03-19 01:37 - 2016-08-06 04:34 - 00697304 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-08 15:02 - 2016-09-08 15:02 - 00098816 ____R () C:\Users\User\AppData\Local\Temp\_MEI69482\win32api.pyd
2016-09-08 15:02 - 2016-09-08 15:02 - 00110080 ____R () C:\Users\User\AppData\Local\Temp\_MEI69482\pywintypes27.dll
2016-09-08 15:02 - 2016-09-08 15:02 - 00364544 ____R () C:\Users\User\AppData\Local\Temp\_MEI69482\pythoncom27.dll
2016-09-08 15:02 - 2016-09-08 15:02 - 00320512 ____R () C:\Users\User\AppData\Local\Temp\_MEI69482\win32com.shell.shell.pyd
2016-09-08 15:02 - 2016-09-08 15:02 - 00776704 ____R () C:\Users\User\AppData\Local\Temp\_MEI69482\_hashlib.pyd
2016-09-08 15:02 - 2016-09-08 15:02 - 01176576 ____R () C:\Users\User\AppData\Local\Temp\_MEI69482\wx._core_.pyd
2016-09-08 15:02 - 2016-09-08 15:02 - 00806400 ____R () C:\Users\User\AppData\Local\Temp\_MEI69482\wx._gdi_.pyd
2016-09-08 15:02 - 2016-09-08 15:02 - 00816128 ____R () C:\Users\User\AppData\Local\Temp\_MEI69482\wx._windows_.pyd
2016-09-08 15:02 - 2016-09-08 15:02 - 01067008 ____R () C:\Users\User\AppData\Local\Temp\_MEI69482\wx._controls_.pyd
2016-09-08 15:02 - 2016-09-08 15:02 - 00733184 ____R () C:\Users\User\AppData\Local\Temp\_MEI69482\wx._misc_.pyd
2016-09-08 15:02 - 2016-09-08 15:02 - 00682496 ____R () C:\Users\User\AppData\Local\Temp\_MEI69482\pysqlite2._sqlite.pyd
2016-09-08 15:02 - 2016-09-08 15:02 - 00088064 ____R () C:\Users\User\AppData\Local\Temp\_MEI69482\_ctypes.pyd
2016-09-08 15:02 - 2016-09-08 15:02 - 00119808 ____R () C:\Users\User\AppData\Local\Temp\_MEI69482\win32file.pyd
2016-09-08 15:02 - 2016-09-08 15:02 - 00108544 ____R () C:\Users\User\AppData\Local\Temp\_MEI69482\win32security.pyd
2016-09-08 15:02 - 2016-09-08 15:02 - 00007168 ____R () C:\Users\User\AppData\Local\Temp\_MEI69482\hashobjs_ext.pyd
2016-09-08 15:02 - 2016-09-08 15:02 - 00017920 ____R () C:\Users\User\AppData\Local\Temp\_MEI69482\thumbnails_ext.pyd
2016-09-08 15:02 - 2016-09-08 15:02 - 00088064 ____R () C:\Users\User\AppData\Local\Temp\_MEI69482\usb_ext.pyd
2016-09-08 15:02 - 2016-09-08 15:02 - 00012800 ____R () C:\Users\User\AppData\Local\Temp\_MEI69482\common.time34.pyd
2016-09-08 15:02 - 2016-09-08 15:02 - 00018432 ____R () C:\Users\User\AppData\Local\Temp\_MEI69482\win32event.pyd
2016-09-08 15:02 - 2016-09-08 15:02 - 00167936 ____R () C:\Users\User\AppData\Local\Temp\_MEI69482\win32gui.pyd
2016-09-08 15:02 - 2016-09-08 15:02 - 00046080 ____R () C:\Users\User\AppData\Local\Temp\_MEI69482\_socket.pyd
2016-09-08 15:02 - 2016-09-08 15:02 - 01208320 ____R () C:\Users\User\AppData\Local\Temp\_MEI69482\_ssl.pyd
2016-09-08 15:02 - 2016-09-08 15:02 - 00128512 ____R () C:\Users\User\AppData\Local\Temp\_MEI69482\_elementtree.pyd
2016-09-08 15:02 - 2016-09-08 15:02 - 00127488 ____R () C:\Users\User\AppData\Local\Temp\_MEI69482\pyexpat.pyd
2016-09-08 15:02 - 2016-09-08 15:02 - 00038912 ____R () C:\Users\User\AppData\Local\Temp\_MEI69482\win32inet.pyd
2016-09-08 15:02 - 2016-09-08 15:02 - 00036864 ____R () C:\Users\User\AppData\Local\Temp\_MEI69482\_psutil_windows.pyd
2016-09-08 15:02 - 2016-09-08 15:02 - 00525208 ____R () C:\Users\User\AppData\Local\Temp\_MEI69482\windows._lib_cacheinvalidation.pyd
2016-09-08 15:02 - 2016-09-08 15:02 - 00011264 ____R () C:\Users\User\AppData\Local\Temp\_MEI69482\win32crypt.pyd
2016-09-08 15:02 - 2016-09-08 15:02 - 00077312 ____R () C:\Users\User\AppData\Local\Temp\_MEI69482\wx._html2.pyd
2016-09-08 15:02 - 2016-09-08 15:02 - 00027136 ____R () C:\Users\User\AppData\Local\Temp\_MEI69482\_multiprocessing.pyd
2016-09-08 15:02 - 2016-09-08 15:02 - 00020480 ____R () C:\Users\User\AppData\Local\Temp\_MEI69482\_yappi.pyd
2016-09-08 15:02 - 2016-09-08 15:02 - 00035840 ____R () C:\Users\User\AppData\Local\Temp\_MEI69482\win32process.pyd
2016-09-08 15:02 - 2016-09-08 15:02 - 00686080 ____R () C:\Users\User\AppData\Local\Temp\_MEI69482\unicodedata.pyd
2016-09-08 15:02 - 2016-09-08 15:02 - 00078848 ____R () C:\Users\User\AppData\Local\Temp\_MEI69482\wx._animate.pyd
2016-09-08 15:02 - 2016-09-08 15:02 - 00123392 ____R () C:\Users\User\AppData\Local\Temp\_MEI69482\wx._wizard.pyd
2016-09-08 15:02 - 2016-09-08 15:02 - 00024064 ____R () C:\Users\User\AppData\Local\Temp\_MEI69482\win32pipe.pyd
2016-09-08 15:02 - 2016-09-08 15:02 - 00010240 ____R () C:\Users\User\AppData\Local\Temp\_MEI69482\select.pyd
2016-09-08 15:02 - 2016-09-08 15:02 - 00025600 ____R () C:\Users\User\AppData\Local\Temp\_MEI69482\win32pdh.pyd
2016-09-08 15:02 - 2016-09-08 15:02 - 00017408 ____R () C:\Users\User\AppData\Local\Temp\_MEI69482\win32profile.pyd
2016-09-08 15:02 - 2016-09-08 15:02 - 00022528 ____R () C:\Users\User\AppData\Local\Temp\_MEI69482\win32ts.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-2347456373-1113129142-1104710265-1001\...\brother.co.uk -> hxxp://www.brother.co.uk

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 12:04 - 2015-07-10 12:02 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2347456373-1113129142-1104710265-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: SkypeUpdate => 2
HKLM\...\StartupApproved\StartupFolder: => "QuickBooks_Standard_21.lnk"
HKLM\...\StartupApproved\StartupFolder: => "QuickBooks Update Agent.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "ControlCenter4"
HKU\S-1-5-21-2347456373-1113129142-1104710265-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2347456373-1113129142-1104710265-1001\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{A1A09367-6E81-471D-8B82-5B16CC58BC10}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{E1B2E011-A700-41AA-98EC-90B32F8B72DA}] => (Allow) LPort=61147
FirewallRules: [UDP Query User{C5CEE190-3EF7-423F-9BCC-B9496EE5B8D8}C:\users\user\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe] => (Allow) C:\users\user\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe
FirewallRules: [TCP Query User{E949C880-E659-4BE2-B359-BB4CED3E5B6F}C:\users\user\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe] => (Allow) C:\users\user\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{A006BC26-8395-4F6D-A7EE-EB9AFBA0BCDD}C:\users\user\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\user\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [TCP Query User{C32546FF-0E71-4AB4-A652-F9E97DC5C6BB}C:\users\user\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\user\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [{841428A1-7CB0-4269-A9F3-0B5CAA8F2CA8}] => (Allow) LPort=54925
FirewallRules: [{0ABE4E83-DA4B-4CEE-8FDE-420C55FB3EAD}] => (Allow) C:\Program Files (x86)\Brother\Brmfl14e\FAXRX.EXE
FirewallRules: [{469E49A2-4B87-4B6E-9807-1A4370E34039}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1F73DBED-E8DB-4FBA-92B6-DDD9DD3AF991}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BE700E8B-5714-4DCC-8807-6957247E6890}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FA4FBEB7-854D-4CD1-91C3-632457B8D47B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B25896AD-EA34-4F49-80BC-7AFE88B99232}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{472F2675-4105-449B-B892-294A939AD4B1}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{C43BA890-F623-4DF9-A224-9133E83085E8}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{098051F4-3286-45EB-9AB0-EC4851A38298}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{54BCCFD3-2124-45DA-AFF5-CD09BBEE9442}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{2FEFFFDA-E5D1-4629-8752-2F6EF1826649}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{801E9823-010A-4EAC-B683-12DA34434B2D}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Restore Points =========================

01-09-2016 10:45:40 Windows Update
08-09-2016 13:44:19 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/09/2016 10:09:18 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;NotificationInterval=1440;Trigger=TimerEvent

Error: (09/09/2016 08:09:52 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (09/09/2016 01:38:00 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (09/09/2016 01:37:57 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ALLTURF1)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147023673 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/08/2016 10:32:35 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;NotificationInterval=1440;Trigger=TimerEvent

Error: (09/08/2016 10:31:47 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;NotificationInterval=1440;Trigger=TimerEvent

Error: (09/08/2016 08:32:39 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (09/08/2016 07:01:27 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;NotificationInterval=1440;Trigger=TimerEvent

Error: (09/08/2016 05:01:50 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;NotificationInterval=1440;Trigger=TimerEvent

Error: (09/08/2016 03:02:17 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;NotificationInterval=1440;Trigger=UserLogon;SessionId=1


System errors:
=============
Error: (09/08/2016 06:04:07 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/08/2016 03:01:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/08/2016 03:00:10 PM) (Source: Application Popup) (EventID: 56) (User: )
Description: ACPI5

Error: (09/08/2016 02:59:20 PM) (Source: DCOM) (EventID: 10010) (User: ALLTURF1)
Description: The server {20A10BD4-0FF4-45E8-87EF-D2708E99CEAA} did not register with DCOM within the required timeout.

Error: (09/08/2016 12:56:51 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/07/2016 07:16:01 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/06/2016 10:59:19 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/06/2016 07:51:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/06/2016 12:10:56 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/05/2016 09:53:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) CPU G4400 @ 3.30GHz
Percentage of memory in use: 48%
Total physical RAM: 8076.73 MB
Available physical RAM: 4143.36 MB
Total Virtual: 9356.73 MB
Available Virtual: 4604.71 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.21 GB) (Free:368.3 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

Addition.txt

FRST.txt

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Hello HazelFrith,

That is a legitimate detection by Malwarebytes and Malwarebytes is not the only program that finds it to be Riskware:

http://www.herdprotect.com/kmsauto-net.exe-10d2ce1d3be8dd49052295057e0231be6a47fa79.aspx

Do youi realize that it is pirated software?  Please read our forum policy regarding Pirated software:

 

 

Edited by Ried
Link to post
Share on other sites

On 08/09/2016 at 10:19 PM, Ried said:
20 hours ago, Ried said:

Hello HazelFrith,

That is a legitimate detection by Malwarebytes and Malwarebytes is not the only program that finds it to be Riskware:

http://www.herdprotect.com/kmsauto-net.exe-10d2ce1d3be8dd49052295057e0231be6a47fa79.aspx

Do youi realize that it is pirated software?  Please read our forum policy regarding Pirated software:

 

 

Hi Reid.

What is KMSauto-net.exe, the link you gave me doesn't explain what it is? I do not know how Kmsauto-net.exe  came onto my business PC. What software has been detected as pirated? I had assumed the infection occurred somehow by email, as I have been getting allot of unusual emails to by business email address recently, and a high volume of non-sense emails. In the last 2 weeks, I have been getting  notifications---from Windows 10, my anti-virus software (Bullguard)  and my MS office software---all reporting that I need to activate them. These requests are wrong because all my office software were legitimately installed with purchased licence keys by my IT contractor; furthermore, my windows 10 installation is a free upgrade from my old Windows 7 enterprise. This PC is my business PC and I have a contract network administrator who has installed all the office software on this machine, so all of that should be legitimate. I'm still waiting for him to return from his vacation so he can help me fix this, which is why I've been seeking help from in the mean time. The only other people who have access to this machine is my husband and occasionally my two children. If they have put something on it, I would like to know exactly what it is.

Kind regards,

Hazel

I'm unaware of what that software is. This is my business PC all my 

Link to post
Share on other sites

  • Staff

Hello Hazel,

I cannot link you to a specific site that has it because all the sites are risky.  Just read the hits on this Google Search https://www.google.com/#q=kmsauto

You would have to ask whomever did the install of Windows and/or MS Office 2016 how this got onto the machine.  Generally speaking, KMSAuto is a way to 'forge' a license for Windows or MS Office

 

Link to post
Share on other sites

  • gonzo locked this topic
Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.