I think I have Ransom Ware...please help!

lwayne14 · September 25, 2016

I think my wife's computer has Ransom Ware on it... how do we troubleshoot, and if necessary remove the virus?

Thank you for your help!

Aura · September 25, 2016

Hi lwayne

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.

As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
As long as I'm assisting you on Malwarebytes Forums, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against Malwarebytes Forums's rules;
In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;
This being said, I have a full time job, and I also have night classes on Mondays and Wednesdays, which means that if you reply during these two days, it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread;

This being said, it's time to clean-up some malware, so let's get started, shall we?

In order to get started, I'll need you to provide me a set of FRST logs. It'll allow me to see if you are infected with a Ransomware and if so, which one (if I can get enough information out of the logs). Follow the instructions in the thread below, and post back with the content of the FRST.txt and Addition.txt logs.

https://forums.malwarebytes.org/topic/9573-im-infected-what-do-i-do-now/

lwayne14 · September 25, 2016

Yoan -

Thank you so much for your help...here are the logs:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-09-2016
Ran by Kristina (administrator) on KRISTINA-T420 (25-09-2016 11:10:53)
Running from C:\Users\Kristina\Desktop
Loaded Profiles: Kristina (Available Profiles: Kristina)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Google Inc.) C:\Users\Kristina\AppData\Local\Google\Update\GoogleUpdate.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.82_none_5be7b69702339d1d\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\launcher.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.7.113.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\1.48.2066.101\SZBrowser_autoupdate.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avBugReport.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-05-11] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7408312 2016-06-27] (AVAST Software)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-09-24] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-12-22] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-04-22] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\SYSTEM32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3252455347-703174392-3648365992-1001\...\Run: [Google Update] => C:\Users\Kristina\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
HKU\S-1-5-21-3252455347-703174392-3648365992-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [151040 2016-07-16] (Microsoft Corporation)
Lsa: [Notification Packages] scecli ACGina
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-05-22] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{33822998-1efa-40f7-9663-5deb2279be4c}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{33822998-1efa-40f7-9663-5deb2279be4c}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{58548d9a-f585-45b7-a056-e2e8b885369a}: [NameServer] 212.247.156.66 212.247.156.70
Tcpip\..\Interfaces\{6c3d430a-bd8f-4faa-9648-adfe3ad99e78}: [DhcpNameServer] 96.24.14.12 75.94.255.12
Tcpip\..\Interfaces\{f2bd3f19-7256-40b7-b314-526868c45747}: [NameServer] 212.247.156.66 212.247.156.70

Internet Explorer:
==================
HKU\S-1-5-21-3252455347-703174392-3648365992-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
HKU\S-1-5-21-3252455347-703174392-3648365992-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-3252455347-703174392-3648365992-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enUS461
SearchScopes: HKU\S-1-5-21-3252455347-703174392-3648365992-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enUS461
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-05-22] (AVAST Software)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll [2013-09-02] ()
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\ssv.dll [2016-02-01] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-05-22] (AVAST Software)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files (x86)\WOT\WOT.dll [2013-09-02] ()
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-02-01] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2013-09-02] ()
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll [2013-09-02] ()
Toolbar: HKU\S-1-5-21-3252455347-703174392-3648365992-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-3252455347-703174392-3648365992-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKU\S-1-5-21-3252455347-703174392-3648365992-1001 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2013-09-02] ()
Handler-x32: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll [2012-05-12] (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\SYSTEM32\mscoree.dll [2016-07-16] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-07-22] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll [2013-09-02] ()
Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll [2013-09-02] ()

FireFox:
========
FF ProfilePath: C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\a84o85uu.default
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll [2013-06-22] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll [2013-06-22] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll [2012-10-04] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-02-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-02-01] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @skyhookwireless.com/LokiPlugin,version=3.1.0.05 -> C:\Program Files (x86)\Skyhook Wireless\Loki ActiveX Component\versions\3.1.0.05\loki.dll [2009-02-24] (Skyhook Wireless)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3252455347-703174392-3648365992-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-3252455347-703174392-3648365992-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-3252455347-703174392-3648365992-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll [2013-01-23] (Amazon.com, Inc.)
FF Extension: (Skype) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-22]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-05-22]
FF HKLM-x32\...\Firefox\Extensions: [VIP@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: (Symantec VIP Access Add-On) - C:\Program Files (x86)\Symantec\VIP Access Client [2011-12-05] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-12-26] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF

Chrome:
=======
CHR Profile: C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default [2016-07-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-24]
CHR HKU\S-1-5-21-3252455347-703174392-3648365992-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Kristina\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-09-20]
CHR HKU\S-1-5-21-3252455347-703174392-3648365992-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-05-22] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
S4 CACLEARWIRE; C:\Program Files (x86)\Clearwire\Connection Manager\ConAppsSvc.exe [124240 2009-11-09] (SmithMicro Inc.)
S4 CLEARWIRERcAppSvc; C:\Program Files (x86)\Clearwire\Connection Manager\RcAppSvc.exe [120144 2009-11-09] (SmithMicro Inc.)
S4 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [478056 2011-10-04] (Lenovo.)
S4 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2014-11-16] (SurfRight B.V.)
S4 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [339456 2010-11-16] () [File not signed]
S4 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
S4 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [555320 2014-12-10] (Malwarebytes Corporation)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S4 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2011-12-22] (Intuit) [File not signed]
S4 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2008-11-18] (Intuit Inc.) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-07-16] (Microsoft Corporation)
S4 SMSI Device Launch Service; C:\Program Files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe [107856 2009-11-09] ()
S4 SROSVC; C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [446800 2011-09-01] (Lenovo Group Limited)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255608 2016-04-21] (Synaptics Incorporated)
S4 Tele2 Mobile Partner. RunOuc; C:\Program Files (x86)\Tele2 Mobile Partner\UpdateDog\ouc.exe [218624 2015-02-02] () [File not signed]
S4 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
S4 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [82544 2011-06-30] (Symantec Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-05-22] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-05-22] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-05-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-05-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-05-22] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-05-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-05-22] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-05-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-08-05] (AVAST Software)
R3 e1cexpress; C:\Windows\system32\DRIVERS\e1c64x64.sys [468752 2014-06-27] (Intel Corporation)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2014-12-10] ()
R2 hmpalert; C:\Windows\System32\drivers\hmpalert.sys [93144 2014-11-16] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-09-24] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NETwNe64; C:\Windows\System32\drivers\NETwew01.sys [3343872 2016-07-16] (Intel Corporation)
S3 PCTINDIS5X64; C:\Windows\system32\PCTINDIS5X64.SYS [43032 2009-11-09] (Smith Micro Inc.)
S3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [52912 2015-08-07] (Synaptics Incorporated)
R3 Tvti2c; C:\Windows\system32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo (United States) Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U4 aspnet_state; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-25 11:10 - 2016-09-25 11:10 - 00022943 _____ C:\Users\Kristina\Desktop\FRST.txt
2016-09-25 11:10 - 2016-09-25 11:10 - 00000000 ____D C:\FRST
2016-09-25 11:10 - 2016-09-25 11:07 - 02403328 _____ (Farbar) C:\Users\Kristina\Desktop\FRST64.exe
2016-09-24 18:36 - 2016-09-24 19:21 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-09-23 09:01 - 2016-09-23 09:01 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-09-23 08:58 - 2016-09-24 17:46 - 00000000 ____D C:\Users\Kristina\AppData\Local\ConnectedDevicesPlatform
2016-09-23 08:58 - 2016-09-23 08:58 - 00000020 ___SH C:\Users\Kristina\ntuser.ini
2016-09-23 07:23 - 2016-09-23 05:05 - 00000000 ___DC C:\WINDOWS\Panther
2016-09-23 07:18 - 2016-09-23 04:35 - 00000000 ____D C:\Windows.old
2016-09-23 07:17 - 2016-09-23 07:17 - 00000000 ____D C:\Program Files\CMAK
2016-09-23 07:17 - 2016-09-23 07:17 - 00000000 ____D C:\Program Files (x86)\CMAK
2016-09-23 07:16 - 2016-09-23 07:16 - 23681024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 22566400 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 20965248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 19417088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 19416576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 13434368 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 13081088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 12345856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 12174336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 09260032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmploc.DLL
2016-09-23 07:16 - 2016-09-23 07:16 - 09260032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmploc.DLL
2016-09-23 07:16 - 2016-09-23 07:16 - 08122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 07623680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 06574592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 06043136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 04747776 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 04130944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 03893376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 03776512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 03305984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 03299328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2016-09-23 07:16 - 2016-09-23 07:16 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2016-09-23 07:16 - 2016-09-23 07:16 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2016-09-23 07:16 - 2016-09-23 07:16 - 02537824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-09-23 07:16 - 2016-09-23 07:16 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 02481768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 02446696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 02424320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Perception.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 02370048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 02256224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-09-23 07:16 - 2016-09-23 07:16 - 02251432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 02217472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 02214784 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 02183792 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 02095616 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-09-23 07:16 - 2016-09-23 07:16 - 02049480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 02026496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-09-23 07:16 - 2016-09-23 07:16 - 01990640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 01966288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 01891328 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 01883784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 01853232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 01847048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 01707512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 01656320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Perception.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 01656320 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 01637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 01595904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 01570680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 01557296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 01555456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2016-09-23 07:16 - 2016-09-23 07:16 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 01472536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 01453992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 01418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 01403392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Editing.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 01362504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpmde.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 01360456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 01343928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 01316352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 01293312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2016-09-23 07:16 - 2016-09-23 07:16 - 01282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 01220608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 01176664 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 01123360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 01106944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 01081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 01077760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 01071728 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 01066104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00996192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-09-23 07:16 - 2016-09-23 07:16 - 00980824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00963584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebcamUi.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00959104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00955520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00944640 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebcamUi.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00811416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00804864 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MiracastReceiver.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00790760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00779776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscui.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00758784 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00755656 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00714240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-09-23 07:16 - 2016-09-23 07:16 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00640976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2016-09-23 07:16 - 2016-09-23 07:16 - 00590952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00540160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00508416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-09-23 07:16 - 2016-09-23 07:16 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00450392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-09-23 07:16 - 2016-09-23 07:16 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\das.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00444416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00435040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-09-23 07:16 - 2016-09-23 07:16 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00409944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2016-09-23 07:16 - 2016-09-23 07:16 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2016-09-23 07:16 - 2016-09-23 07:16 - 00408600 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsmf.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00396168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00379744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2016-09-23 07:16 - 2016-09-23 07:16 - 00343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00321792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-09-23 07:16 - 2016-09-23 07:16 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00313560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-09-23 07:16 - 2016-09-23 07:16 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfksproxy.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00248320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2016-09-23 07:16 - 2016-09-23 07:16 - 00244816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00224096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-09-23 07:16 - 2016-09-23 07:16 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-09-23 07:16 - 2016-09-23 07:16 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tcpipcfg.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00172528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00151224 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00141824 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\SysWOW64\DscCoreConfProv.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00133472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2016-09-23 07:16 - 2016-09-23 07:16 - 00128352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-09-23 07:16 - 2016-09-23 07:16 - 00121368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slc.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00117240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupugc.exe
2016-09-23 07:16 - 2016-09-23 07:16 - 00108384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-09-23 07:16 - 2016-09-23 07:16 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppc.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dasHost.exe
2016-09-23 07:16 - 2016-09-23 07:16 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncPolicy.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncPolicy.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00057400 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2016-09-23 07:16 - 2016-09-23 07:16 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappprxy.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceassociation.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-09-23 07:16 - 2016-09-23 07:16 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\encapi.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netiougc.exe
2016-09-23 07:16 - 2016-09-23 07:16 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanhlp.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\spwmp.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spwmp.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdxm.ocx
2016-09-23 07:16 - 2016-09-23 07:16 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxmasf.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdxm.ocx
2016-09-23 07:16 - 2016-09-23 07:16 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxmasf.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6r.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 22218808 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 17187840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 13867520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 09128448 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 08156592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 07813472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-09-23 07:15 - 2016-09-23 07:15 - 07792640 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 07654912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 07468032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 07220224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 07219672 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 06653592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 06109184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 05721808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 05684736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 05622600 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2016-09-23 07:15 - 2016-09-23 07:15 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 05384192 _____ (Microsoft) C:\WINDOWS\system32\dbgeng.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 05376000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 04557824 _____ (Microsoft) C:\WINDOWS\SysWOW64\dbgeng.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 03617792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-09-23 07:15 - 2016-09-23 07:15 - 03435008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 03245056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 03116544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAJApi.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 03105792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2016-09-23 07:15 - 2016-09-23 07:15 - 02999296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-09-23 07:15 - 2016-09-23 07:15 - 02947072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 02913104 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 02852864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 02846208 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 02820096 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 02745224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 02711040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 02630144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 02423296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAJApi.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 02360832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 02315264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 02289664 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 02264064 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 02208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.3D.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 02190688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-09-23 07:15 - 2016-09-23 07:15 - 02166232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 02143232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 02107392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 02083840 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 01993216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 01980768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 01905664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 01859264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 01812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 01780736 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 01755136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 01738040 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 01708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 01690112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 01643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 01534464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.3D.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-09-23 07:15 - 2016-09-23 07:15 - 01503032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 01491968 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 01469120 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 01456640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 01430208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 01377008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2016-09-23 07:15 - 2016-09-23 07:15 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 01349120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-09-23 07:15 - 2016-09-23 07:15 - 01349120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 01312768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorDataService.exe
2016-09-23 07:15 - 2016-09-23 07:15 - 01280352 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 01267504 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 01264912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 01232384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 01217880 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 01163696 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-09-23 07:15 - 2016-09-23 07:15 - 01107456 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 01105408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MiracastReceiver.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 01099616 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2016-09-23 07:15 - 2016-09-23 07:15 - 01082368 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 01078784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 01066328 _____ (Microsoft Corporation) C:\WINDOWS\system32\pidgenx.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 01052672 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 01046976 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-09-23 07:15 - 2016-09-23 07:15 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 01014784 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 01013248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 01006080 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00988000 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2016-09-23 07:15 - 2016-09-23 07:15 - 00959488 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00942432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2016-09-23 07:15 - 2016-09-23 07:15 - 00939872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pidgenx.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00936448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00911872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00905216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00895488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00885824 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-09-23 07:15 - 2016-09-23 07:15 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-09-23 07:15 - 2016-09-23 07:15 - 00853344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00820736 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00807776 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2016-09-23 07:15 - 2016-09-23 07:15 - 00806912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00782176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-09-23 07:15 - 2016-09-23 07:15 - 00781824 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2016-09-23 07:15 - 2016-09-23 07:15 - 00773200 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00764936 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00761344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00755200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00743424 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00681304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ClipSp.sys
2016-09-23 07:15 - 2016-09-23 07:15 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00674304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00665768 _____ (Microsoft Corporation) C:\WINDOWS\system32\GenValObj.exe
2016-09-23 07:15 - 2016-09-23 07:15 - 00658272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-09-23 07:15 - 2016-09-23 07:15 - 00650240 _____ (Microsoft) C:\WINDOWS\system32\DbgModel.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00642048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00619368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-09-23 07:15 - 2016-09-23 07:15 - 00611328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-09-23 07:15 - 2016-09-23 07:15 - 00601200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00595488 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00587968 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-09-23 07:15 - 2016-09-23 07:15 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.UXRes.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.UXRes.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00554496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00552288 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00538112 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00536576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00529928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00526848 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00523712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMRServer.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\system32\w32time.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00509952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-09-23 07:15 - 2016-09-23 07:15 - 00500224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2016-09-23 07:15 - 2016-09-23 07:15 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00461312 _____ (Microsoft) C:\WINDOWS\SysWOW64\DbgModel.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTMediaFrame.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00442368 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00423776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-09-23 07:15 - 2016-09-23 07:15 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00410624 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosResource.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosResource.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00405344 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-09-23 07:15 - 2016-09-23 07:15 - 00396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00389000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00382272 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-09-23 07:15 - 2016-09-23 07:15 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\NmaDirect.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00361096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsmf.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-09-23 07:15 - 2016-09-23 07:15 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTMediaFrame.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00354264 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-09-23 07:15 - 2016-09-23 07:15 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00340832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00327680 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00303968 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00302592 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NmaDirect.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_WorkAccess.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00279904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-09-23 07:15 - 2016-09-23 07:15 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-09-23 07:15 - 2016-09-23 07:15 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00260096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-09-23 07:15 - 2016-09-23 07:15 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafpos.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpipcfg.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\C_G18030.DLL
2016-09-23 07:15 - 2016-09-23 07:15 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\C_G18030.DLL
2016-09-23 07:15 - 2016-09-23 07:15 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2016-09-23 07:15 - 2016-09-23 07:15 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToReceiver.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-09-23 07:15 - 2016-09-23 07:15 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-09-23 07:15 - 2016-09-23 07:15 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00204288 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\DscCoreConfProv.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipboardServer.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00187232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-09-23 07:15 - 2016-09-23 07:15 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-09-23 07:15 - 2016-09-23 07:15 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfksproxy.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-09-23 07:15 - 2016-09-23 07:15 - 00178528 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ClipboardServer.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00168800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-09-23 07:15 - 2016-09-23 07:15 - 00162850 _____ C:\WINDOWS\system32\C_932.NLS
2016-09-23 07:15 - 2016-09-23 07:15 - 00160096 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\XamlTileRender.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-09-23 07:15 - 2016-09-23 07:15 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-09-23 07:15 - 2016-09-23 07:15 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\slc.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\MediaFoundation.DefaultPerceptionProvider.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupugc.exe
2016-09-23 07:15 - 2016-09-23 07:15 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00118112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\EhStorTcgDrv.sys
2016-09-23 07:15 - 2016-09-23 07:15 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00114192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MapControls.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MapControls.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CastLaunch.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00079536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00077664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2016-09-23 07:15 - 2016-09-23 07:15 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00073568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2016-09-23 07:15 - 2016-09-23 07:15 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappprxy.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AddressParser.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2016-09-23 07:15 - 2016-09-23 07:15 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\POSyncServices.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataPlatformHelperUtil.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00062816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2016-09-23 07:15 - 2016-09-23 07:15 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\POSyncServices.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModelOOBE.exe
2016-09-23 07:15 - 2016-09-23 07:15 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataPlatformHelperUtil.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AddressParser.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactActivation.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00050880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-09-23 07:15 - 2016-09-23 07:15 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactActivation.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTypeHelperUtil.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00044472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
2016-09-23 07:15 - 2016-09-23 07:15 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataLanguageUtil.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-09-23 07:15 - 2016-09-23 07:15 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-09-23 07:15 - 2016-09-23 07:15 - 00041824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SysResetErr.exe
2016-09-23 07:15 - 2016-09-23 07:15 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2016-09-23 07:15 - 2016-09-23 07:15 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTypeHelperUtil.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys
2016-09-23 07:15 - 2016-09-23 07:15 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataLanguageUtil.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00036168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfpmp.exe
2016-09-23 07:15 - 2016-09-23 07:15 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceassociation.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\netiougc.exe
2016-09-23 07:15 - 2016-09-23 07:15 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-09-23 07:15 - 2016-09-23 07:15 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerSvc.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\delegatorprovider.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi_passthru.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\smphost.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExtrasXmlParser.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\encapi.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smphost.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\delegatorprovider.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi_passthru.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00020320 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExtrasXmlParser.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\C_IS2022.DLL
2016-09-23 07:15 - 2016-09-23 07:15 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\c_GSM7.DLL
2016-09-23 07:15 - 2016-09-23 07:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\C_IS2022.DLL
2016-09-23 07:15 - 2016-09-23 07:15 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\c_GSM7.DLL
2016-09-23 07:15 - 2016-09-23 07:15 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.exe
2016-09-23 07:15 - 2016-09-23 07:15 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosTrace.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosTrace.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosHost.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosHost.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccessRes.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccessRes.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneutilRes.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6r.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlStringsRes.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneutilRes.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneServiceRes.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlStringsRes.dll
2016-09-23 07:10 - 2016-07-15 22:29 - 06225408 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsLexicons0027.dll
2016-09-23 07:10 - 2016-07-15 22:26 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsData0027.dll
2016-09-23 07:10 - 2016-07-15 22:25 - 01915392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MLS2.dll
2016-09-23 07:10 - 2016-07-15 21:45 - 06225408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsLexicons0027.dll
2016-09-23 07:10 - 2016-07-15 21:42 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsData0027.dll
2016-09-23 07:10 - 2016-07-15 21:39 - 01868800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MLS2.dll
2016-09-23 07:09 - 2016-09-23 07:09 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-09-23 07:07 - 2016-09-23 07:07 - 00199008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys
2016-09-23 05:07 - 2016-09-23 05:07 - 00000000 ____D C:\ProgramData\USOShared
2016-09-23 05:05 - 2016-09-23 05:05 - 00000000 _SHDL C:\Users\Default\My Documents
2016-09-23 05:05 - 2016-09-23 05:05 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2016-09-23 05:05 - 2016-09-23 05:05 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2016-09-23 05:05 - 2016-09-23 05:05 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2016-09-23 05:05 - 2016-09-23 05:05 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2016-09-23 05:05 - 2016-09-23 05:05 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2016-09-23 05:05 - 2016-09-23 05:05 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2016-09-23 05:02 - 2016-09-23 05:04 - 00011433 _____ C:\WINDOWS\diagwrn.xml
2016-09-23 05:02 - 2016-09-23 05:04 - 00011433 _____ C:\WINDOWS\diagerr.xml
2016-09-23 04:55 - 2016-09-25 11:05 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-09-23 04:55 - 2016-09-23 04:55 - 00003534 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3252455347-703174392-3648365992-1001UA1d1e9de78b987dd
2016-09-23 04:55 - 2016-09-23 04:55 - 00003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-09-23 04:55 - 2016-09-23 04:55 - 00003434 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1d1e9ddf99919cf
2016-09-23 04:55 - 2016-09-23 04:55 - 00003358 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1459357021
2016-09-23 04:55 - 2016-09-23 04:55 - 00003310 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7A1CAD8F-6407-4F4C-A32D-30A2AB5907E6}
2016-09-23 04:55 - 2016-09-23 04:55 - 00003262 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3252455347-703174392-3648365992-1001Core1d1e9de7810862a
2016-09-23 04:55 - 2016-09-23 04:55 - 00003206 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1d1e9ddf8b95875
2016-09-23 04:55 - 2016-09-23 04:55 - 00003160 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-09-23 04:55 - 2016-09-23 04:55 - 00002828 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task
2016-09-23 04:55 - 2016-09-23 04:55 - 00002774 _____ C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-Kristina-T420-Kristina
2016-09-23 04:55 - 2016-09-23 04:55 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2016-09-23 04:55 - 2016-09-23 04:55 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2016-09-23 04:55 - 2016-09-23 04:55 - 00000000 ____D C:\WINDOWS\System32\Tasks\Lenovo
2016-09-23 04:55 - 2016-09-23 04:55 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2016-09-23 04:55 - 2016-09-23 04:55 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2016-09-23 04:55 - 2016-05-16 00:15 - 00004006 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3252455347-703174392-3648365992-1001UA
2016-09-23 04:55 - 2016-05-16 00:15 - 00004004 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-09-23 04:55 - 2016-05-16 00:15 - 00003610 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3252455347-703174392-3648365992-1001Core1d043c6c7a6c30c
2016-09-23 04:55 - 2016-05-16 00:15 - 00002988 _____ C:\WINDOWS\System32\Tasks\DiskUpdate
2016-09-23 04:55 - 2016-05-16 00:14 - 00004358 _____ C:\WINDOWS\System32\Tasks\PCDoctorBackgroundMonitorTask
2016-09-23 04:55 - 2016-05-16 00:14 - 00003752 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1d043c6b825e05e
2016-09-23 04:55 - 2016-05-16 00:14 - 00003752 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-09-23 04:55 - 2016-05-16 00:14 - 00003618 _____ C:\WINDOWS\System32\Tasks\SystemToolsDailyTest
2016-09-23 04:55 - 2016-05-16 00:14 - 00003610 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3252455347-703174392-3648365992-1001Core
2016-09-23 04:55 - 2016-05-16 00:14 - 00003558 _____ C:\WINDOWS\System32\Tasks\PCDEventLauncher
2016-09-23 04:55 - 2016-05-16 00:14 - 00003546 _____ C:\WINDOWS\System32\Tasks\Apple Diagnostics
2016-09-23 04:55 - 2016-05-16 00:14 - 00003486 _____ C:\WINDOWS\System32\Tasks\MCP
2016-09-23 04:55 - 2016-05-16 00:14 - 00003362 _____ C:\WINDOWS\System32\Tasks\{4343919E-2492-488C-87C2-DD49906D36F3}
2016-09-23 04:55 - 2016-05-16 00:14 - 00003278 _____ C:\WINDOWS\System32\Tasks\{FFB0B17E-0DA1-459F-821E-6656577C1FF7}
2016-09-23 04:55 - 2016-05-16 00:14 - 00003192 _____ C:\WINDOWS\System32\Tasks\{006AD1B6-222C-4CFE-85B2-1E2E8DEF04D3}
2016-09-23 04:55 - 2016-05-16 00:14 - 00003110 _____ C:\WINDOWS\System32\Tasks\PMTask
2016-09-23 04:55 - 2016-05-16 00:14 - 00003092 _____ C:\WINDOWS\System32\Tasks\Synaptics TouchPad Enhancements
2016-09-23 04:43 - 2016-09-23 04:43 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-09-23 04:43 - 2016-09-23 04:43 - 00000000 ____D C:\Users\Default\AppData\Roaming\Media Center Programs
2016-09-23 04:43 - 2016-09-23 04:43 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2016-09-23 04:43 - 2016-09-23 04:43 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2016-09-23 04:43 - 2016-09-23 04:43 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2016-09-23 04:43 - 2016-09-23 04:43 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Media Center Programs
2016-09-23 04:43 - 2016-09-23 04:43 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2016-09-23 04:43 - 2016-09-23 04:43 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2016-09-23 04:43 - 2016-09-23 04:43 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2016-09-23 04:35 - 2016-09-23 04:35 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2016-09-23 04:34 - 2016-09-23 04:46 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2016-09-23 04:32 - 2016-09-24 18:25 - 00000000 ____D C:\Users\Kristina
2016-09-23 04:32 - 2016-09-23 04:51 - 00000000 ____D C:\Users\DefaultAppPool
2016-09-23 04:32 - 2016-09-23 04:32 - 00000000 _SHDL C:\Users\Kristina\My Documents
2016-09-23 04:32 - 2016-09-23 04:32 - 00000000 _SHDL C:\Users\Kristina\Documents\My Videos
2016-09-23 04:32 - 2016-09-23 04:32 - 00000000 _SHDL C:\Users\Kristina\Documents\My Pictures
2016-09-23 04:32 - 2016-09-23 04:32 - 00000000 _SHDL C:\Users\Kristina\Documents\My Music
2016-09-23 04:32 - 2016-09-23 04:32 - 00000000 _SHDL C:\Users\DefaultAppPool\My Documents
2016-09-23 04:32 - 2016-09-23 04:32 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Videos
2016-09-23 04:32 - 2016-09-23 04:32 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Pictures
2016-09-23 04:32 - 2016-09-23 04:32 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Music
2016-09-23 04:27 - 2016-09-23 04:35 - 00000000 ____D C:\Program Files\CONEXANT
2016-09-23 04:27 - 2016-09-23 04:27 - 00000410 _____ C:\WINDOWS\BRWMARK.INI
2016-09-23 04:27 - 2016-09-23 04:27 - 00000034 _____ C:\WINDOWS\SysWOW64\BD8060.DAT
2016-09-23 04:27 - 2016-09-23 04:27 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2016-09-23 04:27 - 2016-07-16 06:41 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2016-09-23 04:26 - 2016-09-23 04:26 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2016-09-23 04:26 - 2016-09-23 04:26 - 00000000 ____D C:\Program Files\Synaptics
2016-09-23 04:25 - 2016-09-24 18:06 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-09-23 04:25 - 2016-09-23 04:25 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2016-09-23 04:24 - 2016-09-24 17:39 - 00398480 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-09-21 12:53 - 2016-09-21 12:53 - 02878185 _____ C:\Users\Kristina\Downloads\Prenup2008.pdf
2016-09-15 16:56 - 2016-09-15 16:56 - 00011264 _____ C:\Users\Kristina\Downloads\ATTORNEY_PAYMENT_REPORT (5).xls
2016-09-15 16:41 - 2016-09-15 16:41 - 00010240 _____ C:\Users\Kristina\Downloads\ATTORNEY_PAYMENT_REPORT (4).xls
2016-09-15 16:19 - 2016-09-15 16:19 - 00011264 _____ C:\Users\Kristina\Downloads\ATTORNEY_PAYMENT_REPORT (3).xls
2016-09-15 16:15 - 2016-09-15 16:15 - 00011264 _____ C:\Users\Kristina\Downloads\ATTORNEY_PAYMENT_REPORT (2).xls
2016-09-15 16:09 - 2016-09-15 16:09 - 00010240 _____ C:\Users\Kristina\Downloads\ATTORNEY_PAYMENT_REPORT (1).xls
2016-09-15 15:57 - 2016-09-15 15:58 - 00011264 _____ C:\Users\Kristina\Downloads\ATTORNEY_PAYMENT_REPORT.xls
2016-09-14 15:13 - 2016-09-14 15:13 - 03393566 _____ C:\Users\Kristina\Downloads\NOM Motion to Modify judgment.pdf
2016-09-14 15:12 - 2016-09-14 15:13 - 03800786 _____ C:\Users\Kristina\Downloads\Motion to Modify Judgment signed.pdf
2016-09-09 12:22 - 2016-09-09 12:22 - 00406423 _____ C:\Users\Kristina\Downloads\compliance_certificate.pdf
2016-09-09 11:06 - 2016-09-09 11:06 - 00383367 _____ C:\Users\Kristina\Downloads\retrievedocument.pdf
2016-09-02 15:27 - 2016-09-02 15:27 - 00012764 _____ C:\Users\Kristina\Downloads\165.pdf
2016-09-02 15:24 - 2016-09-02 15:24 - 00014561 _____ C:\Users\Kristina\Downloads\166.pdf
2016-09-02 15:19 - 2016-09-02 15:19 - 00020757 _____ C:\Users\Kristina\Downloads\169.pdf
2016-09-02 15:19 - 2016-09-02 15:19 - 00020757 _____ C:\Users\Kristina\Downloads\169 (1).pdf
2016-09-02 15:18 - 2016-09-02 15:18 - 00048513 _____ C:\Users\Kristina\Downloads\168.pdf
2016-09-02 15:17 - 2016-09-02 15:17 - 00036145 _____ C:\Users\Kristina\Downloads\21F.pdf
2016-09-02 15:16 - 2016-09-02 15:16 - 00079526 _____ C:\Users\Kristina\Downloads\45B.pdf
2016-09-01 14:34 - 2016-09-01 14:34 - 04215871 _____ C:\Users\Kristina\Downloads\Petition for Dissolution of Marriage signed (1).pdf
2016-08-31 18:26 - 2016-08-31 18:26 - 00012635 _____ C:\Users\Kristina\Documents\EXHIBIT B for Prenuptial agreement Revised.pdf
2016-08-31 17:43 - 2016-08-31 17:43 - 03898009 _____ C:\Users\Kristina\Downloads\Petition for Temp Maintenance signed.pdf
2016-08-31 17:43 - 2016-08-31 17:43 - 03898009 _____ C:\Users\Kristina\Downloads\Petition for Temp Maintenance signed (1).pdf
2016-08-31 17:41 - 2016-08-31 17:43 - 03393182 _____ C:\Users\Kristina\Downloads\Re-NOM Pet for Temp Maintenance.pdf
2016-08-31 17:41 - 2016-08-31 17:41 - 03393182 _____ C:\Users\Kristina\Downloads\Re-NOM Pet for Temp Maintenance (1).pdf
2016-08-31 10:57 - 2016-08-31 10:57 - 02428482 _____ C:\Users\Kristina\Downloads\Summons.pdf
2016-08-31 10:54 - 2016-08-31 10:55 - 04218477 _____ C:\Users\Kristina\Downloads\Petition for Allocation of Parental Responsibilities signed.pdf
2016-08-31 10:48 - 2016-08-31 10:48 - 00022921 _____ C:\Users\Kristina\Downloads\REGULAR COPY DOC.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-25 11:08 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-09-24 20:03 - 2016-07-16 01:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2016-09-24 19:24 - 2016-07-29 18:52 - 00961290 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-09-24 19:22 - 2012-12-14 21:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-09-24 18:56 - 2014-12-06 11:57 - 00000000 ____D C:\ProgramData\APN
2016-09-24 18:38 - 2014-06-23 12:06 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-09-24 18:31 - 2014-11-16 21:15 - 00000000 ____D C:\WINDOWS\CryptoGuard
2016-09-24 18:22 - 2014-12-04 21:48 - 00001182 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-09-24 18:22 - 2014-11-06 22:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-09-24 18:22 - 2014-06-23 12:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-09-24 17:57 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF
2016-09-24 17:35 - 2011-12-09 22:55 - 00000000 ____D C:\Users\Kristina\AppData\Roaming\Skype
2016-09-24 17:34 - 2011-12-22 17:54 - 00000000 ____D C:\Users\Kristina\Documents\Outlook Files
2016-09-24 07:35 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-09-24 04:11 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\appcompat
2016-09-23 13:39 - 2011-12-09 22:55 - 00000000 ____D C:\ProgramData\Skype
2016-09-23 11:12 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-09-23 11:00 - 2010-11-20 22:27 - 00504488 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-09-23 09:30 - 2011-12-27 19:04 - 00000000 ____D C:\Users\Kristina\Documents\A SOLO PRACTICE
2016-09-23 09:20 - 2016-07-30 22:37 - 00000000 ____D C:\Users\Kristina\AppData\Local\Packages
2016-09-23 09:11 - 2016-07-30 22:45 - 00002427 _____ C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-09-23 09:11 - 2016-07-30 22:45 - 00000000 ___RD C:\Users\Kristina\OneDrive
2016-09-23 08:59 - 2016-04-27 01:42 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-09-23 08:59 - 2011-12-09 21:07 - 00000000 ___RD C:\Users\Kristina\Virtual Machines
2016-09-23 07:23 - 2016-07-16 06:47 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-09-23 07:17 - 2016-07-16 09:29 - 00000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2016-09-23 07:17 - 2016-07-16 06:47 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-09-23 07:17 - 2016-07-16 06:47 - 00000000 ___SD C:\WINDOWS\system32\dsc
2016-09-23 07:17 - 2016-07-16 06:47 - 00000000 ___RD C:\Program Files\Windows Defender
2016-09-23 07:17 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-09-23 07:17 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2016-09-23 07:17 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2016-09-23 07:17 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\et-EE
2016-09-23 07:17 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\es-MX
2016-09-23 07:17 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\en-GB
2016-09-23 07:17 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-09-23 07:17 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-09-23 07:17 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\Provisioning
2016-09-23 07:17 - 2016-07-16 06:47 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-09-23 07:17 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-09-23 07:17 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-09-23 05:07 - 2016-07-16 06:47 - 00000000 ____D C:\ProgramData\USOPrivate
2016-09-23 05:06 - 2016-07-16 01:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2016-09-23 05:04 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\rescache
2016-09-23 05:02 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-09-23 05:02 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\Registration
2016-09-23 05:02 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2016-09-23 04:55 - 2016-07-29 19:14 - 00022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2016-09-23 04:55 - 2016-07-29 16:16 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3252455347-703174392-3648365992-1001UA1d1e9de78b987dd.job
2016-09-23 04:55 - 2016-07-29 16:16 - 00000868 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3252455347-703174392-3648365992-1001Core1d1e9de7810862a.job
2016-09-23 04:54 - 2016-07-16 06:47 - 00000000 __RSD C:\WINDOWS\Media
2016-09-23 04:54 - 2016-07-16 06:47 - 00000000 __RHD C:\Users\Public\Libraries
2016-09-23 04:46 - 2016-07-29 21:24 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-09-23 04:46 - 2016-05-30 09:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-09-23 04:46 - 2016-05-30 09:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-09-23 04:46 - 2016-04-27 01:21 - 00000000 ____D C:\WINDOWS\ShellNew
2016-09-23 04:46 - 2015-02-02 16:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tele2 Mobile Partner
2016-09-23 04:46 - 2014-12-06 11:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-09-23 04:46 - 2014-11-16 21:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foolish IT
2016-09-23 04:46 - 2014-11-16 21:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert
2016-09-23 04:46 - 2014-11-16 21:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2016-09-23 04:46 - 2013-09-20 11:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-09-23 04:46 - 2013-09-04 16:22 - 00000000 ____D C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-09-23 04:46 - 2013-09-04 16:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-09-23 04:46 - 2013-05-25 22:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2016-09-23 04:46 - 2012-06-27 16:42 - 00000000 ____D C:\WINDOWS\en
2016-09-23 04:46 - 2012-05-20 03:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-09-23 04:46 - 2011-12-22 17:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WordPerfect Office X3
2016-09-23 04:46 - 2011-12-22 16:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickBooks
2016-09-23 04:46 - 2011-12-15 09:18 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-09-23 04:46 - 2011-12-12 05:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
2016-09-23 04:46 - 2011-12-11 21:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2016-09-23 04:46 - 2011-12-11 21:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2016-09-23 04:46 - 2011-12-05 16:19 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2016-09-23 04:46 - 2011-12-05 16:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel DVD MovieFactory Lenovo Edition
2016-09-23 04:46 - 2011-12-05 16:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel
2016-09-23 04:46 - 2011-12-05 16:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Wireless Display
2016-09-23 04:46 - 2011-12-05 16:00 - 00000000 ___HD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2016-09-23 04:46 - 2011-12-05 15:58 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2016-09-23 04:46 - 2011-12-05 15:46 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Virtual PC
2016-09-23 04:43 - 2016-07-16 06:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-09-23 04:43 - 2015-10-30 01:28 - 00000000 ____D C:\Users\Default.migrated
2016-09-23 04:37 - 2016-07-29 21:24 - 00000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2016-09-23 04:37 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2016-09-23 04:37 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\spool
2016-09-23 04:37 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-09-23 04:37 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-09-23 04:37 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2016-09-23 04:37 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\IME
2016-09-23 04:37 - 2012-03-15 16:12 - 00000000 ____D C:\WINDOWS\SysWOW64\Adobe
2016-09-23 04:37 - 2012-02-16 04:01 - 00000000 __SHD C:\WINDOWS\SysWOW64\%APPDATA%
2016-09-23 04:37 - 2011-12-09 20:36 - 00000000 ___HD C:\WINDOWS\system32\WLANProfiles
2016-09-23 04:36 - 2016-07-29 21:24 - 00000000 ____D C:\WINDOWS\system32\BestPractices
2016-09-23 04:36 - 2016-07-16 06:47 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2016-09-23 04:36 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\schemas
2016-09-23 04:36 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-09-23 04:36 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-09-23 04:36 - 2012-01-10 23:56 - 00000000 __SHD C:\WINDOWS\system32\%APPDATA%
2016-09-23 04:36 - 2011-12-11 18:23 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2016-09-23 04:35 - 2016-07-29 21:24 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-09-23 04:35 - 2016-07-29 21:24 - 00000000 ____D C:\Program Files\MSBuild
2016-09-23 04:35 - 2016-07-29 21:24 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-09-23 04:35 - 2016-07-16 06:47 - 00000000 __SHD C:\Program Files\Windows Sidebar
2016-09-23 04:35 - 2016-07-16 06:47 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2016-09-23 04:35 - 2016-07-16 06:47 - 00000000 ____D C:\Program Files\Common Files\System
2016-09-23 04:35 - 2016-07-16 06:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-09-23 04:35 - 2015-12-26 11:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-09-23 04:35 - 2013-07-28 10:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2016-09-23 04:35 - 2013-02-02 13:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
2016-09-23 04:35 - 2011-12-27 14:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2016-09-23 04:35 - 2011-12-22 23:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clearwire
2016-09-23 04:35 - 2011-12-05 16:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2016-09-23 04:35 - 2011-12-05 15:59 - 00000000 ____D C:\Program Files (x86)\Lenovo
2016-09-23 04:35 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Microsoft Games
2016-09-23 04:31 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-09-23 04:28 - 2016-07-16 06:47 - 00000000 ___RD C:\WINDOWS\PrintDialog
2016-09-23 04:28 - 2016-07-16 06:47 - 00000000 ___RD C:\WINDOWS\MiracastView
2016-09-23 04:28 - 2016-07-16 06:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-09-23 03:33 - 2016-07-16 10:17 - 00000000 ___HD C:\$WINDOWS.~BT
2016-09-23 03:17 - 2016-07-29 16:12 - 00000898 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d1e9ddf99919cf.job
2016-09-22 16:17 - 2016-07-29 16:12 - 00000894 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d1e9ddf8b95875.job
2016-09-17 18:37 - 2011-12-27 19:17 - 00000000 ____D C:\Users\Kristina\Documents\Lisle's docs
2016-09-15 15:19 - 2012-05-20 03:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-09-15 15:19 - 2012-05-20 03:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-09-15 15:14 - 2013-07-18 03:01 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-09-15 15:08 - 2011-12-22 16:56 - 144199024 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-09-14 13:49 - 2011-12-27 19:18 - 00000000 ____D C:\Users\Kristina\Documents\MAMI
2016-09-07 11:32 - 2016-07-16 06:49 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-09-07 11:32 - 2016-07-16 06:49 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-09-06 08:41 - 2011-12-27 19:04 - 00000000 ____D C:\Users\Kristina\Documents\PASSWORDS
2016-08-29 16:52 - 2012-02-04 12:24 - 00000000 ___RD C:\Program Files (x86)\Skype

==================== Files in the root of some directories =======

2013-07-19 15:16 - 2013-07-19 15:16 - 0004096 ____H () C:\Users\Kristina\AppData\Local\keyfile3.drm
1601-03-12 08:17 - 1601-03-12 08:17 - 0014193 _____ () C:\ProgramData\394F0EC6F0AA.html
2012-04-03 19:56 - 2012-04-03 19:56 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys

Some files in TEMP:
====================
C:\Users\Kristina\AppData\Local\Temp\dbfhide.exe
C:\Users\Kristina\AppData\Local\Temp\dblgen10.dll
C:\Users\Kristina\AppData\Local\Temp\dblib10.dll
C:\Users\Kristina\AppData\Local\Temp\dbtool10.dll
C:\Users\Kristina\AppData\Local\Temp\FsdRegistration.dll
C:\Users\Kristina\AppData\Local\Temp\GDSBLMgr.dll
C:\Users\Kristina\AppData\Local\Temp\Intuit.Spc.Map.EntitlementClient.Install.dll
C:\Users\Kristina\AppData\Local\Temp\msvcp80.dll
C:\Users\Kristina\AppData\Local\Temp\msvcr80.dll
C:\Users\Kristina\AppData\Local\Temp\QBFirwal.dll
C:\Users\Kristina\AppData\Local\Temp\qbinstal.dll
C:\Users\Kristina\AppData\Local\Temp\QBNGEN.dll
C:\Users\Kristina\AppData\Local\Temp\SMUnInstaller.dll
C:\Users\Kristina\AppData\Local\Temp\stlport_r50.dll
C:\Users\Kristina\AppData\Local\Temp\StopQBServer.dll
C:\Users\Kristina\AppData\Local\Temp\UtilDBSetup.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-09-23 04:24

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-09-2016
Ran by Kristina (25-09-2016 11:13:16)
Running from C:\Users\Kristina\Desktop
Windows 10 Pro Version 1607 (X64) (2016-09-23 10:05:57)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3252455347-703174392-3648365992-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3252455347-703174392-3648365992-503 - Limited - Disabled)
Guest (S-1-5-21-3252455347-703174392-3648365992-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3252455347-703174392-3648365992-1045 - Limited - Enabled)
Kristina (S-1-5-21-3252455347-703174392-3648365992-1001 - Administrator - Enabled) => C:\Users\Kristina

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.16 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 11.2.2262 - AVAST Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother MFL-Pro Suite DCP-8060 (HKLM-x32\...\{9211CCBB-BEFE-4A0C-9199-D7A535DBFE5F}) (Version: 1.0.0.0 - Brother Industries, Ltd.)
Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden
CLEAR Connection Manager (HKLM\...\{077AA014-B568-4FF8-B360-9ACE1A1F4571}) (Version: 1.05.0035.0 - Clearwire)
Conexant 20672 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.23.2 - Conexant)
Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.890 - Corel Inc.)
CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version: - Foolish IT LLC)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
Elements 10 Organizer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.15 - Evernote Corp.)
Google Drive (HKLM-x32\...\{459CE109-4E46-4340-92BC-054642BC3BC2}) (Version: 1.31.2873.2758 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
HitmanPro.Alert (HKLM\...\HitmanPro.Alert) (Version: 2.6.5.77 - SurfRight B.V.)
iCloud (HKLM\...\{704C0303-D20C-45AF-BD2B-556EAF31BE09}) (Version: 2.1.2.8 - Apple Inc.)
Integrated Camera Driver Installer Package Ver.1.1.0.1147 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1147 - RICOH)
Integrated Camera TWAIN (HKLM-x32\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.11.1223 - Chicony Electronics Co.,Ltd.)
Intel PROSet Wireless (x32 Version: - ) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 16.4 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2843 - Intel Corporation)
iTunes (HKLM\...\{58D7E5F7-BAD1-49C5-93C8-B655736EDA00}) (Version: 12.4.0.119 - Apple Inc.)
Java 8 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218071F0}) (Version: 8.0.710.15 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.10 - )
Lenovo Patch Utility (HKLM-x32\...\{24E92E7A-6848-4747-A3EA-3AAC0576BE52}) (Version: 1.00.0000 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{39A04221-294E-4D90-A0F2-CCB1EF15CB56}) (Version: 1.20.0001 - Lenovo Group Limited)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.10.15 - Lenovo)
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo Screen Reading Optimizer (HKLM-x32\...\{91A29166-4E1B-4664-B70B-4C4A3B6B3372}) (Version: 1.10 - Lenovo)
Lenovo SimpleTap (HKLM\...\{39969C3E-B297-41E5-9A7B-E252B504B21B}) (Version: 2.1.0003.00 - Lenovo Group Limited)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5849.23 - PC-Doctor, Inc.)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Lenovo)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 3.00.006.0 - Lenovo)
Loki ActiveX Control (HKLM-x32\...\Loki ActiveX Control) (Version: 3.1.0.05 - SkyhookWireless)
Malwarebytes Anti-Exploit version 1.05.1.1016 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.05.1.1016 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM-x32\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50709.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 47.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.1.6018 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.60.01 - )
PSE10 STI Installer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
QuickBooks (x32 Version: 19.0.4014.705 - Intuit Inc.) Hidden
QuickBooks Pro 2009 (HKLM-x32\...\{9A2F0810-3622-4E86-9072-973FBE1679C5}) (Version: 19.0.4014.705 - Intuit Inc.)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RapidBoot (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.11 - Lenovo)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
RICOH_Media_Driver_v2.13.18.02 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.13.18.02 - RICOH)
SafeZone Stable 1.48.2066.101 (x32 Version: 1.48.2066.101 - Avast Software) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype™ 7.28 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.28.101 - Skype Technologies S.A.)
SupportSoft Assisted Service (HKLM-x32\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.85 - Synaptics Incorporated)
System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.01.0015 - Lenovo)
Tele2 Mobile Partner (HKLM-x32\...\Tele2 Mobile Partner) (Version: 21.005.11.03.56 - Huawei Technologies Co.,Ltd)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}) (Version: 6.4.0.2900 - Broadcom Corporation)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.40 - )
ThinkPad Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.64 - )
ThinkPad UltraNav Utility (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 5.85 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.75 - Lenovo)
ThinkVantage AutoLock (HKLM\...\{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1) (Version: 1.05 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.08 - Lenovo)
Update Manager (x32 Version: 4.60 - Corel Corporation) Hidden
VIP Access (HKLM-x32\...\{E8D46836-CD55-453C-A107-A59EC51CB8DC}) (Version: 2.0.2.140 - VeriSign)
Windows Driver Package - Intel (e1cexpress) Net (12/21/2010 11.8.84.0) (HKLM\...\6D23A494E9A245843FB8584D9307D3E328DF8613) (Version: 12/21/2010 11.8.84.0 - Intel)
Windows Driver Package - Intel System (09/10/2010 9.2.0.1011) (HKLM\...\0CDBDD444A1F5FFEA227B4E7DCE195F11F08240A) (Version: 09/10/2010 9.2.0.1011 - Intel)
Windows Driver Package - Intel System (09/10/2010 9.2.0.1011) (HKLM\...\8058FF31D7C7F4818DC176DAF53CD379968C86E4) (Version: 09/10/2010 9.2.0.1011 - Intel)
Windows Driver Package - Intel System (11/20/2010 9.2.0.1016) (HKLM\...\43B5066463CEBC83E99586A67037B6F9FC4193FE) (Version: 11/20/2010 9.2.0.1016 - Intel)
Windows Driver Package - Intel USB (12/21/2010 9.2.0.1021) (HKLM\...\0DD5528A211904214F70A66DE6ADBD378B21566D) (Version: 12/21/2010 9.2.0.1021 - Intel)
Windows Driver Package - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11) (HKLM\...\466E9B20D871055D6D3CDA2CDD1D355E978A61AF) (Version: 11/11/2010 1.61.00.11 - Lenovo)
Windows Driver Package - Ricoh Company SD Host Controller (03/23/2011 6.10.10.30) (HKLM\...\4534F449D55EE49DEE206B3D9A3B1811E1A495EA) (Version: 03/23/2011 6.10.10.30 - Ricoh Company)
Windows Driver Package - Synaptics (SynTP) Mouse (05/19/2011 15.3.8.0) (HKLM\...\DDD8A532E361E9A878EBEF69C338B306810DF059) (Version: 05/19/2011 15.3.8.0 - Synaptics)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WordPerfect Office X3 (HKLM-x32\...\{83FBD495-DDF6-4C8D-92D6-10261DD6F6A3}) (Version: 13.0 - Corel Corporation)
WOT for Internet Explorer (HKLM\...\{373B90E1-A28C-434C-92B6-7281AFA6115A}) (Version: 13.9.2.0 - WOT Services Oy)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Kristina\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
CustomCLSID: HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Kristina\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0CEB39A4-E2EE-404A-89D1-64ADBEEA8C5C} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {0D12E138-D7F3-4DE3-851F-896D8297FD0E} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {0F3D2144-5143-4334-B51F-E209ADA72B68} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {1B17C89B-680B-452F-91C4-0CADDBCBB380} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {20F5BDAB-542B-421F-986F-5F928B467A92} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {22FF264A-3E6A-4E03-8F49-D6E70B3E1FD9} - System32\Tasks\{006AD1B6-222C-4CFE-85B2-1E2E8DEF04D3} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.11.0.102/en/abandoninstall?page=tsProgressBar
Task: {2679B763-4C6C-4935-AFB8-9C880D0790C5} - System32\Tasks\SafeZone scheduled Autoupdate 1459357021 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software)
Task: {26E818E4-2A42-437A-A76F-D33D836B1588} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {283809BF-2B4A-4793-9F94-25CD918A844A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3252455347-703174392-3648365992-1001Core => C:\Users\Kristina\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {29F28F1E-D1F3-428D-BEAD-9F7A5536E253} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-08] (Adobe Systems Incorporated)
Task: {2AD7AA97-0E4D-4F46-95CB-D8D81A25C15A} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {31D1F3DF-7250-44C5-B80A-4417DC1FA2C3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {49177DEE-4498-4826-9ABD-8BF428E85522} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {4CB00FE0-BAAF-46A8-A3C2-F73C69316F1C} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {50D24C46-0FB6-4982-88CE-9C6A64BCF01E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3252455347-703174392-3648365992-1001Core1d1e9de7810862a => C:\Users\Kristina\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {51376539-ABC9-4D03-BA8C-B8967D76978B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {5241ED6F-A8F7-4ABB-A982-357C6FDA162C} - System32\Tasks\{4343919E-2492-488C-87C2-DD49906D36F3} => pcalua.exe -a C:\Users\Kristina\Desktop\mflpro\Data\Disk1\setup.exe -d C:\Users\Kristina\Desktop\mflpro\Data\Disk1
Task: {52F31410-8CD0-43DB-916A-2869FC1DC434} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {55241966-A525-483A-80B3-912957AB1D5B} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {5586AD4B-9CAD-404D-8D94-2009439E5B78} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {5A374ABB-EFB6-4008-95A0-A80119052135} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {5BA07DE9-AFE8-4F78-BA8C-DD084C955095} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {60B05D9F-4CB0-4BCC-84A4-25123956A84C} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {624DAE63-EB7D-404B-9EB5-F31738568CB3} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {6620AE60-7FD9-4C82-852A-4C59BE211304} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {698CAB32-992C-4E9B-BF71-03266DA390BE} - System32\Tasks\GoogleUpdateTaskMachineCore1d043c6b825e05e => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {6AF622B7-24CF-472A-A465-E05F6E2FCCC2} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {6D8247F1-2793-44EA-8594-F74737F2A75E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {70CF4A51-46A8-4EA1-845F-C4895E86F3FA} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {7373EA82-D937-4FC0-801D-AE566114B065} - System32\Tasks\{FFB0B17E-0DA1-459F-821E-6656577C1FF7} => pcalua.exe -a E:\DCP-8060\Data\Disk1\setup.exe -d E:\DCP-8060\Data\Disk1
Task: {81A678C4-AC1B-4FCB-A875-0908BB3BE611} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Kristina\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-08-23] (Microsoft Corporation)
Task: {81B9AE31-23E3-4E62-BCFF-F4E245BF02F6} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {83759810-2C14-48BB-8EB5-93A9BD9D1D8F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {848D18BF-5DD0-417B-B73D-A002E745686C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {8A6F6665-22CB-4A09-87C6-E04B977D0151} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {8B93F8DA-092E-4145-B826-85FB71A14FA3} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2011-09-22] (Lenovo)
Task: {959C9C84-4D61-4395-B104-70A543DF90C4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {990E91B8-1AC2-4878-8D6A-9C8CC45611A3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3252455347-703174392-3648365992-1001UA1d1e9de78b987dd => C:\Users\Kristina\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {999CA0A6-E193-4623-A286-929739F3EA00} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2011-10-04] (Lenovo Group Limited)
Task: {9D54BA26-46B1-4F3B-A6D8-195AE539AC5D} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {A04B3C43-AC19-47D6-BC16-40B0E45AD54E} - System32\Tasks\GoogleUpdateTaskMachineCore1d1e9ddf8b95875 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {A1B491D2-3F94-4DA5-950F-B488DE727980} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {A57CDDA4-929F-4106-A334-0367875C4063} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {B1AB13C3-8E5F-4C10-96B6-1923CF3A7177} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {B4F753FA-6029-42EF-AFAD-61CDD35CC1B5} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-04-05] (Apple Inc.)
Task: {B5A81A6F-8D53-4E41-BB44-E27338F065D2} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-04] (AVAST Software)
Task: {BA5B7B15-6280-463B-BEB5-4628F7135248} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {BD13DE06-B699-47D0-9469-B0D784E0E16C} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {C421AFD3-E9F2-44A7-BEC8-03ACB2E8E28C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {C5922ACE-E33A-4577-ABF5-91B3A8F69D73} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-05-22] (AVAST Software)
Task: {C7CD42A8-1F6B-4865-AF86-CBFA8DF756D2} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {C98147E0-759C-47A3-8D98-0508362DCC03} - System32\Tasks\GoogleUpdateTaskMachineUA1d1e9ddf99919cf => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {CBF5BBC6-8397-42A6-8C88-968311A3945A} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {CE47A082-0881-4AA7-A508-83DDCD3488D0} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {CF92BB5E-1E72-437B-8528-16ABAF4F2FBA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3252455347-703174392-3648365992-1001Core1d043c6c7a6c30c => C:\Users\Kristina\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {D18FEA03-171D-48E3-BE80-632D5CCCB21B} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [2009-02-09] ()
Task: {D24D30C0-8893-47FE-A6CA-BF8C50A3106D} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {D8D937D2-8E84-4F41-AA15-368D19A4AD0A} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {D98C6D61-054B-41BE-BF91-67CCD7846385} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {DE58F16A-1B6E-422C-A654-FC9C5220C863} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {E9FCEC84-FEB4-4C2E-99E3-55A463C899F3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3252455347-703174392-3648365992-1001UA => C:\Users\Kristina\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {EF19F11F-F341-48CA-B4EF-EE727F3EC5D8} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {F030A6A8-E074-454D-B7A5-A6AB8E738883} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {F1225876-BD16-424B-936F-AFC18D8810DD} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {F175926B-D01D-4AF8-B6BD-9D2480F43387} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {F3C28C7D-E871-4945-87EF-2033AF845CF0} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {F4D368A6-7134-4FE2-B4CF-8A336F5657E8} - System32\Tasks\Lenovo\SROptimizer => C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\\SRORest.exe [2011-09-08] (Lenovo Group Limited)
Task: {FF53F7FC-1BE2-47FA-AB06-E2017EBE5349} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-28] ()
Task: {FFD98EE4-11A9-4092-BACB-5A9520286FF0} - System32\Tasks\AdobeAAMUpdater-1.0-Kristina-T420-Kristina => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-06-16] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d043c6b825e05e.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d1e9ddf8b95875.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d1e9ddf99919cf.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3252455347-703174392-3648365992-1001Core.job => C:\Users\Kristina\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3252455347-703174392-3648365992-1001Core1d043c6c7a6c30c.job => C:\Users\Kristina\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3252455347-703174392-3648365992-1001Core1d1e9de7810862a.job => C:\Users\Kristina\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3252455347-703174392-3648365992-1001UA.job => C:\Users\Kristina\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3252455347-703174392-3648365992-1001UA1d1e9de78b987dd.job => C:\Users\Kristina\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exeq-backgroundmon scripts\backgroundmon.xml
Task: C:\WINDOWS\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-22 01:07 - 2016-04-22 01:07 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-22 01:07 - 2016-04-22 01:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-23 09:10 - 2016-09-23 09:10 - 01864384 _____ () C:\Users\Kristina\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\ClientTelemetry.dll
2016-07-16 06:42 - 2016-07-16 06:42 - 00130048 _____ () C:\WINDOWS\SYSTEM32\CHARTV.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-09-23 07:15 - 2016-09-23 07:15 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 09760256 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 01401344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 02438144 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-06-01 21:00 - 2015-06-01 21:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 03378528 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll
2016-09-23 07:16 - 2016-09-23 07:16 - 02263904 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll
2016-04-27 01:24 - 2016-04-27 01:24 - 03342848 _____ () C:\Program Files\WindowsApps\Microsoft.CommsPhone_1.10.15000.0_x64__8wekyb3d8bbwe\CallsCore.dll
2016-04-27 01:24 - 2016-04-27 01:24 - 00366592 _____ () C:\Program Files\WindowsApps\Microsoft.CommsPhone_1.10.15000.0_x64__8wekyb3d8bbwe\CallsPresenters.dll
2016-08-26 10:22 - 2016-08-26 10:22 - 01413120 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1608.2312.0_x64__8wekyb3d8bbwe\TimeBackground.dll
2016-09-23 09:39 - 2016-09-23 09:39 - 00071168 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.7.113.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-09-23 09:39 - 2016-09-23 09:39 - 00178176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.7.113.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-09-22 13:41 - 2016-09-22 13:42 - 00055808 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11608.1001.49.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll
2016-05-22 18:23 - 2016-05-22 18:23 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-05-22 18:23 - 2016-05-22 18:23 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-09-24 17:34 - 2016-09-24 17:34 - 03118360 _____ () C:\Program Files\AVAST Software\Avast\defs\16092401\algo.dll
2016-09-25 11:06 - 2016-09-25 11:06 - 03118360 _____ () C:\Program Files\AVAST Software\Avast\defs\16092500\algo.dll
2016-05-22 18:23 - 2016-05-22 18:23 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
2016-05-22 18:23 - 2016-05-22 18:23 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-09-23 09:03 - 2016-09-23 09:03 - 01383616 _____ () C:\Users\Kristina\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\ClientTelemetry.dll
2016-09-23 09:08 - 2016-09-23 09:08 - 00118976 _____ () C:\Users\Kristina\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileSyncViews.dll
2016-03-28 10:37 - 2016-03-28 10:37 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-3252455347-703174392-3648365992-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3252455347-703174392-3648365992-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3252455347-703174392-3648365992-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3252455347-703174392-3648365992-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3252455347-703174392-3648365992-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3252455347-703174392-3648365992-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3252455347-703174392-3648365992-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3252455347-703174392-3648365992-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3252455347-703174392-3648365992-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3252455347-703174392-3648365992-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3252455347-703174392-3648365992-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3252455347-703174392-3648365992-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3252455347-703174392-3648365992-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3252455347-703174392-3648365992-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3252455347-703174392-3648365992-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3252455347-703174392-3648365992-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3252455347-703174392-3648365992-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3252455347-703174392-3648365992-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3252455347-703174392-3648365992-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3252455347-703174392-3648365992-1001\...\123simsen.com -> www.123simsen.com

There are 7865 more sites.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2014-11-06 22:16 - 00450770 ___RA C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com

There are 15460 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3252455347-703174392-3648365992-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Landscapes\img33a.jpg
DNS Servers: 208.67.222.222 - 208.67.220.220
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AcPrfMgrSvc => 2
MSCONFIG\Services: AcSvc => 2
MSCONFIG\Services: AdobeActiveFileMonitor10.0 => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: btwdins => 2
MSCONFIG\Services: CACLEARWIRE => 3
MSCONFIG\Services: CLEARWIRERcAppSvc => 3
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: CxAudMsg => 2
MSCONFIG\Services: DozeSvc => 3
MSCONFIG\Services: EvtEng => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: hmpalertsvc => 2
MSCONFIG\Services: HWDeviceService64.exe => 2
MSCONFIG\Services: HyperW7Svc => 2
MSCONFIG\Services: IBMPMSVC => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LENOVO.CAMMUTE => 2
MSCONFIG\Services: LENOVO.MICMUTE => 2
MSCONFIG\Services: LENOVO.TPKNRSVC => 2
MSCONFIG\Services: Lenovo.VIRTSCRLSVC => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MbaeSvc => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: Power Manager DBC Service => 3
MSCONFIG\Services: PSI_SVC_2 => 2
MSCONFIG\Services: PwmEWSvc => 3
MSCONFIG\Services: QBCFMonitorService => 2
MSCONFIG\Services: QBFCService => 3
MSCONFIG\Services: RegSrvc => 2
MSCONFIG\Services: SMSI Device Launch Service => 2
MSCONFIG\Services: SROSVC => 2
MSCONFIG\Services: Tele2 Mobile Partner. RunOuc => 2
MSCONFIG\Services: TPHKLOAD => 2
MSCONFIG\Services: TPHKSVC => 2
MSCONFIG\Services: UleadBurningHelper => 2
MSCONFIG\Services: UMVPFSrv => 2
MSCONFIG\Services: UNS => 2
MSCONFIG\Services: VIPAppService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\Windows\pss\QuickBooks Update Agent.lnk.CommonStartup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: AcWin7Hlpr => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: ALCKRESI.EXE => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BrMfcWnd => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
MSCONFIG\startupreg: Clearwire Connection Manager => "C:\Program Files (x86)\Clearwire\Connection Manager\ClearwireCM.exe" -a
MSCONFIG\startupreg: ControlCenter3 => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
MSCONFIG\startupreg: ForteConfig => C:\Program Files\Conexant\ForteConfig\fmapp.exe
MSCONFIG\startupreg: Google Update => "C:\Users\Kristina\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HW_OPENEYE_OUC_Tele2 Mobile Partner => "C:\Program Files (x86)\Tele2 Mobile Partner\UpdateDog\ouc.exe"
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: IMSS => "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
MSCONFIG\startupreg: Intuit SyncManager => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
MSCONFIG\startupreg: ISUSPM Startup => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Lenovo Registration => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
MSCONFIG\startupreg: LENOVO.TPKNRRES => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
MSCONFIG\startupreg: LTT => C:\Program Files\PC-Doctor\EnableToolbarW32.exe
MSCONFIG\startupreg: Malwarebytes Anti-Exploit => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: PWMTRV => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
MSCONFIG\startupreg: QuickFinder Scheduler => "C:\Program Files (x86)\WordPerfect Office X3\Programs\QFSCHD130.EXE"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RotateImage => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
MSCONFIG\startupreg: SmartAudio => C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TpShocks => TpShocks.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{1B5D37C1-6203-47AE-8662-AB9DB9FEB300}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{31A0CE8F-3885-435B-9B00-8DDEF7E7C50A}] => (Allow) LPort=2869
FirewallRules: [{9B7CEE8A-656D-495F-8C22-D626F8278744}] => (Allow) LPort=1900
FirewallRules: [{E48179FA-7D5A-48B2-AD6B-928916D72CD3}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{B078358F-B640-46BC-9884-FF16900760A8}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{0873A673-51CB-44DD-A060-32F0C9110FBC}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{67667AE6-821A-4890-9AD2-4D2A1CE9FB0A}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe
FirewallRules: [{8B8AC8E7-6754-4F82-A32D-B404A24660AD}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe
FirewallRules: [{0F315D02-9776-47E3-B3EA-A0D36B71F780}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1C0059AF-6B88-42F9-B31F-3A566DAA5FD4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BBBEAAD1-7778-4675-B6AD-3CC2D35B1386}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BF2F35CC-5175-4A76-B452-5BC280235265}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{94F710B8-0C93-43E3-A4CF-7E890BED632B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BF8F82B4-FCF6-4719-9D3D-03408F5660E0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1188DC74-0BFE-4C59-B74B-0F36D443FE41}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Restore Points =========================

23-09-2016 11:09:25 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (09/24/2016 07:54:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Kristina-T420)
Description: Activation of app Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe:MicrosoftEdge.AppXxat4m5y1bf9ghax409y1vwyatpqea4s8.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/24/2016 07:21:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Kristina-T420)
Description: Activation of app Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/24/2016 07:21:29 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Kristina-T420)
Description: Activation of app Microsoft.Getstarted_4.0.12.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/24/2016 07:09:28 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Kristina-T420)
Description: Activation of app Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe:MicrosoftEdge.AppXre20k58eaa822f0smszc2fbv5y0azn7k.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/24/2016 07:09:10 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Kristina-T420)
Description: Activation of app Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe:App.AppX65n3t4j73ch7cremsjxn7q8bph1ma8jw.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/24/2016 06:36:55 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Kristina-T420)
Description: Activation of app Microsoft.Getstarted_4.0.12.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/23/2016 01:37:56 PM) (Source: MsiInstaller) (EventID: 1041) (User: NT AUTHORITY)
Description: Failed to begin a Windows Installer transaction ASU_MSI_TRAN. Error 1603 occurred while beginning the transaction.

Error: (09/23/2016 01:08:08 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2009":
QuickBooks has experienced a problem and must be shut down.

Error: (09/23/2016 01:07:56 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2009":
DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'.\.\src\ConnPool.cpp' at line 1003 from function:'DBMgr::DBConnPool::init'

Error: (09/23/2016 01:07:56 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2009":
Connection String:CON=QBConnectionPool-Probe-QB_data_engine_19; ;DBF=C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\Law Offices of Kristina J. Wayne 12_27_2011.QBW;ENG=QB_data_engine_19;DBN=b7322c75f5b44af584e4eeba3444b541

System errors:
=============
Error: (09/25/2016 11:10:21 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Software Protection service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (09/25/2016 11:10:21 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.

Error: (09/25/2016 11:09:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Software Protection service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (09/25/2016 11:09:51 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.

Error: (09/25/2016 11:09:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Software Protection service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (09/25/2016 11:09:06 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the sppsvc service to connect.

Error: (09/25/2016 11:05:49 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/25/2016 11:04:54 AM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 16953) (User: NT AUTHORITY)
Description: The password notification DLL ACGina failed to load with error 126. Please verify that the notification DLL path defined in the registry, HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages, refers to a correct and absolute path (<drive>:\<path>\<filename>.<ext>) and not a relative or invalid path. If the DLL path is correct, please validate that any supporting files are located in the same directory, and that the system account has read access to both the DLL path and any supporting files. Contact the provider of the notification DLL for additional support. Further details can be found on the web at http://go.microsoft.com/fwlink/?LinkId=245898.

Error: (09/24/2016 08:03:22 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service dps with arguments "Unavailable" in order to run the server:
{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}

CodeIntegrity:
===================================
Date: 2016-09-25 11:14:45.026
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-09-25 11:12:52.227
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-09-25 11:12:14.864
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-09-25 11:10:37.369
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-09-25 11:10:36.207
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-09-25 11:10:36.196
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-09-25 11:10:36.188
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-09-25 11:07:32.938
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\hmpalert.dll that did not meet the Windows signing level requirements.

Date: 2016-09-24 18:23:27.786
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\hmpalert.dll that did not meet the Windows signing level requirements.

Date: 2016-09-24 17:51:09.403
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\hmpalert.dll that did not meet the Windows signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-2640M CPU @ 2.80GHz
Percentage of memory in use: 42%
Total physical RAM: 3979.23 MB
Available physical RAM: 2288.03 MB
Total Virtual: 8075.23 MB
Available Virtual: 6331.99 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:447.88 GB) (Free:277.78 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:15.62 GB) (Free:5.35 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 53CCBDC7)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=447.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=808 MB) - (Type=27)
Partition 4: (Not Active) - (Size=15.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Aura · September 26, 2016

I don't see any traces of Ransomware in your logs, though they are 3 files I would like to check myself, so we'll collect them with FRST and clean a few useless entries while we're at it. Once you're done running the fix, a file called Upload.zip will also appear on your desktop. Please upload it to the link below.

http://www.bleepingcomputer.com/submit-malware.php?channel=194

Farbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located);
Right-click on the FRST executable and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
Click on the Fix button;
On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
Copy and paste its content in your next reply;

This being said, can you tell me why you think you're infected with a Ransomware?

Your next reply(ies) should include:

Copy/pasted content of the FRST fixlog.txt;
Confirmation that you uploaded the Upload.zip archive to the link posted above;
Answer to my question about the ransomware;

fixlist.txt

lwayne14 · September 26, 2016

Aura -

Thank you again for your help!

1. I attempted to run your fixlist, but it puked on the zip command. I believe it was because the third file doesn't exist (C:\ProgramData\KGyGaAvL.sys). I searched for the file with File Manager and found nothing. SO, I commented out the zip command and re-ran the fixlist. Below you will see the fixlog contents.

2. After the fixlist ran, I manually zipped up the files you had in your zip command and added two additional files that were part of the reason why I believe ransomware is involved. You will see the file names are similar - I found copies of the two files on my wife's desktop. The Upload.zip file has been been uploaded to bleepingcomputer.

3. Two reasons I believe ransomware is involved. 1) The presence of the files in the Upload.zip archive. 2) My wife uses Quickbooks and apparently was asked recently to authorize an "update" that would "alter files" on her computer. She clicked "ok" and now she can't open Quickbooks. It just shows a generic Windows window with the message "Preparing to install".

Please let me know what you think! Thanks so much for taking the time to help us...

Fix result of Farbar Recovery Scan Tool (x64) Version: 25-09-2016
Ran by Kristina (25-09-2016 23:28:45) Run:2
Running from C:\Users\Kristina\Desktop
Loaded Profiles: Kristina (Available Profiles: Kristina)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:

** Zip: C:\ProgramData\394F0EC6F0AA.html;C:\Users\Kristina\AppData\Local\keyfile3.drm;C:\ProgramData\KGyGaAvL.sys

HKLM-x32\...\Run: [] => [X]

Toolbar: HKU\S-1-5-21-3252455347-703174392-3648365992-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-3252455347-703174392-3648365992-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

CustomCLSID: HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Kristina\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
CustomCLSID: HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File

Task: {1B17C89B-680B-452F-91C4-0CADDBCBB380} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {22FF264A-3E6A-4E03-8F49-D6E70B3E1FD9} - System32\Tasks\{006AD1B6-222C-4CFE-85B2-1E2E8DEF04D3} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.11.0.102/en/abandoninstall?page=tsProgressBar
Task: {2AD7AA97-0E4D-4F46-95CB-D8D81A25C15A} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {49177DEE-4498-4826-9ABD-8BF428E85522} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {5241ED6F-A8F7-4ABB-A982-357C6FDA162C} - System32\Tasks\{4343919E-2492-488C-87C2-DD49906D36F3} => pcalua.exe -a C:\Users\Kristina\Desktop\mflpro\Data\Disk1\setup.exe -d C:\Users\Kristina\Desktop\mflpro\Data\Disk1
Task: {52F31410-8CD0-43DB-916A-2869FC1DC434} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {5586AD4B-9CAD-404D-8D94-2009439E5B78} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {5A374ABB-EFB6-4008-95A0-A80119052135} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {60B05D9F-4CB0-4BCC-84A4-25123956A84C} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {624DAE63-EB7D-404B-9EB5-F31738568CB3} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {6AF622B7-24CF-472A-A465-E05F6E2FCCC2} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {7373EA82-D937-4FC0-801D-AE566114B065} - System32\Tasks\{FFB0B17E-0DA1-459F-821E-6656577C1FF7} => pcalua.exe -a E:\DCP-8060\Data\Disk1\setup.exe -d E:\DCP-8060\Data\Disk1
Task: {83759810-2C14-48BB-8EB5-93A9BD9D1D8F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {959C9C84-4D61-4395-B104-70A543DF90C4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {9D54BA26-46B1-4F3B-A6D8-195AE539AC5D} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {BA5B7B15-6280-463B-BEB5-4628F7135248} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {C7CD42A8-1F6B-4865-AF86-CBFA8DF756D2} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {D24D30C0-8893-47FE-A6CA-BF8C50A3106D} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {F175926B-D01D-4AF8-B6BD-9D2480F43387} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {F3C28C7D-E871-4945-87EF-2033AF845CF0} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION

C:\ProgramData\APN

EmptyTemp:
*****************

Processes closed successfully.
Restore point was successfully created.
** Zip: C:\ProgramData\394F0EC6F0AA.html;C:\Users\Kristina\AppData\Local\keyfile3.drm;C:\ProgramData\KGyGaAvL.sys => Error: No automatic fix found for this entry.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-3252455347-703174392-3648365992-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
HKU\S-1-5-21-3252455347-703174392-3648365992-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value removed successfully
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found.
"HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}" => key removed successfully
"HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => key removed successfully
"HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully
"HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}" => key removed successfully
"HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully
"HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}" => key removed successfully
"HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}" => key removed successfully
"HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => key removed successfully
"HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully
"HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}" => key removed successfully
"HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}" => key removed successfully
"HKU\S-1-5-21-3252455347-703174392-3648365992-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1B17C89B-680B-452F-91C4-0CADDBCBB380}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1B17C89B-680B-452F-91C4-0CADDBCBB380}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{22FF264A-3E6A-4E03-8F49-D6E70B3E1FD9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{22FF264A-3E6A-4E03-8F49-D6E70B3E1FD9}" => key removed successfully
C:\WINDOWS\System32\Tasks\{006AD1B6-222C-4CFE-85B2-1E2E8DEF04D3} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{006AD1B6-222C-4CFE-85B2-1E2E8DEF04D3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2AD7AA97-0E4D-4F46-95CB-D8D81A25C15A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2AD7AA97-0E4D-4F46-95CB-D8D81A25C15A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{49177DEE-4498-4826-9ABD-8BF428E85522}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{49177DEE-4498-4826-9ABD-8BF428E85522}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5241ED6F-A8F7-4ABB-A982-357C6FDA162C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5241ED6F-A8F7-4ABB-A982-357C6FDA162C}" => key removed successfully
C:\WINDOWS\System32\Tasks\{4343919E-2492-488C-87C2-DD49906D36F3} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4343919E-2492-488C-87C2-DD49906D36F3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{52F31410-8CD0-43DB-916A-2869FC1DC434}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{52F31410-8CD0-43DB-916A-2869FC1DC434}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5586AD4B-9CAD-404D-8D94-2009439E5B78}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5586AD4B-9CAD-404D-8D94-2009439E5B78}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-Weekend" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5A374ABB-EFB6-4008-95A0-A80119052135}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A374ABB-EFB6-4008-95A0-A80119052135}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{60B05D9F-4CB0-4BCC-84A4-25123956A84C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60B05D9F-4CB0-4BCC-84A4-25123956A84C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{624DAE63-EB7D-404B-9EB5-F31738568CB3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{624DAE63-EB7D-404B-9EB5-F31738568CB3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6AF622B7-24CF-472A-A465-E05F6E2FCCC2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6AF622B7-24CF-472A-A465-E05F6E2FCCC2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7373EA82-D937-4FC0-801D-AE566114B065}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7373EA82-D937-4FC0-801D-AE566114B065}" => key removed successfully
C:\WINDOWS\System32\Tasks\{FFB0B17E-0DA1-459F-821E-6656577C1FF7} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FFB0B17E-0DA1-459F-821E-6656577C1FF7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{83759810-2C14-48BB-8EB5-93A9BD9D1D8F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{83759810-2C14-48BB-8EB5-93A9BD9D1D8F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{959C9C84-4D61-4395-B104-70A543DF90C4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{959C9C84-4D61-4395-B104-70A543DF90C4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9D54BA26-46B1-4F3B-A6D8-195AE539AC5D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9D54BA26-46B1-4F3B-A6D8-195AE539AC5D}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BA5B7B15-6280-463B-BEB5-4628F7135248}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BA5B7B15-6280-463B-BEB5-4628F7135248}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C7CD42A8-1F6B-4865-AF86-CBFA8DF756D2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C7CD42A8-1F6B-4865-AF86-CBFA8DF756D2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D24D30C0-8893-47FE-A6CA-BF8C50A3106D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D24D30C0-8893-47FE-A6CA-BF8C50A3106D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F175926B-D01D-4AF8-B6BD-9D2480F43387}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F175926B-D01D-4AF8-B6BD-9D2480F43387}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F3C28C7D-E871-4945-87EF-2033AF845CF0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3C28C7D-E871-4945-87EF-2033AF845CF0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => key removed successfully
C:\ProgramData\APN => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 308208 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 39941868 B
Java, Flash, Steam htmlcache => 744 B
Windows/system/drivers => 42097089 B
Edge => 189260190 B
Chrome => 10314368 B
Firefox => 26174256 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 41866 B
NetworkService => 13932 B
Kristina => 69229842 B
DefaultAppPool => 0 B

RecycleBin => 1916651 B
EmptyTemp: => 361.7 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 23:29:54 ====

Aura · September 26, 2016

So the .html file I wanted you to collect, as well as the 2 ransom notes you provided me belongs to the CryptXXX Ransomware Family. If you were hit with a recent variant of it, there's no way to decrypt the files it encrypted for free, without paying the ransom.

If you take a look at your Quickbooks files, do they have any extension added (.crypt, .crypt1, etc.)?

lwayne14 · September 26, 2016

I searched for *.cr* and only found one file: C:/DelFix.txt.crypt. I looked at the QuickBooks files and did not notice anything unusual...but I have to admit I'm not sure where and what to look for...

You referred to the virus in the past tense...is there no active virus affecting the computer?

Can I get rid of the remnants of the RansomWare virus you described?

What else might be affecting Quickbooks?

Thanks again for your help...

Aura · September 26, 2016

What is the modification date of the C:\DelFix.txt.crypt file?

Where did you look for the QuickBooks file? I know what the program is and does, though I don't know how it works. If it was indeed hit by the Ransomware, I guess that its files in AppData\Local and Roaming where hit (where the databases or else are).

Which remnants are you referring to? The DelFix.txt.crypt file and ransom notes you uploaded in the Upload.zip archive?

lwayne14 · September 26, 2016

1. Modification date on C:/DelFix.txt.crypt is 11/16/2014.

2. I found the Quickbooks database file. It appears to be un-encrypted. We are running an old version of Quickbooks. I will have my wife upgrade to the most recent version and see if we still have problems.

3. Yes, I was referring to those files specifically...

4. So I have no active viruses? What tools should I be using to prevent any future attacks? Thanks!

Aura · September 26, 2016

What about the creation/modification date of the ransom notes you provided me? Are they also around 11/16/2014?

Let me know how it goes. From what you told me, it's as if QuickBooks is trying to install as if it was launched for the first time.

You'll be able to delete them once we're done, yes

And there doesn't seems to be any active threats on your system from what I can see. At least, not a ransomware. Malwarebytes Anti-Ransomware Beta can protect you against Ransomware attacks. Since it's still in beta, there might be a false positive here and there (hence why it's still a beta). I'll have more recommendations to answer your question once we finish here

lwayne14 · September 26, 2016

There are about 100 files with the !Recovery_39... prefix on the computer in various locations. They all have *.bmp, *.html, or *.txt extensions. There are no dates (of any type) associated with those files.

Trying the Quickbooks update now...

Aura · September 26, 2016

Let's look for them using FRST then

Farbar Recovery Scan Tool (FRST) - File Search
Follow the instructions below to download and execute a file search on your system with FRST, and provide the log in your next reply.

Right-click on the executable and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
In the Search text area, copy and paste the following:
```
!Recovery_*
```
Once done, click on the Search Files button and wait for FRST to finish the search;
On completion, a log will open in Notepad. Copy and paste its content in your next reply;

lwayne14 · September 26, 2016

Here are search results:

Farbar Recovery Scan Tool (x64) Version: 25-09-2016
Ran by Kristina (26-09-2016 11:37:34)
Running from C:\Users\Kristina\Desktop
Boot Mode: Normal

================== Search Files: "!Recovery_*" =============

C:\!Recovery_394F0EC6F0AA.html
[1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed]

C:\!Recovery_394F0EC6F0AA.txt
[1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed]

C:\Users\Kristina\Desktop\!Recovery_394F0EC6F0AA.html
[1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed]

C:\Users\Kristina\Desktop\!Recovery_394F0EC6F0AA.txt
[1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed]

C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\!Recovery_394F0EC6F0AA.bmp
[1899-12-30 00:00][1899-12-30 00:00] 1281654 ___AT () CFE7C7104C7C08B2597A0F4B0491ECE7 [File not signed]

C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\!Recovery_394F0EC6F0AA.html
[1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed]

C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\!Recovery_394F0EC6F0AA.txt
[1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed]

C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Network Shortcuts\!Recovery_394F0EC6F0AA.bmp
[1899-12-30 00:00][1899-12-30 00:00] 1281654 ___AT () 5A1EAE334A018920522A38B4AEBA90C5 [File not signed]

C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Network Shortcuts\!Recovery_394F0EC6F0AA.html
[1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed]

C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Network Shortcuts\!Recovery_394F0EC6F0AA.txt
[1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed]

C:\SWTOOLS\apps\BurnNowSD\!Recovery_394F0EC6F0AA.html
[1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed]

C:\SWTOOLS\apps\BurnNowSD\!Recovery_394F0EC6F0AA.txt
[1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed]

C:\SWTOOLS\apps\BurnNowSD\setupdir\0409\!Recovery_394F0EC6F0AA.html
[1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed]

C:\SWTOOLS\apps\BurnNowSD\setupdir\0409\!Recovery_394F0EC6F0AA.txt
[1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed]

C:\SWTOOLS\apps\BurnNowSD\setupdir\0407\!Recovery_394F0EC6F0AA.html
[1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed]

C:\SWTOOLS\apps\BurnNowSD\setupdir\0407\!Recovery_394F0EC6F0AA.txt
[1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed]

C:\SWTOOLS\apps\BurnNowSD\setupdir\0404\!Recovery_394F0EC6F0AA.html
[1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed]

C:\SWTOOLS\apps\BurnNowSD\setupdir\0404\!Recovery_394F0EC6F0AA.txt
[1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed]

C:\SWTOOLS\apps\BurnNowSD\Setup\LenovoLauncher\DMF_Only\launcher\!Recovery_394F0EC6F0AA.html
[1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed]

C:\SWTOOLS\apps\BurnNowSD\Setup\LenovoLauncher\DMF_Only\launcher\!Recovery_394F0EC6F0AA.txt
[1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed]

C:\SWTOOLS\apps\BurnNowSD\Setup\LenovoLauncher\DMF_BN\launcher\!Recovery_394F0EC6F0AA.html
[1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed]

C:\SWTOOLS\apps\BurnNowSD\Setup\LenovoLauncher\DMF_BN\launcher\!Recovery_394F0EC6F0AA.txt
[1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed]

C:\SWTOOLS\apps\BurnNowSD\ISSetupPrerequisites\{1DC2FD11-3F2A-4E53-A32C-7CD67ECCB396}\!Recovery_394F0EC6F0AA.html
[1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed]

C:\SWTOOLS\apps\BurnNowSD\ISSetupPrerequisites\{1DC2FD11-3F2A-4E53-A32C-7CD67ECCB396}\!Recovery_394F0EC6F0AA.txt
[1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed]

C:\SWTOOLS\apps\Adobe\AdbeRdr940\US\!Recovery_394F0EC6F0AA.html
[1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed]

C:\SWTOOLS\apps\Adobe\AdbeRdr940\US\!Recovery_394F0EC6F0AA.txt
[1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed]

C:\SWTOOLS\antivirus\NORTONIS\ALL\MODULECUST\!Recovery_394F0EC6F0AA.html
[1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed]

C:\SWTOOLS\antivirus\NORTONIS\ALL\MODULECUST\!Recovery_394F0EC6F0AA.txt
[1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed]

C:\mfg\!Recovery_394F0EC6F0AA.html
[1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed]

C:\mfg\!Recovery_394F0EC6F0AA.txt
[1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\!Recovery_394F0EC6F0AA.html
[1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\!Recovery_394F0EC6F0AA.txt
[1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\Word.en-us\!Recovery_394F0EC6F0AA.html
[1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\Word.en-us\!Recovery_394F0EC6F0AA.txt
[1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\Updates\!Recovery_394F0EC6F0AA.html
[1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\Updates\!Recovery_394F0EC6F0AA.txt
[1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\Publisher.en-us\!Recovery_394F0EC6F0AA.html
[1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\Publisher.en-us\!Recovery_394F0EC6F0AA.txt
[1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\ProPlus.WW\!Recovery_394F0EC6F0AA.html
[1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\ProPlus.WW\!Recovery_394F0EC6F0AA.txt
[1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\Proofing.en-us\!Recovery_394F0EC6F0AA.html
[1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\Proofing.en-us\!Recovery_394F0EC6F0AA.txt
[1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\Proofing.en-us\Proof.fr\!Recovery_394F0EC6F0AA.html
[1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\Proofing.en-us\Proof.fr\!Recovery_394F0EC6F0AA.txt
[1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\Proofing.en-us\Proof.es\!Recovery_394F0EC6F0AA.html
[1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\Proofing.en-us\Proof.es\!Recovery_394F0EC6F0AA.txt
[1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\Proofing.en-us\Proof.en\!Recovery_394F0EC6F0AA.html
[1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\Proofing.en-us\Proof.en\!Recovery_394F0EC6F0AA.txt
[1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\PowerPoint.en-us\!Recovery_394F0EC6F0AA.html
[1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\PowerPoint.en-us\!Recovery_394F0EC6F0AA.txt
[1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\Outlook.en-us\!Recovery_394F0EC6F0AA.html
[1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\Outlook.en-us\!Recovery_394F0EC6F0AA.txt
[1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\OneNote.en-us\!Recovery_394F0EC6F0AA.html
[1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\OneNote.en-us\!Recovery_394F0EC6F0AA.txt
[1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\Office32.en-us\!Recovery_394F0EC6F0AA.html
[1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\Office32.en-us\!Recovery_394F0EC6F0AA.txt
[1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\Office.en-us\!Recovery_394F0EC6F0AA.html
[1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\Office.en-us\!Recovery_394F0EC6F0AA.txt
[1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\InfoPath.en-us\!Recovery_394F0EC6F0AA.html
[1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\InfoPath.en-us\!Recovery_394F0EC6F0AA.txt
[1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\Groove.en-us\!Recovery_394F0EC6F0AA.html
[1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\Groove.en-us\!Recovery_394F0EC6F0AA.txt
[1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\Excel.en-us\!Recovery_394F0EC6F0AA.html
[1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\Excel.en-us\!Recovery_394F0EC6F0AA.txt
[1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\Access.en-us\!Recovery_394F0EC6F0AA.html
[1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\Access.en-us\!Recovery_394F0EC6F0AA.txt
[1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\Access.en-us\Access.en-us\!Recovery_394F0EC6F0AA.html
[1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\Access.en-us\Access.en-us\!Recovery_394F0EC6F0AA.txt
[1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\!Recovery_394F0EC6F0AA.html
[1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\!Recovery_394F0EC6F0AA.txt
[1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\resources\!Recovery_394F0EC6F0AA.html
[1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\resources\!Recovery_394F0EC6F0AA.txt
[1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\!Recovery_394F0EC6F0AA.html
[1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\!Recovery_394F0EC6F0AA.txt
[1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\PSE10STIInstaller\!Recovery_394F0EC6F0AA.html
[1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\PSE10STIInstaller\!Recovery_394F0EC6F0AA.txt
[1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\CameraRawForElements6.4All-x64\!Recovery_394F0EC6F0AA.html
[1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\CameraRawForElements6.4All-x64\!Recovery_394F0EC6F0AA.txt
[1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\CameraRawForElements6.4All\!Recovery_394F0EC6F0AA.html
[1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\CameraRawForElements6.4All\!Recovery_394F0EC6F0AA.txt
[1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeXMPPanelsAll\!Recovery_394F0EC6F0AA.html
[1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeXMPPanelsAll\!Recovery_394F0EC6F0AA.txt
[1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeHelp\!Recovery_394F0EC6F0AA.html
[1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeHelp\!Recovery_394F0EC6F0AA.txt
[1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeCameraRawProfile6.0All-190511105927\!Recovery_394F0EC6F0AA.html
[1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeCameraRawProfile6.0All-190511105927\!Recovery_394F0EC6F0AA.txt
[1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeCameraRawProfile6.0All\!Recovery_394F0EC6F0AA.html
[1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeCameraRawProfile6.0All\!Recovery_394F0EC6F0AA.txt
[1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeAPE3.101-mul\!Recovery_394F0EC6F0AA.html
[1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeAPE3.101-mul\!Recovery_394F0EC6F0AA.txt
[1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\deploy\!Recovery_394F0EC6F0AA.html
[1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\deploy\!Recovery_394F0EC6F0AA.txt
[1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsOrganizer\!Recovery_394F0EC6F0AA.html
[1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsOrganizer\!Recovery_394F0EC6F0AA.txt
[1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed]

C:\IUware Online\Adobe Acrobat X\!Recovery_394F0EC6F0AA.html
[1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed]

C:\IUware Online\Adobe Acrobat X\!Recovery_394F0EC6F0AA.txt
[1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed]

C:\CertificationUtility\!Recovery_394F0EC6F0AA.html
[1601-03-12 08:17][1601-03-12 08:17] 0014193 ____A () BDB4418950DAF1D17712CBBAC64BAB0E [File not signed]

C:\CertificationUtility\!Recovery_394F0EC6F0AA.txt
[1601-01-09 12:44][1601-01-09 12:44] 0001758 ____A () F4EBB210D67E4AE1EBFAA96428D4F433 [File not signed]

====== End of Search ======

Aura · September 26, 2016

There's way less ransom notes than expected, and there modification/creation date has been spoofed as well (obviously they were dropped in 1601). You can use demonslay's RansomNoteCleaner to delete them all.

http://www.bleepingcomputer.com/forums/t/617257/ransomnotecleaner-remove-ransom-notes-left-behind/

Also, can you do another FRST File Search, but this time, enter this in the search box:

*.crypt

lwayne14 · September 26, 2016

Here goes...

Farbar Recovery Scan Tool (x64) Version: 25-09-2016
Ran by Kristina (26-09-2016 12:53:38)
Running from C:\Users\Kristina\Desktop
Boot Mode: Normal

================== Search Files: "*.crypt" =============

C:\DelFix.txt.crypt
[2014-11-16 22:08][2014-11-16 22:08] 0000692 ___RA () EBEDEE5C5E677E5762EA3134FF88B2DD [File not signed]

C:\SWTOOLS\apps\BurnNowSD\Burn.Now 4.5.msi.crypt
[2010-09-10 11:18][2010-05-11 08:49] 6112516 ___RA () 574AAAF7F505933C3DEE83BE07EC5D41 [File not signed]

C:\SWTOOLS\apps\BurnNowSD\info.txt.crypt
[2010-09-10 11:18][2009-02-24 13:18] 0000442 ___RA () BE2CA348C565ABF0E9613556D0919B5D [File not signed]

C:\SWTOOLS\apps\BurnNowSD\setupdir\0409\License.rtf.crypt
[2010-09-10 11:18][2008-11-04 13:08] 0056525 ___RA () F22419C364BC672336D648E372540EBC [File not signed]

C:\SWTOOLS\apps\BurnNowSD\setupdir\0407\License.rtf.crypt
[2010-09-10 11:18][2008-11-04 13:11] 0070209 ___RA () DD2187DA640BAACE8313385D64EE42C5 [File not signed]

C:\SWTOOLS\apps\BurnNowSD\setupdir\0404\License.rtf.crypt
[2010-09-10 11:18][2008-11-04 13:10] 0130755 ___RA () 7CB3163C5A7C9839D0211764DA7D7FDD [File not signed]

C:\SWTOOLS\apps\BurnNowSD\Setup\LenovoLauncher\DMF_Only\launcher\Launcher.xml.crypt
[2010-09-10 11:18][2009-12-29 14:36] 0163170 ___RA () 2DC20829CA457A860D82CE45AB599EA1 [File not signed]

C:\SWTOOLS\apps\BurnNowSD\Setup\LenovoLauncher\DMF_BN\launcher\Launcher.xml.crypt
[2010-09-10 11:18][2009-12-29 14:13] 0163090 ___RA () 276E48F03E15E5B097A965EF5C8A0335 [File not signed]

C:\SWTOOLS\apps\BurnNowSD\ISSetupPrerequisites\{1DC2FD11-3F2A-4E53-A32C-7CD67ECCB396}\vcredist.msi.crypt
[2010-09-10 11:18][2007-01-11 15:58] 2635012 ___RA () 731B3E786EAB2598B23EA96D6D805877 [File not signed]

C:\SWTOOLS\apps\Adobe\AdbeRdr940\US\InstallAdbeRdr940.cmd.crypt
[2010-12-05 22:16][2010-12-05 21:49] 0000738 ___RA () 9ED5A83092E8F4E96B0DCB34CAB1BB08 [File not signed]

C:\SWTOOLS\apps\Adobe\AdbeRdr940\US\SetupMUI.cmd.crypt
[2010-12-05 22:16][2010-12-05 21:44] 0000667 ___RA () 0E0019C760A68BDD4300510F1C9FB357 [File not signed]

C:\SWTOOLS\antivirus\NORTONIS\ALL\MODULECUST\SETUP.CMD.crypt
[2011-09-04 20:36][2011-09-04 20:26] 0000379 ___RA () 1527C9F22AFB4C8D432BD14D06B06CAF [File not signed]

C:\mfg\SPEC.pdf.crypt
[2010-02-24 02:03][2009-05-07 12:14] 0101165 ___RA () 5EAEB66C0F7D3670A751E204A080F16E [File not signed]

C:\mfg\W7ADD64EN006.pdf.crypt
[2010-02-24 02:03][2010-02-08 01:00] 0162137 ___RA () A3ADC91F8A0CC870D966AFEEE32901DB [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\README.HTM.crypt
[2011-12-11 20:29][2010-03-26 11:22] 0002201 ___RA () D7C36455F72F77BB67ED2BC8BFE39788 [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\Word.en-us\setup.xml.crypt
[2011-12-11 20:29][2010-03-30 17:47] 0002684 ___RA () 173D3EF032087F399567419E1448BE77 [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\Word.en-us\WordMUI.msi.crypt
[2011-12-11 21:53][2010-03-30 17:47] 2522884 ___RA () D50F1D4CDA2A1EAD03413EE62142C892 [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\Word.en-us\WordMUI.xml.crypt
[2011-12-11 21:53][2010-03-30 17:47] 0002060 ___RA () 4652CCFC902BFD913EB394DA04CB7B0C [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\Updates\README.TXT.crypt
[2011-12-11 20:29][2010-03-25 09:31] 0000335 ___RA () 9B5117D2B09F7396FB00FA4A31CC9B4A [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\Publisher.en-us\PublisherMUI.msi.crypt
[2011-12-11 20:29][2010-03-30 17:47] 2514180 ___RA () A6444E9549D098186D96BAC6A7139DB2 [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\Publisher.en-us\PublisherMUI.xml.crypt
[2011-12-11 20:29][2010-03-30 17:47] 0001710 ___RA () 022791794122DED89BE5B795FCD6028B [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\Publisher.en-us\setup.xml.crypt
[2011-12-11 20:29][2010-03-30 17:47] 0001868 ___RA () 7D9A968DA442CFD3EBAC73E492F916FB [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\ProPlus.WW\config.xml.crypt
[2011-12-11 20:29][2010-03-22 14:33] 0001173 ___RA () E8BA82B4B99D6998553C31FB1733C562 [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\ProPlus.WW\Office32WW.msi.crypt
[2011-12-11 20:29][2010-03-30 12:10] 1992452 ___RA () 9CBC3214FBFD25A28F3E92DB6DC8D212 [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\ProPlus.WW\Office32WW.xml.crypt
[2011-12-11 20:29][2010-03-30 12:13] 0004534 ___RA () 85F0A5FC9DAA3604940377554E4A638C [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\ProPlus.WW\ProPlusWW.msi.crypt
[2011-12-11 20:29][2010-03-30 17:51] 27196164 ___RA () 186B9E5D8E22D3F152632FFF55BB44AE [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\ProPlus.WW\ProPlusWW.xml.crypt
[2011-12-11 20:29][2010-03-30 17:52] 0017110 ___RA () 862FCCC18A81E2E03558F41998187265 [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\ProPlus.WW\setup.xml.crypt
[2011-12-11 20:29][2010-03-30 17:52] 0030656 ___RA () D581B5BD1AE30C3015211E02DC34C25A [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\Proofing.en-us\Proofing.msi.crypt
[2011-12-11 20:29][2010-03-30 17:47] 0869124 ___RA () 07F815378EB951A89255A5BFDD636FF3 [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\Proofing.en-us\Proofing.xml.crypt
[2011-12-11 20:29][2010-03-30 17:47] 0001071 ___RA () F3BEF02A14F6543905817410396BBA99 [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\Proofing.en-us\setup.xml.crypt
[2011-12-11 20:29][2010-03-30 17:47] 0006144 ___RA () B6ED5078D4AB7AF4B15B19681F32F3CA [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\Proofing.en-us\Proof.fr\Proof.msi.crypt
[2011-12-11 20:29][2010-03-30 17:47] 0886020 ___RA () D0F91133CADCBA66799DA7FAE01BC71B [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\Proofing.en-us\Proof.fr\Proof.xml.crypt
[2011-12-11 20:29][2010-03-30 17:47] 0001718 ___RA () D110CAD57C063E0B50BF8111E3B8CFBC [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\Proofing.en-us\Proof.es\Proof.msi.crypt
[2011-12-11 20:29][2010-03-30 17:47] 0881412 ___RA () 4430BA03A9EC4A9E7D85362B232BE96F [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\Proofing.en-us\Proof.es\Proof.xml.crypt
[2011-12-11 20:29][2010-03-30 17:47] 0001717 ___RA () 6B3E92D24A3FAFC56DF7B8185F909324 [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\Proofing.en-us\Proof.en\Proof.msi.crypt
[2011-12-11 20:29][2010-03-30 12:11] 0875780 ___RA () EF085659BAF4A436CE257018D08C7970 [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\Proofing.en-us\Proof.en\Proof.xml.crypt
[2011-12-11 20:29][2010-03-30 12:14] 0001607 ___RA () 0EE3F66B1BFB51A25854F4C8EB821568 [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\PowerPoint.en-us\PowerPointMUI.msi.crypt
[2011-12-11 20:29][2010-03-30 17:47] 2503940 ___RA () 395D032F9133AF100A7B602C95CB6569 [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\PowerPoint.en-us\PowerPointMUI.xml.crypt
[2011-12-11 20:29][2010-03-30 17:47] 0001710 ___RA () 7A7063E643AFC72C67A776767CA45331 [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\PowerPoint.en-us\setup.xml.crypt
[2011-12-11 20:29][2010-03-30 17:47] 0002146 ___RA () FBF72CBC0D117945D25E3D270CD9870A [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\Outlook.en-us\OutlookMUI.msi.crypt
[2011-12-11 20:29][2010-03-30 17:47] 2865924 ___RA () 84C87CFDD3C91580D93CA5301669327C [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\Outlook.en-us\OutlookMUI.xml.crypt
[2011-12-11 20:29][2010-03-30 17:47] 0003446 ___RA () DEFAF0D934BEE0F2C389D0D89E5C7963 [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\Outlook.en-us\setup.xml.crypt
[2011-12-11 20:29][2010-03-30 17:47] 0004467 ___RA () F3ABDAB929C5DDE607B6751304AAABE9 [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\OneNote.en-us\OneNoteMUI.msi.crypt
[2011-12-11 20:29][2010-03-30 17:47] 2503940 ___RA () CCE34A9A5116671CFA643E71A498A555 [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\OneNote.en-us\OneNoteMUI.xml.crypt
[2011-12-11 20:29][2010-03-30 17:47] 0001866 ___RA () 5B9E6A1936CBACC7524D3378251CCC8D [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\OneNote.en-us\setup.xml.crypt
[2011-12-11 20:29][2010-03-30 17:47] 0002248 ___RA () 8DDB7725FCEFAC0FE9C87FBD18258FB4 [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\Office32.en-us\Office32MUI.msi.crypt
[2011-12-11 20:29][2010-03-30 17:47] 0874244 ___RA () A1CF097664F3C53F0572344A488BCA50 [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\Office32.en-us\Office32MUI.xml.crypt
[2011-12-11 20:29][2010-03-30 17:47] 0001643 ___RA () 9E2401634B50A427AAC7E72316C93C30 [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\Office32.en-us\setup.xml.crypt
[2011-12-11 20:29][2010-03-30 17:47] 0002622 ___RA () 96853D81F947804AFC229E4E2A84807E [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\Office.en-us\branding.xml.crypt
[2011-12-11 20:29][2010-03-27 17:14] 0596601 ___RA () CCD13EC2FF7BF72E83676D8DCE9A80C8 [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\Office.en-us\OfficeMUI.msi.crypt
[2011-12-11 20:29][2010-03-30 17:47] 3702532 ___RA () 43FAB50EEEEA7E102BF12248082BFEAA [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\Office.en-us\OfficeMUI.xml.crypt
[2011-12-11 20:29][2010-03-30 17:47] 0005817 ___RA () 25511E26A606356B7EAD6C09BAB00325 [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\Office.en-us\OfficeMUISet.msi.crypt
[2011-12-11 20:29][2010-03-30 17:47] 0869124 ___RA () C534D3412C201933E1FF8A821B17AB45 [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\Office.en-us\OfficeMUISet.xml.crypt
[2011-12-11 20:29][2010-03-30 17:47] 0001079 ___RA () 8F976AB82AEA6277A6742FBFD9B0FF18 [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\Office.en-us\setup.xml.crypt
[2011-12-11 20:29][2010-03-30 17:47] 0009612 ___RA () 0DDB99E794B411CDF7D9F13F2F8DEADE [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\InfoPath.en-us\InfoPathMUI.msi.crypt
[2011-12-11 20:29][2010-03-30 17:51] 3124484 ___RA () BD685071E032B03CDF146E8478490F95 [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\InfoPath.en-us\InfoPathMUI.xml.crypt
[2011-12-11 20:29][2010-03-30 17:51] 0001491 ___RA () F0434938DBDB72C1135F06E99551E1B3 [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\InfoPath.en-us\setup.xml.crypt
[2011-12-11 20:29][2010-03-30 17:51] 0002112 ___RA () 3796814AD45DA37DAB6BB8508C19EC5D [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\Groove.en-us\GrooveMUI.msi.crypt
[2011-12-11 20:29][2010-03-30 17:51] 2508036 ___RA () C517E8D2C818AAEEE5A64859AE22CF8D [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\Groove.en-us\GrooveMUI.xml.crypt
[2011-12-11 20:29][2010-03-30 17:51] 0001173 ___RA () B84D04E0ECBE6EB555F751F7B18F60D2 [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\Groove.en-us\setup.xml.crypt
[2011-12-11 20:29][2010-03-30 17:51] 0001712 ___RA () 6DB3A4987E5164D7775388FD1ADF8042 [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\Excel.en-us\ExcelMUI.msi.crypt
[2011-12-11 20:29][2010-03-30 17:47] 2506500 ___RA () 7E9A533BB97A2E7586C39E17B1B3D3EB [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\Excel.en-us\ExcelMUI.xml.crypt
[2011-12-11 20:29][2010-03-30 17:47] 0001825 ___RA () 527BADC384A49E584C542EAAA409A483 [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\Excel.en-us\setup.xml.crypt
[2011-12-11 20:29][2010-03-30 17:47] 0002556 ___RA () B4A2F1869AF37166E89A64E047283270 [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\Access.en-us\AccessMUISet.msi.crypt
[2011-12-11 20:29][2010-03-30 17:47] 0869124 ___RA () 83C12923843AE877410EB66B666B351B [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\Access.en-us\AccessMUISet.xml.crypt
[2011-12-11 20:29][2010-03-30 17:47] 0001079 ___RA () 0C7B05288E32825174B6313CEAB82E32 [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\Access.en-us\setup.xml.crypt
[2011-12-11 20:29][2010-03-30 17:47] 0002884 ___RA () C02E6741FD8EB464A8122399F5139E03 [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\Access.en-us\Access.en-us\AccessMUI.msi.crypt
[2011-12-11 20:29][2010-03-30 17:47] 2517764 ___RA () 7FE95E056E7BE061C898DB990317904D [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\Access.en-us\Access.en-us\AccessMUI.xml.crypt
[2011-12-11 20:29][2010-03-30 17:47] 0001609 ___RA () DC07BA41FBFBCA9561D216D94A69A166 [File not signed]

C:\IUware Online\Office 2010 Professional Plus - 64bit\Access.en-us\Access.en-us\branding.xml.crypt
[2011-12-11 20:29][2010-03-27 17:14] 0596601 ___RA () D9DB933925A9AE262726025C8FCFF45C [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\Adobe Photoshop Elements 10.msi.crypt
[2011-12-12 04:04][2011-09-07 06:58] 30331140 ___RA () FBCF8203BD76F594590150398A4F42F9 [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ols_config.xml.crypt
[2011-12-15 12:10][2011-09-07 06:59] 0001082 ___RA () FC6E1BE4F9290B4865C38868FB28D466 [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ols_config_education.xml.crypt
[2011-12-15 12:10][2011-09-07 06:59] 0001227 ___RA () 0048BBBF2F60C85BD699669FA39688FD [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\resources\setup.xml.crypt
[2011-12-15 12:10][2011-09-07 06:59] 0000911 ___RA () 9D781EF9CF1173B6BA16747057ADFA23 [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\Media_db.db.crypt
[2011-12-15 12:10][2011-09-07 06:59] 0178436 ___RA () EFC2F9E6776B1ED94EB1C243C4733F1F [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\Setup.xml.crypt
[2011-12-15 12:10][2011-09-07 06:59] 0001221 ___RA () 3A4830FE93517113CCA1C2C1CBFB6FD6 [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\PSE10STIInstaller\Assets1_1.zip.crypt
[2011-12-15 12:10][2011-09-07 06:59] 0000438 ___RA () A7F2883EFEC45F05F60693BA7D783E3F [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\PSE10STIInstaller\Install.db.crypt
[2011-12-15 12:10][2011-09-07 06:59] 0072964 ___RA () 48D180EC1B82F067486BE59EA7CA18BA [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\PSE10STIInstaller\media.sql.crypt
[2011-12-15 12:10][2011-09-07 06:59] 0010035 ___RA () 4B1B984ADA8A2A7983220668F215591C [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\PSE10STIInstaller\Media_db.db.crypt
[2011-12-15 12:10][2011-09-07 06:59] 0025860 ___RA () B0C3AD250EDB4DF5195235A84D78C204 [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\PSE10STIInstaller\PSE10STIInstaller.boot.xml.crypt
[2011-12-15 12:10][2011-09-07 06:59] 0005985 ___RA () 862B0EA545B412F6D29FB19590CB693D [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\PSE10STIInstaller\PSE10STIInstaller.proxy.xml.crypt
[2011-12-15 12:10][2011-09-07 06:59] 0007566 ___RA () 369C795D71E4BEECC8E56524C7582DD3 [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\CameraRawForElements6.4All-x64\Assets2_1.zip.crypt
[2011-12-15 12:10][2011-09-07 06:59] 6755161 ___RA () 270DA48BE548B2FB7AB2945E17A5952D [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\CameraRawForElements6.4All-x64\CameraRawForElements6.4All-x64.boot.xml.crypt
[2011-12-15 12:10][2011-09-07 06:59] 0006487 ___RA () AF002FEFF0B530EB09482968842F9816 [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\CameraRawForElements6.4All-x64\CameraRawForElements6.4All-x64.proxy.xml.crypt
[2011-12-15 12:10][2011-09-07 06:59] 0009093 ___RA () B47A553981C4CBBBAE88667A10FA9061 [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\CameraRawForElements6.4All-x64\Install.db.crypt
[2011-12-15 12:10][2011-09-07 06:59] 0072964 ___RA () 8CE20D68EB0318BFCD2988E38EBFD841 [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\CameraRawForElements6.4All-x64\media.sql.crypt
[2011-12-15 12:10][2011-09-07 06:59] 0013186 ___RA () 1CC647AA22D3A3F65F81B94F7661E1DE [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\CameraRawForElements6.4All-x64\Media_db.db.crypt
[2011-12-15 12:10][2011-09-07 06:59] 0029956 ___RA () 4602B7C828E8B85921B4DE12B0FE5166 [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\CameraRawForElements6.4All\Assets2_1.zip.crypt
[2011-12-15 12:10][2011-09-07 06:59] 5824550 ___RA () 5A9AFADDFC100144326235AF32B59FEF [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\CameraRawForElements6.4All\CameraRawForElements6.4All.boot.xml.crypt
[2011-12-15 12:10][2011-09-07 06:59] 0006015 ___RA () 6585A504BD3A6C6EB419526818A31411 [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\CameraRawForElements6.4All\CameraRawForElements6.4All.proxy.xml.crypt
[2011-12-15 12:10][2011-09-07 06:59] 0009931 ___RA () C25051776F686827FC2F669F7740A890 [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\CameraRawForElements6.4All\Install.db.crypt
[2011-12-15 12:10][2011-09-07 06:59] 0072964 ___RA () 0137B70B1D3CFEB06DA19415ED495073 [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\CameraRawForElements6.4All\media.sql.crypt
[2011-12-15 12:10][2011-09-07 06:59] 0013997 ___RA () 99DA64D6AC15EFA5880DCAC552D2EE69 [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\CameraRawForElements6.4All\Media_db.db.crypt
[2011-12-15 12:10][2011-09-07 06:59] 0029956 ___RA () 6AD348037C29C2EA825ADE7A52A1E37A [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeXMPPanelsAll\AdobeXMPPanelsAll.boot.xml.crypt
[2011-12-15 12:10][2011-09-07 06:59] 0005992 ___RA () 4487243CBF0C7BD199C5F16C5FBF2860 [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeXMPPanelsAll\AdobeXMPPanelsAll.proxy.xml.crypt
[2011-12-15 12:10][2011-09-07 06:59] 0012124 ___RA () 99B86844A6F0D0C8068FAC3905C54584 [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeXMPPanelsAll\Assets2_1.zip.crypt
[2011-12-15 12:10][2011-09-07 06:59] 1673792 ___RA () A7302562534EDADF61A87906C7E59D35 [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeXMPPanelsAll\Install.db.crypt
[2011-12-15 12:10][2011-09-07 06:59] 0161028 ___RA () 3395BE147F5BE4E475D15137E9F733AD [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeXMPPanelsAll\media.sql.crypt
[2011-12-15 12:10][2011-09-07 06:59] 0023879 ___RA () AC43C2D18A3A060D923FED108563BEDE [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeXMPPanelsAll\Media_db.db.crypt
[2011-12-15 12:10][2011-09-07 06:59] 0044292 ___RA () 6343498D6ECAE63EDCE3FB8FD2515B09 [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeHelp\AdobeHelp.proxy.xml.crypt
[2011-12-15 12:10][2011-09-07 06:59] 0003109 ___RA () CD006D0F19858D891F52E4C0B3276806 [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeHelp\media.sql.crypt
[2011-12-15 12:10][2011-09-07 06:59] 0004587 ___RA () C884FA61CC3EFC23CE3CA4534A4791AC [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeHelp\Media_db.db.crypt
[2011-12-15 12:10][2011-09-07 06:59] 0020740 ___RA () 77B165118592917A46C2B6CE87939F29 [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeCameraRawProfile6.0All-190511105927\6.4.071.xml.crypt
[2011-12-15 12:10][2011-09-07 06:59] 0002499 ___RA () 2C338CD68457BC8FDFE6074C2A635D2B [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeCameraRawProfile6.0All-190511105927\AdobeCameraRawProfile6.0All-190511105927.boot.xml.crypt
[2011-12-15 12:10][2011-09-07 06:59] 0006322 ___RA () F2A6B903A262F290CA4CC7D5795308C6 [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeCameraRawProfile6.0All-190511105927\AdobeCameraRawProfile6.0All-190511105927.proxy.xml.crypt
[2011-12-15 12:10][2011-09-07 06:59] 0008574 ___RA () D9ACA78064B9B89484D29FDFC3DF1365 [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeCameraRawProfile6.0All-190511105927\Assets1_1.zip.crypt
[2011-12-15 12:10][2011-09-07 06:59] 0000447 ___RA () 7885D9922E766360CA14662409215222 [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeCameraRawProfile6.0All-190511105927\Assets2_1.zip.crypt
[2011-12-15 12:10][2011-09-07 06:59] 28384064 ___RA () 9C32A63904E2ABCF8A0713E3873B6C65 [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeCameraRawProfile6.0All-190511105927\Install.db.crypt
[2011-12-15 12:10][2011-09-07 06:59] 0283908 ___RA () 1017D501FB6760149E2DD560298459D4 [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeCameraRawProfile6.0All-190511105927\media.sql.crypt
[2011-12-15 12:10][2011-09-07 06:59] 0012081 ___RA () F09100D7A59BBBF2D54896B9503E479F [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeCameraRawProfile6.0All-190511105927\Media_db.db.crypt
[2011-12-15 12:10][2011-09-07 06:59] 0026884 ___RA () C9A6C669F0E772DCF53C63AC611A11E2 [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeCameraRawProfile6.0All\AdobeCameraRawProfile6.0All.boot.xml.crypt
[2011-12-15 12:10][2011-09-07 06:59] 0006261 ___RA () 8E37B7714F7099DF0B8E0AB3B0705BB6 [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeCameraRawProfile6.0All\AdobeCameraRawProfile6.0All.proxy.xml.crypt
[2011-12-15 12:10][2011-09-07 06:59] 0020928 ___RA () 24495D149F2222EF8CA3CAC717BF4111 [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeCameraRawProfile6.0All\Assets2_1.zip.crypt
[2011-12-15 12:10][2011-09-07 06:59] 61721770 ___RA () [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeCameraRawProfile6.0All\Install.db.crypt
[2011-12-15 12:10][2011-09-07 06:59] 0259332 ___RA () 931E795BF26115D7E8F577E99523C482 [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeCameraRawProfile6.0All\media.sql.crypt
[2011-12-15 12:10][2011-09-07 06:59] 0052142 ___RA () 33BA19BBA68A0F7C6CB33FC4BBAF5E6E [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeCameraRawProfile6.0All\Media_db.db.crypt
[2011-12-15 12:10][2011-09-07 06:59] 0082180 ___RA () 1F9487784CEB44EE9333508787F7EE51 [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeAPE3.101-mul\AdobeAPE3.101-mul.boot.xml.crypt
[2011-12-15 12:10][2011-09-07 06:59] 0006614 ___RA () C49C7BCAE44F4754A0C9312E89879DB0 [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeAPE3.101-mul\AdobeAPE3.101-mul.proxy.xml.crypt
[2011-12-15 12:10][2011-09-07 06:59] 0016680 ___RA () 1EBF42384E44D006FDCB1B773C0D58B6 [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeAPE3.101-mul\Assets1_1.zip.crypt
[2011-12-15 12:10][2011-09-07 06:59] 9406057 ___RA () 979F967A0FED4F60FF2371A9F42700EA [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeAPE3.101-mul\Install.db.crypt
[2011-12-15 12:10][2011-09-07 06:59] 0072964 ___RA () 2ABBDA92047BED85BE653AF7AAD70C1A [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeAPE3.101-mul\media.sql.crypt
[2011-12-15 12:10][2011-09-07 06:59] 0019724 ___RA () D957E1EF26C9D34E8AB75F5BDF3B7781 [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\payloads\AdobeAPE3.101-mul\Media_db.db.crypt
[2011-12-15 12:10][2011-09-07 06:59] 0033028 ___RA () 68CB3F39E1EE732EC57B613F3ADF33BD [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\deploy\PSE10STIInstaller.install.xml.crypt
[2011-12-15 12:09][2011-09-07 06:59] 0000743 ___RA () CBD12E42F5426FD907A4C0770AE20937 [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsSTIInstaller\deploy\PSE10STIInstaller.remove.xml.crypt
[2011-12-15 12:09][2011-09-07 06:59] 0000829 ___RA () C52002698CBE6C248F84E1209963CF96 [File not signed]

C:\IUware Online\Adobe Photoshop Elements 10\ElementsOrganizer\Elements 10 Organizer.msi.crypt
[2011-12-15 12:09][2011-09-07 06:59] 25458948 ___RA () 7D09785E5971EC8E32734082FA20AA97 [File not signed]

C:\IUware Online\Adobe Acrobat X\AcroPro.msi.crypt
[2011-12-12 04:03][2010-10-25 18:48] 8297732 ___RA () B0BF2F7CBF3E4EAD972A07AC5453A254 [File not signed]

C:\CertificationUtility\ca_certificate.cer.crypt
[2012-01-03 17:03][2012-01-03 18:04] 0001218 ___RA () 9EDD94D6F46CB003F9A7151695657402 [File not signed]

====== End of Search ======

lwayne14 · September 26, 2016

I know you're busy, but I've identified the issue with QuickBooks is an inability to access .NET... I try to install .NET 3.5, and I keep being told "Access is denied". Could this be a virus issue?

Thanks...

Aura · September 26, 2016

Which version of QuickBooks are you using, 2009?

lwayne14 · September 26, 2016

I was using QuickBooks 2009. Now we've downloaded QuickBooks 2017 and we're getting the same error message.

Also, I tried your link for the Ransom Note Cleaner, and my antivirus says it's an infected link.

Aura · September 26, 2016

Do you get the error when installing QuickBooks, or launching it? Can you screenshot the error message and post it here?

Also, it's a false positive from your Antivirus. You can disable it while you download and run RansomNoteCleaner.

lwayne14 · September 26, 2016

QuickBooks issue has been resolved! Up and running on 2017 version with no loss of data from the 2009 version.

I will retry RansomNoteCleaner.

So what are the next steps here?

Aura · September 26, 2016

Not much left to do here. Most of the encrypted files are in the IUware Online folder and it looks like a folder for Adobe, Office, etc. installs. Do you know it?

lwayne14 · September 26, 2016

Yes...that's what it is. A setup folder for software installs.

Aura · September 26, 2016

So you might need to uninstall the programs installed there and reinstall them, since they've been compromised by the ransomware. Did you manage to run RansomNoteCleaner to clean the ransom notes?

lwayne14 · September 26, 2016

I think I will just delete all of the encrypted files. None of them are particularly important.

The RansomNote software is still running...it's about half way through the C:/ partition.

What AntiVirus shields do you recommend I should be using?

Aura · September 26, 2016

If you're talking about avast!, I cannot tell you exactly since I don't use it. If you're talking about Antivirus recommendations, I'll give you some in my closing speech

Let me know once you're done cleaning the ransom notes.

Meanwhile...

Outdated Programs Warning!

I noticed that you have outdated vulnerable programs installed on your system. I'll ask you to uninstall them since keeping outdated software installed on a system puts it more at risk of being infected. Otherwise, you can update them right now, and make sure that their outdated version is uninstalled after. We will reinstall these programs at the end of the clean-up if you decide to uninstall them now, and need them after.

Adobe Flash Player 11 Plugin
Adobe AIR
Adobe Shockwave Player 11.6
Java 8 Update 71
WinRAR 4.20 (32-bit)

If you have an issue when uninstalling a program, please let me know.

I think I have Ransom Ware...please help!

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information