Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Laptop runs slow

Started by John Aukerman , May 11 2016 08:21 AM

  • This topic is locked This topic is locked

#16
zep516
Posted 14 May 2016 - 08:50 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Thanks for the logs let me take another look. Any changes in behavior at start up ?
  • 0

Advertisements

#17
John Aukerman
Posted 15 May 2016 - 04:51 AM

John Aukerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 284 posts

No changes at startup. Same two programs still ask for permission to run.


  • 0

#18
zep516
Posted 15 May 2016 - 02:57 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
What other issues, still High cpu / memory use too ?
  • 0

#19
John Aukerman
Posted 15 May 2016 - 03:16 PM

John Aukerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 284 posts

It still runs very slow. CPU usages continues at 100% all the time. And Synaptics Touch Pad Helper still asks for permission to run at every start up.


  • 0

#20
zep516
Posted 15 May 2016 - 03:18 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Lets look a little deeper, run combofix, most important disable Avast realtime scanning and download Combofix to the desktop.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer



Please post the Log from Combofix
  • 0

#21
John Aukerman
Posted 15 May 2016 - 03:26 PM

John Aukerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 284 posts

Avast disabled. Starting to download Combofix.


  • 0

#22
John Aukerman
Posted 15 May 2016 - 07:18 PM

John Aukerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 284 posts

I ran ComboFix twice now. No log to be found.


  • 0

#23
zep516
Posted 15 May 2016 - 07:22 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Nothing on the c drive ?

Should be at--> C/combofix.txt
  • 0

#24
John Aukerman
Posted 15 May 2016 - 08:28 PM

John Aukerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 284 posts

No. I was looking on the desktop. But now I looked in C: and it's not there either.

 

You wrote, "Double click on combofix.exe & follow the prompts." But there were no prompts it just started extracting files. I don't know how long it ran, because I watched for a while then walked away. I have now run it three times. No combofix.txt anywhere on the computer.


  • 0

#25
zep516
Posted 15 May 2016 - 08:33 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Don't run it anymore.

Post another frst log so I can see what or if combofix did anything.
  • 0

Advertisements

#26
John Aukerman
Posted 16 May 2016 - 05:10 AM

John Aukerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 284 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:14-05-2016
Ran by Acer Owner (administrator) on ASPIRE-5517 (15-05-2016 22:39:53)
Running from C:\Users\Acer Owner\Desktop
Loaded Profiles: Acer Owner (Available Profiles: Acer Owner)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
() C:\Windows\SysWOW64\PSIService.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
() C:\32788R22FWJFW\License\iexplore.exe
(Microsoft Corporation) C:\32788R22FWJFW\cmd.3XE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [828960 2009-08-06] (Acer Incorporated)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-08-06] (Egis Technology Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated)
HKLM\...\Run: [Corel Photo Downloader] => C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe [531272 2007-09-12] (Corel, Inc.)
HKLM-x32\...\Run: [EgisTecLiveUpdate] => C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Acer Assist Launcher] => C:\Program Files (x86)\Acer\Acer Assist\launcher.exe [1261568 2007-11-19] ()
HKLM-x32\...\Run: [RemoteControl8] => C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128232 2009-02-04] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [PdxRegCl] => c:\Program Files (x86)\Corel\Paradox\Programs\PdxRegCl.exe [54632 2010-03-10] (Corel Corporation)
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe [244208 2008-05-14] (Sonic Solutions)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
HKLM-x32\...\Run: [Adobe Photo Downloader] => "C:\Program Files (x86)\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7400576 2016-05-12] (AVAST Software)
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.jse <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: bcdedit.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.js <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.js <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.js <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\cryptopreventsetup.exe <====== ATTENTION
HKU\S-1-5-21-256707101-2596442264-1035872815-1000\...\Run: [Global Registration] => "C:\Program Files (x86)\Acer\Registration\GREG.exe" BOOT
HKU\S-1-5-21-256707101-2596442264-1035872815-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23484296 2016-04-25] (Google)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-03-25] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [iCloud] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-05-11] (AVAST Software)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\psdprotect.dll [2009-08-06] (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\psdprotect.dll [2009-08-06] (Egis Technology Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{2539EDCB-3B65-45A6-A8D1-FFB335216F52}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{D3D2E87F-7419-4B3D-9F3E-DA6AB638F12A}: [DhcpNameServer] 192.168.200.2

Internet Explorer:
==================
HKU\S-1-5-21-256707101-2596442264-1035872815-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5517&r=27360315f735l03e4z155t48j2x228
HKU\S-1-5-21-256707101-2596442264-1035872815-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5517&r=27360315f735l03e4z155t48j2x228
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-04-22] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-04-22] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-09-23] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Acer Owner\AppData\Roaming\Mozilla\Firefox\Profiles\n3oox4og.default-1452173319833
FF DefaultSearchEngine.US: Google
FF Homepage: hxxps://www.facebook.com/?_rdr=p
hxxps://mail.google.com/mail/u/0/#inbox
hxxps://calendar.google.com/calendar/render?tab=mc#main_7%7Cday-1+23590+23590+23590
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-13] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-08-26] (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-03] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-02-26] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-11]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-05-11]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF

Chrome:
=======
CHR Profile: C:\Users\Acer Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Acer Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-02]
CHR Extension: (Google Drive) - C:\Users\Acer Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-02]
CHR Extension: (YouTube) - C:\Users\Acer Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-02]
CHR Extension: (Google Search) - C:\Users\Acer Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-04-02]
CHR Extension: (Google Docs Offline) - C:\Users\Acer Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Acer Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-03-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Acer Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-02]
CHR Extension: (Gmail) - C:\Users\Acer Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-02]
CHR HKU\S-1-5-21-256707101-2596442264-1035872815-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-04-22]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-04-22]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-05-11] (AVAST Software)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [311592 2009-08-06] (Egis Technology Inc.)
R2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-05-11] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-05-11] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-05-11] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-05-11] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-05-11] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-05-11] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-05-11] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-05-11] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-05-11] (AVAST Software)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-04-22] (Malwarebytes)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-15 22:41 - 2016-05-15 22:42 - 00000000 ___SD C:\ComboFix
2016-05-15 22:39 - 2016-05-15 22:44 - 00047466 _____ C:\Users\Acer Owner\Desktop\FRST.txt
2016-05-15 21:09 - 2016-05-15 21:09 - 00000000 ___RD C:\Users\Acer Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
2016-05-15 17:34 - 2016-05-15 22:41 - 00000000 ____D C:\Qoobox
2016-05-15 17:31 - 2016-05-15 17:31 - 00000000 ____D C:\Windows\erdnt
2016-05-15 17:27 - 2016-05-15 17:27 - 05658358 ____R (Swearware) C:\Users\Acer Owner\Desktop\ComboFix.exe
2016-05-15 17:26 - 2016-05-15 17:26 - 00000000 ____D C:\0c8b2379cf4b9ac95189f50605
2016-05-13 07:55 - 2016-05-13 07:58 - 01610816 _____ (Malwarebytes) C:\Users\Acer Owner\Desktop\JRT.exe
2016-05-12 21:10 - 2016-05-13 07:09 - 00000000 ____D C:\AdwCleaner
2016-05-12 21:08 - 2016-05-12 21:09 - 03640384 _____ C:\Users\Acer Owner\Desktop\adwcleaner_5.116.exe
2016-05-11 20:43 - 2016-05-15 22:39 - 00000000 ____D C:\FRST
2016-05-11 20:40 - 2016-05-14 18:51 - 02382336 _____ (Farbar) C:\Users\Acer Owner\Desktop\FRST64.exe
2016-05-11 10:23 - 2016-05-11 16:01 - 00000000 ____D C:\Program Files\Intel
2016-05-11 10:12 - 2016-05-11 10:12 - 00000000 ____D C:\ProgramData\Package Cache
2016-05-11 10:11 - 2016-05-11 10:10 - 00398152 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-05-11 10:08 - 2016-05-11 10:08 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-04-23 06:32 - 2016-04-23 06:32 - 00053248 _____ C:\Windows\SysWOW64\zlib.dll
2016-04-23 06:32 - 2016-04-23 06:32 - 00001176 _____ C:\Users\Acer Owner\CryptoPrevent.lnk
2016-04-23 06:32 - 2016-04-23 06:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foolish IT
2016-04-23 06:32 - 2016-04-23 06:32 - 00000000 ____D C:\ProgramData\Foolish IT
2016-04-23 06:32 - 2016-04-23 06:32 - 00000000 ____D C:\Program Files (x86)\Foolish IT
2016-04-22 18:38 - 2016-05-11 10:34 - 00003896 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1461364672
2016-04-22 18:38 - 2016-04-22 18:38 - 00001041 _____ C:\Users\Acer Owner\Avast SafeZone Browser.lnk
2016-04-22 18:38 - 2016-04-22 18:38 - 00001041 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-04-22 18:37 - 2016-05-11 10:06 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-04-22 18:34 - 2016-04-23 06:40 - 00000000 ____D C:\Program Files\Common Files\AV
2016-04-22 18:34 - 2016-04-22 18:34 - 00001926 _____ C:\Users\Acer Owner\Avast Free Antivirus.lnk
2016-04-22 18:34 - 2016-04-22 18:34 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-04-22 18:34 - 2016-04-22 18:34 - 00000000 ____D C:\Users\Acer Owner\AppData\Roaming\AVAST Software
2016-04-22 18:34 - 2016-04-22 18:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-04-22 18:33 - 2016-05-15 17:37 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-04-22 18:33 - 2016-05-11 10:10 - 00465792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-04-22 18:33 - 2016-05-11 10:10 - 00287528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-04-22 18:33 - 2016-05-11 10:10 - 00166432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-04-22 18:33 - 2016-05-11 10:10 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-04-22 18:33 - 2016-05-11 10:10 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-04-22 18:33 - 2016-05-11 10:10 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-04-22 18:33 - 2016-05-11 10:10 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-04-22 18:33 - 2016-05-11 10:07 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-04-22 18:31 - 2016-04-22 18:36 - 00000000 ____D C:\Program Files\AVAST Software
2016-04-22 18:30 - 2016-04-22 18:36 - 00000000 ____D C:\ProgramData\AVAST Software
2016-04-22 17:33 - 2015-12-16 14:55 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2016-04-22 17:33 - 2015-12-16 14:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2016-04-22 17:33 - 2015-12-16 14:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2016-04-22 17:33 - 2015-12-16 14:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2016-04-22 17:33 - 2015-12-16 14:48 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2016-04-22 17:33 - 2015-12-16 14:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2016-04-22 17:33 - 2015-12-16 14:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2016-04-22 17:33 - 2015-12-16 14:47 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2016-04-22 17:33 - 2015-12-16 10:38 - 00419928 _____ C:\Windows\SysWOW64\locale.nls
2016-04-22 17:33 - 2015-12-16 10:37 - 00419928 _____ C:\Windows\system32\locale.nls
2016-04-22 17:32 - 2016-03-09 15:00 - 00444416 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-04-22 17:32 - 2016-03-09 15:00 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2016-04-22 17:32 - 2016-03-09 14:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-04-22 17:32 - 2016-03-09 14:40 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-04-22 17:32 - 2016-03-09 14:40 - 00316416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2016-04-22 17:32 - 2016-03-09 14:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-04-22 17:32 - 2016-02-01 15:08 - 00114624 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-04-22 17:32 - 2016-02-01 14:59 - 03243008 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-04-22 17:32 - 2016-02-01 14:59 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-04-22 17:32 - 2016-02-01 14:59 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-04-22 17:32 - 2016-02-01 14:56 - 01940992 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-04-22 17:32 - 2016-02-01 14:56 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-04-22 17:32 - 2016-02-01 14:49 - 02364928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-04-22 17:32 - 2016-02-01 14:49 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-04-22 17:32 - 2016-02-01 14:49 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-04-22 17:32 - 2016-02-01 14:45 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-04-22 16:53 - 2016-04-22 16:54 - 00000000 ___SD C:\Windows\system32\GWX
2016-04-22 16:53 - 2016-04-22 16:53 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-04-22 16:25 - 2016-04-22 16:28 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-22 15:27 - 2016-04-22 15:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-22 15:26 - 2016-04-22 15:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-22 15:26 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-04-22 15:26 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-04-22 15:26 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-04-22 12:42 - 2015-01-08 23:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2016-04-22 12:42 - 2015-01-08 23:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2016-04-22 12:42 - 2015-01-08 23:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2016-04-22 12:42 - 2015-01-08 22:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2016-04-22 12:41 - 2015-05-25 14:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2016-04-22 12:41 - 2015-05-25 14:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2016-04-22 12:41 - 2015-05-25 14:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2016-04-22 12:41 - 2015-05-25 14:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2016-04-22 12:41 - 2015-05-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2016-04-22 12:41 - 2015-05-25 14:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2016-04-22 12:41 - 2015-05-25 14:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2016-04-22 12:41 - 2015-05-25 14:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2016-04-22 12:41 - 2015-05-25 14:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2016-04-22 12:41 - 2015-05-25 14:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2016-04-22 12:41 - 2015-05-25 14:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2016-04-22 12:41 - 2015-05-25 14:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2016-04-22 12:38 - 2016-03-17 19:04 - 05551336 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-04-22 12:38 - 2016-03-17 19:04 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-04-22 12:38 - 2016-03-17 19:04 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-04-22 12:38 - 2016-03-17 19:04 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-04-22 12:38 - 2016-03-17 19:01 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-04-22 12:38 - 2016-03-17 19:01 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-04-22 12:38 - 2016-03-17 18:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-04-22 12:38 - 2016-03-17 18:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-04-22 12:38 - 2016-03-17 18:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-04-22 12:38 - 2016-03-17 18:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-04-22 12:38 - 2016-03-17 18:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-04-22 12:38 - 2016-03-17 18:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-04-22 12:38 - 2016-03-17 18:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-04-22 12:38 - 2016-03-17 18:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-04-22 12:38 - 2016-03-17 18:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-04-22 12:38 - 2016-03-17 18:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-04-22 12:38 - 2016-03-17 18:57 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-04-22 12:38 - 2016-03-17 18:57 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-04-22 12:38 - 2016-03-17 18:57 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-04-22 12:38 - 2016-03-17 18:57 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-04-22 12:38 - 2016-03-17 18:57 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-04-22 12:38 - 2016-03-17 18:56 - 02084864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-04-22 12:38 - 2016-03-17 18:56 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-04-22 12:38 - 2016-03-17 18:54 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-04-22 12:38 - 2016-03-17 18:54 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-04-22 12:38 - 2016-03-17 18:53 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-04-22 12:38 - 2016-03-17 18:53 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-04-22 12:38 - 2016-03-17 18:53 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-04-22 12:38 - 2016-03-17 18:53 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-04-22 12:38 - 2016-03-17 18:50 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-04-22 12:38 - 2016-03-17 18:50 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-04-22 12:38 - 2016-03-17 18:50 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-04-22 12:38 - 2016-03-17 18:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-04-22 12:38 - 2016-03-17 18:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-04-22 12:38 - 2016-03-17 18:50 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-04-22 12:38 - 2016-03-17 18:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-04-22 12:38 - 2016-03-17 18:36 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-04-22 12:38 - 2016-03-17 18:36 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-04-22 12:38 - 2016-03-17 18:33 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-04-22 12:38 - 2016-03-17 18:31 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-04-22 12:38 - 2016-03-17 18:31 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-04-22 12:38 - 2016-03-17 18:31 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-04-22 12:38 - 2016-03-17 18:31 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-04-22 12:38 - 2016-03-17 18:30 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-04-22 12:38 - 2016-03-17 18:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-04-22 12:38 - 2016-03-17 18:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-04-22 12:38 - 2016-03-17 18:29 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-04-22 12:38 - 2016-03-17 18:29 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-04-22 12:38 - 2016-03-17 18:29 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-04-22 12:38 - 2016-03-17 18:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-04-22 12:38 - 2016-03-17 18:27 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-04-22 12:38 - 2016-03-17 18:27 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-04-22 12:38 - 2016-03-17 18:26 - 00553984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-04-22 12:38 - 2016-03-17 18:24 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-04-22 12:38 - 2016-03-17 18:24 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-04-22 12:38 - 2016-03-17 18:24 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-04-22 12:38 - 2016-03-17 17:53 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-04-22 12:38 - 2016-03-17 17:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-04-22 12:38 - 2016-03-17 17:44 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-04-22 12:38 - 2016-03-17 17:43 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-04-22 12:38 - 2016-03-17 17:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-04-22 12:38 - 2016-03-17 17:37 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-04-22 12:38 - 2016-03-17 17:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-04-22 12:38 - 2016-03-17 17:35 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-04-22 12:38 - 2016-03-17 17:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-04-22 12:38 - 2016-03-17 17:29 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-04-22 12:37 - 2016-03-17 18:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-04-22 12:37 - 2016-03-17 18:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-04-22 12:37 - 2016-03-17 18:50 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-04-22 12:37 - 2016-03-17 18:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-04-22 12:37 - 2016-03-17 18:50 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-04-22 12:37 - 2016-03-17 18:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-04-22 12:37 - 2016-03-17 18:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-22 12:37 - 2016-03-17 18:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-22 12:37 - 2016-03-17 18:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-22 12:37 - 2016-03-17 18:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-04-22 12:37 - 2016-03-17 18:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-22 12:37 - 2016-03-17 18:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-04-22 12:37 - 2016-03-17 18:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-22 12:37 - 2016-03-17 18:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-22 12:37 - 2016-03-17 18:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-22 12:37 - 2016-03-17 18:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-04-22 12:37 - 2016-03-17 18:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-04-22 12:37 - 2016-03-17 18:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-22 12:37 - 2016-03-17 18:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-04-22 12:37 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-04-22 12:37 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-04-22 12:37 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-04-22 12:37 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-04-22 12:37 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-04-22 12:37 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-22 12:37 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-04-22 12:37 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-04-22 12:37 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-22 12:37 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-04-22 12:37 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-04-22 12:37 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-04-22 12:37 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-04-22 12:37 - 2016-03-17 18:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-04-22 12:37 - 2016-03-17 18:27 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-04-22 12:37 - 2016-03-17 18:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-04-22 12:37 - 2016-03-17 18:25 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-04-22 12:37 - 2016-03-17 18:24 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-04-22 12:37 - 2016-03-17 18:24 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-04-22 12:37 - 2016-03-17 18:24 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-04-22 12:37 - 2016-03-17 18:24 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-22 12:37 - 2016-03-17 18:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-22 12:37 - 2016-03-17 18:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-04-22 12:37 - 2016-03-17 18:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-04-22 12:37 - 2016-03-17 18:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-22 12:37 - 2016-03-17 18:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-04-22 12:37 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-22 12:37 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-22 12:37 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-04-22 12:37 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-22 12:37 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-22 12:37 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-04-22 12:37 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-04-22 12:37 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-22 12:37 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-04-22 12:37 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-04-22 12:37 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-04-22 12:37 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-04-22 12:37 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-22 12:37 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-04-22 12:37 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-04-22 12:37 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-04-22 12:37 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-04-22 12:37 - 2016-03-17 17:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-04-22 12:37 - 2016-03-17 17:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-04-22 12:37 - 2016-03-17 17:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-04-22 12:37 - 2016-03-17 17:30 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-04-22 12:37 - 2016-03-17 17:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-04-22 12:37 - 2016-03-17 17:30 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-04-22 12:37 - 2016-03-17 17:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-04-22 12:37 - 2016-03-17 17:29 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-04-22 12:37 - 2016-03-17 17:29 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-22 12:37 - 2016-03-17 17:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-04-22 12:37 - 2016-03-17 17:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-04-22 12:34 - 2015-07-22 20:02 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2016-04-22 12:34 - 2015-07-22 12:48 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2016-04-22 12:33 - 2015-07-22 20:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2016-04-22 12:33 - 2015-07-22 13:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2016-04-22 12:26 - 2016-03-31 15:25 - 00394952 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-04-22 12:26 - 2016-03-31 14:41 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-04-22 12:26 - 2016-03-30 20:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-04-22 12:26 - 2016-03-30 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-04-22 12:26 - 2016-03-30 20:31 - 02892800 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-04-22 12:26 - 2016-03-30 20:28 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-04-22 12:26 - 2016-03-30 20:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-04-22 12:26 - 2016-03-30 20:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-04-22 12:26 - 2016-03-30 20:22 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-04-22 12:26 - 2016-03-30 20:21 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-04-22 12:26 - 2016-03-30 20:17 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-04-22 12:26 - 2016-03-30 20:11 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-04-22 12:26 - 2016-03-30 20:03 - 20352512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-04-22 12:26 - 2016-03-30 20:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-04-22 12:26 - 2016-03-30 20:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-04-22 12:26 - 2016-03-30 19:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-04-22 12:26 - 2016-03-30 19:55 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-04-22 12:26 - 2016-03-30 19:53 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-04-22 12:26 - 2016-03-30 19:53 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-04-22 12:26 - 2016-03-30 19:52 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-04-22 12:26 - 2016-03-30 19:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-04-22 12:26 - 2016-03-30 19:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-04-22 12:26 - 2016-03-30 19:52 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-04-22 12:26 - 2016-03-30 19:51 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-04-22 12:26 - 2016-03-30 19:48 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-04-22 12:26 - 2016-03-30 19:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-04-22 12:26 - 2016-03-30 19:46 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-04-22 12:26 - 2016-03-30 19:45 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-04-22 12:26 - 2016-03-30 19:45 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-04-22 12:26 - 2016-03-30 19:45 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-04-22 12:26 - 2016-03-30 19:43 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-04-22 12:26 - 2016-03-30 19:43 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-04-22 12:26 - 2016-03-30 19:42 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-04-22 12:26 - 2016-03-30 19:38 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-04-22 12:26 - 2016-03-30 19:34 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-04-22 12:26 - 2016-03-30 19:33 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-04-22 12:26 - 2016-03-30 19:31 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-04-22 12:26 - 2016-03-30 19:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-04-22 12:26 - 2016-03-30 19:30 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-04-22 12:26 - 2016-03-30 19:30 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-04-22 12:26 - 2016-03-30 19:29 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-04-22 12:26 - 2016-03-30 19:24 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-04-22 12:26 - 2016-03-30 19:23 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-04-22 12:26 - 2016-03-30 19:23 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-04-22 12:26 - 2016-03-30 19:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-04-22 12:26 - 2016-03-30 19:21 - 13811712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-04-22 12:26 - 2016-03-30 19:18 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-04-22 12:26 - 2016-03-30 19:06 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-04-22 12:26 - 2016-03-30 19:05 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-04-22 12:26 - 2016-03-30 19:02 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-04-22 12:26 - 2016-03-30 19:00 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-04-22 12:25 - 2016-03-30 20:54 - 25817600 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-04-22 12:25 - 2016-03-30 20:27 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-04-22 12:25 - 2016-03-30 20:27 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-04-22 12:25 - 2016-03-30 20:25 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-04-22 12:25 - 2016-03-30 20:19 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-04-22 12:25 - 2016-03-30 20:17 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-04-22 12:25 - 2016-03-30 20:17 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-04-22 12:25 - 2016-03-30 20:17 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-04-22 12:25 - 2016-03-30 20:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-04-22 12:25 - 2016-03-30 19:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-04-22 12:25 - 2016-03-30 19:56 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-04-22 12:25 - 2016-03-30 19:45 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-04-22 12:25 - 2016-03-30 19:42 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-04-22 12:25 - 2016-03-30 19:39 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-04-22 12:25 - 2016-03-30 19:30 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-04-22 12:09 - 2016-04-04 14:14 - 00038120 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-04-22 12:09 - 2016-04-04 14:02 - 01169408 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-04-22 12:09 - 2016-04-02 09:08 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-04-22 12:09 - 2016-03-23 10:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-04-22 12:09 - 2016-03-17 14:04 - 00698368 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-04-22 12:09 - 2016-03-17 14:04 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-04-22 12:09 - 2016-03-17 14:04 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-04-22 12:09 - 2016-03-17 14:04 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-04-22 11:50 - 2016-04-22 16:50 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-04-22 11:50 - 2016-04-22 11:50 - 00001945 _____ C:\Windows\epplauncher.mif
2016-04-22 11:49 - 2016-01-22 02:19 - 14179840 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-04-22 11:49 - 2016-01-22 02:15 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-04-22 11:49 - 2016-01-22 02:05 - 12877824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-04-22 11:49 - 2016-01-22 02:00 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-04-22 11:49 - 2016-01-22 01:19 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-04-22 11:49 - 2016-01-22 01:12 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-04-22 11:41 - 2016-04-22 11:44 - 00001655 _____ C:\DelFix.txt
2016-04-22 11:41 - 2016-04-22 11:41 - 00000000 ____D C:\Windows\ERUNT
2016-04-21 15:38 - 2016-05-11 12:03 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-04-21 15:38 - 2016-04-21 15:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-04-21 15:30 - 2016-04-21 15:30 - 00003196 _____ C:\Windows\System32\Tasks\{A0317D07-F00C-4A9E-B226-EA883032474A}
2016-04-21 14:48 - 2016-04-21 14:48 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2016-04-21 14:48 - 2016-04-21 14:48 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2016-04-21 14:48 - 2016-04-21 14:48 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2016-04-21 14:48 - 2016-04-21 14:48 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2016-04-21 14:48 - 2016-04-21 14:48 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2016-04-21 14:48 - 2016-04-21 14:48 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2016-04-21 14:48 - 2016-04-21 14:48 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2016-04-21 14:48 - 2016-04-21 14:48 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2016-04-21 14:48 - 2016-04-21 14:48 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2016-04-21 14:48 - 2016-04-21 14:48 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2016-04-21 14:48 - 2016-04-21 14:48 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2016-04-21 14:48 - 2016-04-21 14:48 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2016-04-21 14:48 - 2016-04-21 14:48 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2016-04-21 14:48 - 2016-04-21 14:48 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2016-04-21 14:48 - 2016-04-21 14:48 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2016-04-21 14:48 - 2016-04-21 14:48 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2016-04-21 14:48 - 2016-04-21 14:48 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2016-04-21 14:48 - 2016-04-21 14:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2016-04-21 14:48 - 2016-04-21 14:48 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2016-04-21 14:48 - 2016-04-21 14:48 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2016-04-21 14:48 - 2016-04-21 14:48 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2016-04-21 14:48 - 2016-04-21 14:48 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2016-04-21 14:48 - 2016-04-21 14:48 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2016-04-21 14:48 - 2016-04-21 14:48 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2016-04-21 14:48 - 2016-04-21 14:48 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2016-04-21 14:48 - 2016-04-21 14:48 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2016-04-21 14:48 - 2016-04-21 14:48 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2016-04-21 14:48 - 2016-04-21 14:48 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2016-04-21 14:48 - 2016-04-21 14:48 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2016-04-21 14:48 - 2016-04-21 14:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2016-04-21 14:48 - 2016-04-21 14:48 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2016-04-21 14:48 - 2016-04-21 14:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2016-04-21 14:48 - 2016-04-21 14:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2016-04-21 14:48 - 2016-04-21 14:48 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2016-04-21 14:48 - 2016-04-21 14:48 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2016-04-21 14:48 - 2016-04-21 14:48 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2016-04-21 14:48 - 2016-04-21 14:48 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2016-04-21 14:48 - 2016-04-21 14:48 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2016-04-21 14:48 - 2016-04-21 14:48 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2016-04-21 14:48 - 2016-04-21 14:48 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2016-04-21 14:48 - 2016-04-21 14:48 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2016-04-21 14:48 - 2016-04-21 14:48 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2016-04-17 19:15 - 2016-04-17 19:15 - 00000000 ____D C:\Users\Acer Owner\Documents\My Corel Shows
2016-04-17 19:15 - 2016-04-17 19:15 - 00000000 ____D C:\Users\Acer Owner\AppData\Local\Corel
2016-04-17 19:13 - 2016-04-17 19:13 - 00000952 ___SH C:\Windows\SysWOW64\KGyGaAvL.sys
2016-04-15 19:30 - 2016-02-02 14:57 - 00511488 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2016-04-15 19:30 - 2016-01-06 15:02 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-04-15 19:30 - 2015-12-08 17:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-04-15 19:30 - 2015-12-08 17:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-04-15 19:30 - 2015-12-08 17:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-04-15 19:30 - 2015-12-08 17:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-04-15 19:30 - 2015-12-08 17:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-04-15 19:30 - 2015-12-08 17:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-04-15 19:30 - 2015-12-08 17:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2016-04-15 19:30 - 2015-12-08 17:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-04-15 19:30 - 2015-12-08 17:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-04-15 19:30 - 2015-12-08 17:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-04-15 19:30 - 2015-12-08 17:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-04-15 19:30 - 2015-12-08 17:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-04-15 19:30 - 2015-12-08 17:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-04-15 19:30 - 2015-12-08 17:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-04-15 19:30 - 2015-12-08 17:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-04-15 19:30 - 2015-12-08 17:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2016-04-15 19:30 - 2015-12-08 17:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-04-15 19:30 - 2015-12-08 17:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-04-15 19:30 - 2015-12-08 17:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-04-15 19:30 - 2015-12-08 17:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-04-15 19:30 - 2015-12-08 17:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-04-15 19:30 - 2015-12-08 17:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-04-15 19:30 - 2015-12-08 17:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-04-15 19:30 - 2015-12-08 17:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-04-15 19:30 - 2015-12-08 17:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2016-04-15 19:30 - 2015-12-08 17:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-04-15 19:30 - 2015-12-08 17:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-04-15 19:30 - 2015-12-08 17:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-04-15 19:30 - 2015-12-08 17:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-04-15 19:30 - 2015-12-08 17:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-04-15 19:30 - 2015-12-08 17:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-04-15 19:30 - 2015-12-08 17:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-04-15 19:30 - 2015-12-08 17:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-04-15 19:30 - 2015-12-08 17:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll
2016-04-15 19:30 - 2015-12-08 17:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-04-15 19:30 - 2015-12-08 15:07 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-04-15 19:30 - 2015-12-08 15:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-04-15 19:30 - 2015-12-08 15:07 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-04-15 19:30 - 2015-12-08 15:07 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-04-15 19:30 - 2015-12-08 15:07 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-04-15 19:30 - 2015-12-08 15:07 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-04-15 19:30 - 2015-12-08 15:07 - 01393152 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll
2016-04-15 19:30 - 2015-12-08 15:07 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-04-15 19:30 - 2015-12-08 15:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-04-15 19:30 - 2015-12-08 15:07 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-04-15 19:30 - 2015-12-08 15:07 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-04-15 19:30 - 2015-12-08 15:07 - 01026048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-04-15 19:30 - 2015-12-08 15:07 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2016-04-15 19:30 - 2015-12-08 15:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-04-15 19:30 - 2015-12-08 15:07 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-04-15 19:30 - 2015-12-08 15:07 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-04-15 19:30 - 2015-12-08 15:07 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-04-15 19:30 - 2015-12-08 15:07 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-04-15 19:30 - 2015-12-08 15:07 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-04-15 19:30 - 2015-12-08 15:07 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-04-15 19:30 - 2015-12-08 15:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-04-15 19:30 - 2015-12-08 15:07 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2016-04-15 19:30 - 2015-12-08 15:07 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-04-15 19:30 - 2015-12-08 15:07 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-04-15 19:30 - 2015-12-08 15:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-04-15 19:30 - 2015-12-08 15:07 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-04-15 19:30 - 2015-12-08 15:07 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-04-15 19:30 - 2015-12-08 15:07 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-04-15 19:30 - 2015-12-08 15:07 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-04-15 19:30 - 2015-12-08 15:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-04-15 19:30 - 2015-12-08 15:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-04-15 19:30 - 2015-12-08 15:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-04-15 19:30 - 2015-12-08 15:07 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-04-15 19:30 - 2015-12-08 15:07 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-04-15 19:30 - 2015-12-08 15:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2016-04-15 19:30 - 2015-12-08 15:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-04-15 19:30 - 2015-12-08 15:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-04-15 19:30 - 2015-12-08 15:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-04-15 19:30 - 2015-12-08 14:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-04-15 19:30 - 2015-12-08 14:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-04-15 19:30 - 2015-12-08 14:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2016-04-15 19:29 - 2016-03-15 20:16 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-04-15 19:29 - 2016-03-15 20:16 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-04-15 19:29 - 2016-03-15 19:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2016-04-15 19:29 - 2016-02-05 14:56 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll
2016-04-15 19:29 - 2016-02-05 14:54 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2016-04-15 19:29 - 2016-02-05 13:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tbs.dll
2016-04-15 19:29 - 2016-02-04 21:19 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-04-15 19:29 - 2016-02-04 14:41 - 00296448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2016-04-15 19:29 - 2015-10-29 13:50 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2016-04-15 19:29 - 2015-10-29 13:50 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2016-04-15 19:29 - 2015-10-29 13:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2016-04-15 19:29 - 2015-10-29 13:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2016-04-15 19:29 - 2015-10-29 13:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2016-04-15 19:29 - 2015-10-29 13:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2016-04-15 19:29 - 2015-10-29 13:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2016-04-15 19:29 - 2015-10-13 12:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2016-04-15 19:29 - 2015-10-13 12:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2016-04-15 19:29 - 2015-06-03 16:21 - 00451080 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2016-04-15 19:28 - 2016-03-16 14:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-04-15 19:28 - 2016-03-16 14:28 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-04-15 19:28 - 2016-03-16 14:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-04-15 19:28 - 2016-03-06 14:53 - 01885696 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-04-15 19:28 - 2016-03-06 14:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2016-04-15 19:28 - 2016-03-06 14:38 - 01240576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2016-04-15 19:28 - 2016-03-06 14:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2016-04-15 19:28 - 2016-02-09 05:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2016-04-15 19:28 - 2016-02-05 14:54 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-04-15 19:28 - 2016-02-05 14:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-04-15 19:28 - 2016-02-05 14:53 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-04-15 19:28 - 2016-02-05 14:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-04-15 19:28 - 2016-02-05 14:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-04-15 19:28 - 2016-02-05 14:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-04-15 19:28 - 2016-02-05 14:42 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-04-15 19:28 - 2016-02-05 13:48 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-04-15 19:28 - 2016-02-05 13:43 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-04-15 19:28 - 2016-02-05 13:43 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-04-15 19:28 - 2016-02-03 14:58 - 00862208 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-04-15 19:28 - 2016-02-03 14:52 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-04-15 19:28 - 2016-02-03 14:49 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-04-15 19:28 - 2016-02-03 14:43 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-04-15 19:28 - 2016-02-03 14:07 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2016-04-15 19:28 - 2016-01-20 20:51 - 00073664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2016-04-15 19:28 - 2016-01-11 15:11 - 01684416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2016-04-15 19:28 - 2016-01-07 13:42 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-04-15 19:28 - 2015-12-20 14:50 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-04-15 19:28 - 2015-12-20 14:50 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2016-04-15 19:28 - 2015-12-20 10:08 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-04-15 19:28 - 2015-12-08 17:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-04-15 19:28 - 2015-12-08 15:07 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-04-15 19:28 - 2015-11-19 10:07 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-04-15 19:28 - 2015-11-19 10:07 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-04-15 19:28 - 2015-11-19 10:07 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-04-15 19:28 - 2015-11-19 10:07 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-04-15 19:28 - 2015-11-19 10:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-04-15 19:28 - 2015-11-19 10:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-04-15 19:28 - 2015-11-19 10:07 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-04-15 19:28 - 2015-11-19 10:07 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-04-15 19:28 - 2015-11-19 10:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-04-15 19:28 - 2015-11-19 10:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-04-15 19:28 - 2015-11-19 10:07 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-04-15 19:28 - 2015-11-19 10:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-04-15 19:28 - 2015-11-19 10:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-04-15 19:28 - 2015-11-19 10:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-04-15 19:28 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-04-15 19:28 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-04-15 19:28 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-04-15 19:28 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-04-15 19:28 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-04-15 19:28 - 2015-11-19 10:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-04-15 19:28 - 2015-11-19 10:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-04-15 19:28 - 2015-11-19 10:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-04-15 19:28 - 2015-11-19 10:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-04-15 19:28 - 2015-11-19 10:06 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-04-15 19:28 - 2015-11-19 10:06 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-04-15 19:28 - 2015-11-19 10:06 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-04-15 19:28 - 2015-11-19 10:06 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-04-15 19:28 - 2015-11-19 10:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-04-15 19:28 - 2015-11-19 10:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-04-15 19:28 - 2015-11-19 10:06 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-04-15 19:28 - 2015-11-19 10:06 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-04-15 19:28 - 2015-11-19 10:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-04-15 19:28 - 2015-11-19 10:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-04-15 19:28 - 2015-11-19 10:06 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-04-15 19:28 - 2015-11-19 10:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-04-15 19:28 - 2015-11-19 10:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-04-15 19:28 - 2015-11-19 10:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-04-15 19:28 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-04-15 19:28 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-04-15 19:28 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-04-15 19:28 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-04-15 19:28 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-04-15 19:28 - 2015-11-19 10:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-04-15 19:28 - 2015-11-19 10:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-04-15 19:28 - 2015-11-19 10:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-04-15 19:28 - 2015-11-19 10:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-04-15 19:28 - 2015-11-13 19:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2016-04-15 19:28 - 2015-11-13 19:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2016-04-15 19:28 - 2015-11-13 19:08 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2016-04-15 19:28 - 2015-11-13 18:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
2016-04-15 19:28 - 2015-11-13 18:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
2016-04-15 19:28 - 2015-11-13 18:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
2016-04-15 19:28 - 2015-11-11 14:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2016-04-15 19:28 - 2015-11-11 14:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2016-04-15 19:28 - 2015-11-11 14:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2016-04-15 19:28 - 2015-11-11 14:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2016-04-15 19:28 - 2015-11-05 15:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2016-04-15 19:28 - 2015-11-05 15:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2016-04-15 19:28 - 2015-11-05 05:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2016-04-15 19:28 - 2015-11-03 15:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2016-04-15 19:28 - 2015-11-03 14:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2016-04-15 19:14 - 2016-01-22 02:18 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-04-15 19:14 - 2016-01-22 02:18 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-04-15 19:14 - 2016-01-22 02:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-04-15 19:14 - 2016-01-22 02:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2016-04-15 19:07 - 2016-03-11 14:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-04-15 19:07 - 2016-03-11 14:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-04-15 19:07 - 2016-02-09 05:57 - 14634496 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-04-15 19:07 - 2016-02-09 05:57 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-04-15 19:07 - 2016-02-09 05:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-04-15 19:07 - 2016-02-09 05:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-04-15 19:07 - 2016-02-09 05:54 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-04-15 19:07 - 2016-02-09 05:51 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-04-15 19:07 - 2016-02-09 05:51 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-04-15 19:07 - 2016-02-09 05:13 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2016-04-15 19:07 - 2016-02-09 05:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2016-04-15 19:07 - 2016-02-09 05:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2016-04-15 19:07 - 2015-10-13 00:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2016-04-15 18:35 - 2015-12-08 17:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-04-15 18:35 - 2015-12-08 15:07 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-04-15 18:35 - 2015-11-03 15:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2016-04-15 18:35 - 2015-11-03 14:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2016-04-15 17:21 - 2015-11-10 14:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-04-15 17:21 - 2015-11-10 14:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-04-15 17:21 - 2015-11-10 14:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-04-15 17:21 - 2015-11-10 14:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2016-04-15 17:21 - 2015-11-10 14:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-04-15 17:16 - 2016-03-29 13:53 - 03216896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-04-15 12:26 - 2016-04-15 12:26 - 00000000 ____D C:\Users\Acer Owner\AppData\Roaming\TeamViewer
2016-04-15 12:25 - 2016-04-22 18:28 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-04-15 10:48 - 2016-04-15 10:48 - 00000000 ____D C:\10e66eaf817b553b4a
2016-04-15 10:42 - 2016-04-15 10:42 - 00000000 ____D C:\97cf06725a756c51cb2ccc160a4ea2fb
2016-04-15 07:53 - 2016-04-15 07:53 - 00000000 ____D C:\ea00df742bc09c4fc3b7cd

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-15 22:58 - 2016-01-07 10:18 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-15 22:51 - 2015-10-05 13:28 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-15 22:30 - 2016-01-08 12:30 - 00003368 _____ C:\Windows\System32\Tasks\Acer Registration Data Sending
2016-05-15 22:30 - 2016-01-08 12:30 - 00000354 _____ C:\Windows\Tasks\Acer Registration Data Sending.job
2016-05-15 21:27 - 2009-07-14 00:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-15 21:27 - 2009-07-14 00:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-15 21:11 - 2016-01-07 09:52 - 00000000 ___RD C:\Users\Acer Owner\Google Drive
2016-05-15 21:09 - 2015-10-05 13:28 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-15 21:08 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-15 17:28 - 2015-10-21 14:37 - 00000000 ____D C:\Users\Acer Owner\AppData\Local\CrashDumps
2016-05-15 15:21 - 2015-10-05 13:28 - 00002159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-14 18:37 - 2016-01-07 09:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-05-13 20:09 - 2016-01-07 10:18 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-05-13 20:07 - 2016-01-07 10:17 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-13 20:07 - 2016-01-07 10:17 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-13 07:52 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-05-12 20:48 - 2015-03-25 14:56 - 00000000 ____D C:\Users\Acer Owner
2016-05-11 15:58 - 2015-03-25 18:48 - 00000000 ____D C:\Users\Acer Owner\AppData\Roaming\Skype
2016-05-11 12:19 - 2015-10-05 13:38 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-05-11 12:00 - 2015-03-25 18:47 - 00000000 ____D C:\ProgramData\Skype
2016-05-11 11:54 - 2016-04-12 06:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-04-23 06:36 - 2009-07-14 00:45 - 00487544 _____ C:\Windows\system32\FNTCACHE.DAT
2016-04-23 06:29 - 2015-10-05 13:29 - 00000000 ____D C:\Users\Acer Owner\AppData\Local\Adobe
2016-04-22 18:30 - 2015-03-25 14:56 - 00136744 _____ C:\Users\Acer Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2016-04-22 17:58 - 2009-07-14 01:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-22 17:46 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\tracing
2016-04-22 17:38 - 2015-03-26 16:33 - 00774404 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-04-22 17:13 - 2015-03-25 19:11 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-04-22 17:13 - 2015-03-25 19:11 - 00000000 ____D C:\Windows\system32\appraiser
2016-04-22 17:12 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-04-22 16:08 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2016-04-22 06:57 - 2015-10-05 13:30 - 00000000 ____D C:\Program Files (x86)\Java
2016-04-21 15:38 - 2015-03-25 18:48 - 00000000 ____D C:\Users\Acer Owner\AppData\Local\Skype
2016-04-21 15:34 - 2015-10-05 13:33 - 00000000 ____D C:\Program Files\Java
2016-04-21 15:34 - 2015-10-05 13:30 - 00000000 ____D C:\ProgramData\Oracle
2016-04-21 15:31 - 2015-10-05 13:32 - 00000000 ____D C:\Users\Acer Owner\.oracle_jre_usage
2016-04-21 15:22 - 2015-03-25 15:00 - 00001417 _____ C:\Users\Acer Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-04-21 15:05 - 2015-03-25 15:58 - 00453288 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-04-21 14:40 - 2015-10-05 13:34 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2016-04-17 19:27 - 2015-03-25 17:44 - 00000000 ____D C:\Program Files (x86)\Corel
2016-04-17 19:26 - 2015-03-25 17:47 - 00000000 ____D C:\ProgramData\Corel
2016-04-17 19:26 - 2015-03-25 17:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WordPerfect Office X5
2016-04-17 19:26 - 2009-07-14 03:45 - 00000000 ____D C:\Windows\ShellNew
2016-04-17 19:19 - 2015-10-05 13:42 - 00000000 ____D C:\Program Files (x86)\QuickTime
2016-04-17 19:18 - 2015-03-25 18:06 - 00000031 _____ C:\Windows\QUICKEN.INI
2016-04-17 19:13 - 2015-03-25 18:01 - 00000000 ____D C:\Users\Acer Owner\Documents\My PSP Files
2016-04-17 19:13 - 2015-03-25 18:01 - 00000000 ____D C:\Users\Acer Owner\AppData\Roaming\Corel
2016-04-17 16:57 - 2015-10-05 13:40 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-04-17 16:57 - 2015-10-05 13:39 - 00000000 ____D C:\ProgramData\Apple
2016-04-17 16:51 - 2015-10-05 13:41 - 00000000 ____D C:\ProgramData\Apple Computer
2016-04-17 16:29 - 2015-10-23 12:13 - 00000000 ____D C:\Users\Acer Owner\AppData\Local\ElevatedDiagnostics
2016-04-16 07:18 - 2009-07-14 03:45 - 00000000 ____D C:\Program Files\Windows Journal
2016-04-15 20:46 - 2015-03-25 18:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-04-15 20:44 - 2015-03-25 18:36 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-04-15 20:44 - 2015-03-25 18:36 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-04-15 20:23 - 2015-03-25 18:38 - 00000000 ____D C:\Windows\system32\MRT
2016-04-15 20:17 - 2015-03-25 18:38 - 135176864 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-04-15 15:23 - 2015-03-30 13:40 - 00000000 ____D C:\Program Files\CCleaner

==================== Files in the root of some directories =======

2016-04-02 08:41 - 2016-04-02 08:41 - 0007602 _____ () C:\Users\Acer Owner\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


ATTENTION: ==> Could not access BCD.


LastRegBack: 2016-04-18 18:16

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:14-05-2016
Ran by Acer Owner (2016-05-15 23:01:50)
Running from C:\Users\Acer Owner\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2015-03-25 18:56:13)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Acer Owner (S-1-5-21-256707101-2596442264-1035872815-1000 - Administrator - Enabled) => C:\Users\Acer Owner
Administrator (S-1-5-21-256707101-2596442264-1035872815-500 - Administrator - Disabled)
Guest (S-1-5-21-256707101-2596442264-1035872815-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Assist (HKLM-x32\...\Acer Assist) (Version:  - Acer Incorporated)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3002 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3003 - Acer Incorporated)
Acer GridVista (HKLM-x32\...\GridVista) (Version: 3.01.0730 - Acer Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.02.3004 - Acer Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.10 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{ACCA82EB-7088-919E-5E1C-100A24F11CCF}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.2.2262 - AVAST Software)
ccc-core-static (x32 Version: 2009.0729.2227.38498 - ATI) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Corel Paint Shop Pro Photo X2 (HKLM-x32\...\{64E72FB1-2343-4977-B4A8-262CD53D0BD3}) (Version: 12.001.0000 - Corel Corporation)
Corel WordPerfect Office - iFilter 64 Bit (HKLM\...\{1B45B85C-99E8-4523-8FB3-0248B3DECFC8}) (Version: 1.01.000 - Corel Corporation)
CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - Acro Software Inc.)
CyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.2815m.50 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DirectXInstallService (x32 Version: 9.0.2 - Roxio) Hidden
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
EMCGadgets64 (Version: 1.1.501 - Sonic) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
Google Chrome (HKLM-x32\...\{01EF2457-B546-3A54-8F9A-065EA5221A9C}) (Version: 66.101.32869 - Google, Inc.)
Google Drive (HKLM-x32\...\{D7269C20-B3CE-4CD0-8E88-3D307D3BD41A}) (Version: 1.29.2074.1528 - Google, Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3001 - Acer Incorporated)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 46.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 en-US)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.2.5941 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyWinLocker (HKLM-x32\...\{68301905-2DEA-41CE-A4D4-E8B443B099BA}) (Version: 3.1.72.0 - Egis Technology Inc.)
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.627 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.627 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6619 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.12.6619 - NewTech Infosystems) Hidden
paint.net (HKLM\...\{DF3A46D9-67B3-44B2-9D01-25C8BA772C8A}) (Version: 4.0.6 - dotPDN LLC)
Paradox (HKLM-x32\...\_{B568643E-076D-48A2-B5C3-7F0144D668D8}) (Version:  - Corel Corporation)
Paradox (x32 Version: 11.4 - Corel Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.140.248 - Google, Inc.)
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.2.5024 - CyberLink Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5904 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30102 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.42 - Piriform)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Roxio Creator Premier (HKLM-x32\...\{469EF13B-4AD0-48D7-AF89-6B92278293E2}) (Version: 10.1 - Roxio)
SafeZone Stable 1.48.2066.101 (x32 Version: 1.48.2066.101 - Avast Software) Hidden
Skype™ 7.23 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.23.105 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.2.0 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.00.3005 - Acer Incorporated)
Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4A-11D3-ADA3-00C04F52DD53}) (Version: 2.05.00.0000 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}) (Version: 14.0.8064.206 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-256707101-2596442264-1035872815-1000_Classes\CLSID\{0C3BA0B1-BC14-4B55-98DC-F1E913C1DA10}\InprocServer32 -> C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\ActiveX64.ocx (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-256707101-2596442264-1035872815-1000_Classes\CLSID\{6FFA7438-3E00-4176-9717-B3BBE2E704AB}\InprocServer32 -> C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\ActiveX64.ocx (TODO: <Company name>)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {003803FB-952D-4488-9EDD-D7AB6203CB15} - System32\Tasks\{A0317D07-F00C-4A9E-B226-EA883032474A} => pcalua.exe -a "C:\Users\Acer Owner\Desktop\jre-8u91-windows-i586-iftw.exe" -d "C:\Users\Acer Owner\Desktop"
Task: {267BD7A8-BFC0-41F8-A059-77B47D4E95DB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-13] (Adobe Systems Incorporated)
Task: {5D118F01-C8FB-49A4-9259-5FE50AFBCFA4} - System32\Tasks\Acer\Acer Assist\New Message Check - Acer Owner => C:\Program Files (x86)\Acer\Acer Assist\AcerAssist.exe [2007-11-19] (Acer Incorporated)
Task: {5D4A3ED6-C92C-4DE1-9EF7-484ECCA8DE3F} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2009-07-09] (Acer)
Task: {71A834CF-3F8F-4626-A70B-69FDE3010F14} - System32\Tasks\Acer Registration Data Sending => C:\Program Files (x86)\Acer\Registration\GREG.exe [2009-07-31] (Acer Incorporated)
Task: {7E98DD19-668D-47CA-9673-E6152B2F12CD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-05] (Google Inc.)
Task: {87111CE7-0280-4567-BC24-A28BD81178D3} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-04-22] (AVAST Software)
Task: {C741529C-6A63-4038-B98A-99B38339B7F2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {D18CAA4C-A361-48AC-AF73-BCCFE84E5057} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-05] (Google Inc.)
Task: {F345BD9C-83BF-4D68-A429-50E0C54BE130} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-05-11] (AVAST Software)
Task: {FB51EED6-51F1-4680-95AB-BC67EA980558} - System32\Tasks\SafeZone scheduled Autoupdate 1461364672 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Acer Registration Data Sending.job => C:\Program Files (x86)\Acer\Registration\GREG.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-05 13:35 - 2013-10-23 15:24 - 00087600 _____ () C:\Windows\System32\cpwmon64.dll
2007-06-05 13:20 - 2007-06-05 13:20 - 00177704 _____ () C:\Windows\SysWOW64\PSIService.exe
2009-07-07 17:09 - 2009-07-07 17:09 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2015-03-25 14:59 - 2015-03-25 14:59 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2016-05-11 10:08 - 2016-05-11 10:08 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-05-11 10:08 - 2016-05-11 10:08 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-05-15 17:12 - 2016-05-15 17:12 - 02906624 _____ () C:\Program Files\AVAST Software\Avast\defs\16051502\algo.dll
2016-05-11 10:08 - 2016-05-11 10:08 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
2016-05-11 10:08 - 2016-05-11 10:08 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-05-15 21:09 - 2016-05-15 21:09 - 00098816 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI28922\win32api.pyd
2016-05-15 21:09 - 2016-05-15 21:09 - 00110080 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI28922\pywintypes27.dll
2016-05-15 21:09 - 2016-05-15 21:09 - 00364544 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI28922\pythoncom27.dll
2016-05-15 21:09 - 2016-05-15 21:09 - 00320512 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI28922\win32com.shell.shell.pyd
2016-05-15 21:09 - 2016-05-15 21:09 - 00776704 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI28922\_hashlib.pyd
2016-05-15 21:09 - 2016-05-15 21:09 - 01176576 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI28922\wx._core_.pyd
2016-05-15 21:09 - 2016-05-15 21:09 - 00806400 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI28922\wx._gdi_.pyd
2016-05-15 21:09 - 2016-05-15 21:09 - 00816128 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI28922\wx._windows_.pyd
2016-05-15 21:09 - 2016-05-15 21:09 - 01067008 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI28922\wx._controls_.pyd
2016-05-15 21:09 - 2016-05-15 21:09 - 00733184 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI28922\wx._misc_.pyd
2016-05-15 21:09 - 2016-05-15 21:09 - 00682496 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI28922\pysqlite2._sqlite.pyd
2016-05-15 21:09 - 2016-05-15 21:09 - 00088064 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI28922\_ctypes.pyd
2016-05-15 21:09 - 2016-05-15 21:09 - 00119808 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI28922\win32file.pyd
2016-05-15 21:09 - 2016-05-15 21:09 - 00108544 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI28922\win32security.pyd
2016-05-15 21:09 - 2016-05-15 21:09 - 00007168 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI28922\hashobjs_ext.pyd
2016-05-15 21:09 - 2016-05-15 21:09 - 00017920 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI28922\thumbnails_ext.pyd
2016-05-15 21:09 - 2016-05-15 21:09 - 00088064 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI28922\usb_ext.pyd
2016-05-15 21:09 - 2016-05-15 21:09 - 00167936 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI28922\win32gui.pyd
2016-05-15 21:09 - 2016-05-15 21:09 - 00018432 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI28922\win32event.pyd
2016-05-15 21:09 - 2016-05-15 21:09 - 00046080 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI28922\_socket.pyd
2016-05-15 21:09 - 2016-05-15 21:09 - 01208320 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI28922\_ssl.pyd
2016-05-15 21:09 - 2016-05-15 21:09 - 00128512 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI28922\_elementtree.pyd
2016-05-15 21:09 - 2016-05-15 21:09 - 00127488 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI28922\pyexpat.pyd
2016-05-15 21:09 - 2016-05-15 21:09 - 00012288 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI28922\common.time34.pyd
2016-05-15 21:09 - 2016-05-15 21:09 - 00038912 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI28922\win32inet.pyd
2016-05-15 21:09 - 2016-05-15 21:09 - 00036864 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI28922\_psutil_windows.pyd
2016-05-15 21:09 - 2016-05-15 21:09 - 00525208 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI28922\windows._lib_cacheinvalidation.pyd
2016-05-15 21:09 - 2016-05-15 21:09 - 00011264 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI28922\win32crypt.pyd
2016-05-15 21:09 - 2016-05-15 21:09 - 00077312 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI28922\wx._html2.pyd
2016-05-15 21:09 - 2016-05-15 21:09 - 00027136 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI28922\_multiprocessing.pyd
2016-05-15 21:09 - 2016-05-15 21:09 - 00020480 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI28922\_yappi.pyd
2016-05-15 21:09 - 2016-05-15 21:09 - 00035840 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI28922\win32process.pyd
2016-05-15 21:09 - 2016-05-15 21:09 - 00686080 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI28922\unicodedata.pyd
2016-05-15 21:09 - 2016-05-15 21:09 - 00078848 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI28922\wx._animate.pyd
2016-05-15 21:09 - 2016-05-15 21:09 - 00123392 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI28922\wx._wizard.pyd
2016-05-15 21:09 - 2016-05-15 21:09 - 00024064 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI28922\win32pipe.pyd
2016-05-15 21:09 - 2016-05-15 21:09 - 00010240 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI28922\select.pyd
2016-05-15 21:09 - 2016-05-15 21:09 - 00025600 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI28922\win32pdh.pyd
2016-05-15 21:09 - 2016-05-15 21:09 - 00017408 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI28922\win32profile.pyd
2016-05-15 21:09 - 2016-05-15 21:09 - 00022528 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI28922\win32ts.pyd
2016-04-22 18:33 - 2016-04-22 18:33 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKLM\...\.scr: CryptoPreventSCR => "C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.CryptoPreventEXEC" "%1" /S %* <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2016-01-07 10:29 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-256707101-2596442264-1035872815-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Acer Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{77EA6C8F-5739-48FF-B14B-58F7E0DF9DCA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C2CC16AD-4EA2-4862-849C-5F968A6D4631}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B46768F3-DB4E-45FF-9013-098BE94FBFA3}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{E2D3D435-0A25-47F5-BCB3-2AEC9EBA0C67}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

11-05-2016 11:56:17 ASU_MSI_TRAN
12-05-2016 20:43:20 Restore Point Created by FRST
13-05-2016 08:15:18 JRT Pre-Junkware Removal
13-05-2016 20:21:31 JRT Pre-Junkware Removal
14-05-2016 18:59:17 Restore Point Created by FRST
15-05-2016 12:53:16 Windows Update
15-05-2016 17:21:42 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/15/2016 05:27:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.19135, time stamp: 0x56a1bbe2
Faulting module name: wucltux.dll, version: 7.6.7601.19161, time stamp: 0x56be29ef
Exception code: 0xc0000005
Fault offset: 0x000000000007abc4
Faulting process id: 0x5ac
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (05/14/2016 06:57:45 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {6d88f9d5-b5fb-41b8-98f4-dfb1ba695ca7}

Error: (05/13/2016 07:31:58 AM) (Source: ESENT) (EventID: 439) (User: )
Description: Windows (3960) Windows: Unable to write a shadowed header for file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk. Error -1032.

Error: (05/13/2016 07:31:58 AM) (Source: ESENT) (EventID: 490) (User: )
Description: Windows (3960) Windows: An attempt to open the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (05/12/2016 08:43:09 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {11dcc20f-05a9-48e7-988c-1f9543a6be8e}

Error: (05/12/2016 09:17:28 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 9.5.2016.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 13ac

Start Time: 01d1abe732f541bc

Termination Time: 74

Application Path: C:\Users\Acer Owner\Desktop\FRST64.exe

Report Id:

Error: (05/11/2016 10:33:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Mcafee.TrueKey.InstallerService.exe, version: 3.9.142.0, time stamp: 0x5702e1f0
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x002c7366
Faulting process id: 0x51c
Faulting application start time: 0xMcafee.TrueKey.InstallerService.exe0
Faulting application path: Mcafee.TrueKey.InstallerService.exe1
Faulting module path: Mcafee.TrueKey.InstallerService.exe2
Report Id: Mcafee.TrueKey.InstallerService.exe3

Error: (05/11/2016 10:33:34 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Mcafee.TrueKey.InstallerService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
   at Mcafee.TrueKey.InstallerService.InstallerSvc.OnStop()
   at System.ServiceProcess.ServiceBase.DeferredStop()
   at Mcafee.TrueKey.InstallerService.InstallerSvc.RemoveTrueKeyInstaller()
   at Mcafee.TrueKey.InstallerService.InstallerSvc.AutoResetMethod()
   at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart()

Error: (05/11/2016 10:33:31 AM) (Source: InstallerService) (EventID: 0) (User: )
Description: Failed to stop service. System.NullReferenceException: Object reference not set to an instance of an object.
   at Mcafee.TrueKey.InstallerService.InstallerSvc.OnStop()
   at System.ServiceProcess.ServiceBase.DeferredStop()

Error: (05/11/2016 10:04:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 45.0.2.5941, time stamp: 0x57071d64
Faulting module name: mozglue.dll, version: 45.0.2.5941, time stamp: 0x57070ebc
Exception code: 0x80000003
Fault offset: 0x0000ec22
Faulting process id: 0x13a0
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3


System errors:
=============
Error: (05/15/2016 09:08:43 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (05/15/2016 09:08:43 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (05/15/2016 09:08:54 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:43:45 PM on ‎5/‎15/‎2016 was unexpected.

Error: (05/15/2016 05:35:55 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (05/15/2016 05:35:55 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (05/15/2016 05:36:07 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:35:00 PM on ‎5/‎15/‎2016 was unexpected.

Error: (05/15/2016 05:12:09 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service.

Error: (05/15/2016 05:10:46 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.

Error: (05/15/2016 05:06:42 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (05/15/2016 05:05:40 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active


==================== Memory info ===========================

Processor: AMD Athlon™ Processor TF-20
Percentage of memory in use: 58%
Total physical RAM: 3836.05 MB
Available physical RAM: 1584.93 MB
Total Virtual: 7670.29 MB
Available Virtual: 5608.36 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:136.95 GB) (Free:39.71 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: A79E6F45)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=102 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=136.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


  • 0

#27
John Aukerman
Posted 16 May 2016 - 09:08 AM

John Aukerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 284 posts

Computer is running at normal speed. And startup has returned to normal operation.


  • 0

#28
John Aukerman
Posted 17 May 2016 - 07:19 PM

John Aukerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 284 posts
Thanks for your help. This was so similar to the problem I had last month. Can you tell what was wrong -- and what I can do to prevent it from returning?
  • 0

#29
zep516
Posted 17 May 2016 - 09:12 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Let me get back to you. The cable company was here today at the house and now nothing is working.
  • 0

#30
John Aukerman
Posted 22 May 2016 - 04:58 AM

John Aukerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 284 posts

I understand that. I hope your internet is OK by now.

 

Lat month, when this happened, my support guy just kind of vanished before my computer was secure. And maybe that's why the infection returned? So I hope you can walk me through the final steps to protect this machine from further infections.

 

Thanks for all you've done so far.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP