Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

givemegreenbottle.icu [Solved]

Started by Lovltn848 , Jul 24 2019 08:59 PM

  • This topic is locked This topic is locked

#1
Lovltn848
Posted 24 July 2019 - 08:59 PM

Lovltn848

    Member

  • Member
  • PipPipPip
  • 237 posts

I was using Google trying to find some specific information about rabbits and I clicked a bad link. Ever since then I've been getting weird popups and they're running in the background. I'm getting notifications about Mcafee expiring (I've never used Mcafee) and that I've gotten a huge amount of money deposited into my Paypal. Obviously neither of these are true and I'm not going to click on them. Malware Bytes didn't pick up on anything.

 

Here are my Farbar logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-07-2019 01
Ran by Lauren (administrator) on LAURENSPC (SAMSUNG ELECTRONICS CO., LTD. 350V5C/350V5X/350V4C/350V4X/351V5C/351V5X/351V4C/351V4X/3540VC/3540VX/3440VC/3440VX) (24-07-2019 20:43:47)
Running from C:\Users\Lauren\Downloads
Loaded Profiles: Lauren (Available Profiles: Lauren)
Platform: Windows 10 Home Version 1803 17134.885 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() [File not signed] C:\Program Files (x86)\TidyNetwork.com\tidy2start.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.48.51.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19051.16210.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Canon Inc. -> ) C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(CyberLink -> CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe
(Google Inc -> Google LLC) C:\Users\Lauren\AppData\Local\Google\Update\1.3.34.11\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Users\Lauren\AppData\Local\Google\Update\1.3.34.11\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(IDSA Production signing key -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
(IDSA Production signing key -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe
(IDSA Production signing key -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
(Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel® Software Development Products -> ) C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
(IObit Information Technology -> IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(IObit Information Technology -> IObit) C:\Program Files (x86)\IObit\Smart Defrag\Pub\PubMonitor.exe.temp
(IObit Information Technology -> IObit) C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.48.51.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.48.51.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Samsung Electronics CO., LTD. -> Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [262024 2019-05-27] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-05-07] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-08] (Intel Corporation) [File not signed]
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink -> CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink -> CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel® Services Manager -> Intel Corporation)
HKLM-x32\...\Run: [Adobe Photo Downloader] => C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\apdproxy.exe [57344 2005-09-09] (Adobe Systems Incorporated) [File not signed]
HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [235624 2015-01-09] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1313408 2017-07-05] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle America, Inc. -> Oracle Corporation)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2491742788-3381537054-3154308567-1001\...\Run: [Google Update] => C:\Users\Lauren\AppData\Local\Google\Update\1.3.34.11\GoogleUpdateCore.exe [410920 2019-05-15] (Google Inc -> Google LLC)
HKU\S-1-5-21-2491742788-3381537054-3154308567-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [23153344 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2491742788-3381537054-3154308567-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [36864 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Drivers32: [VIDC.ZMBV] => C:\Windows\SysWOW64\zmbv.dll [94208 2010-04-09] () [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.142\Installer\chrmstp.exe [2019-07-16] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\WINDOWS\system32\AthCredentialProvider.dll [2012-09-13] (Qualcomm Atheros -> Qualcomm Atheros Commnucations) [File not signed]
HKLM\Software\...\Authentication\Credential Provider Filters: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\WINDOWS\system32\AthCredentialProvider.dll [2012-09-13] (Qualcomm Atheros -> Qualcomm Atheros Commnucations) [File not signed]
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {076348D8-9024-4FB2-9FD4-1EECB94B8DCA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {07F73643-9EA7-4A2A-9981-1B7866410F8A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
Task: {094CD275-5C71-4753-B57E-5566CA859498} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {0E09959D-370B-425D-9E4A-1C7AA384CF00} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3995256 2016-02-01] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {0E43D573-5F78-4F70-90C2-BA8977069BDC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {0F6DBBD1-1FA5-490B-A482-1F43FCC689E6} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {15510FD3-7F88-4064-8E10-8628FC0E974D} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2154064 2019-07-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {16B03F99-9ECE-44B0-931E-F58CC15CFEE0} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {1F108A72-A5A8-4A80-B0CB-237C9E661F50} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe [5849872 2019-07-05] (IObit Information Technology -> IObit)
Task: {20D6E3C8-F71B-417F-B0A8-540656F713DC} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: {26DB9718-D0BA-406C-B0DB-5B0930592312} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6059664 2019-07-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {2FEB7C74-A9CC-4EEA-94A1-5408785B5896} - System32\Tasks\Open URL by RoboForm => C:\windows\system32\rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/uninstall.html?aaa=KICMOJGMNMHMGMJJPMJMCNPMIMNMNMCNLMNMJJOMCNGMMMJJLMCNOMIMLJKMMJJMMJKMIMNJKJMMJNJICMIMCNGMCNOMFMGMCNOMPMCNGMNMPMPMFMJMCNNMCNGMNMPMPMCNNMJNPICMPMFMFMPMJNHICMNJKIBJPMMMJNBJCMDLOJKINIKJBJJNKJCMJNNICMJNDJCMKJBJ"
Task: {348B62AC-B045-416F-9D52-053A5BBD8B8D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {349480A2-C63C-4A56-B332-EEEFE26F2769} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_223_Plugin.exe [1457208 2019-07-10] (Adobe Inc. -> Adobe)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3C1C812E-14EC-4E87-8EE5-93CAA13A8F5F} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {4444609E-9B25-4547-AD9D-7FD71A21E190} - System32\Tasks\Uninstaller_SkipUac_Lauren => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [5301520 2019-03-20] (IObit Information Technology -> IObit)
Task: {45F6825A-FB83-43EA-B363-11913B710278} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel® Software Asset Manager -> Intel Corporation)
Task: {4925625F-0FFE-4C31-ACF7-0818AF1D6654} - System32\Tasks\IObitSelfCheckTask => C:\Program Files (x86)\IObit\Smart Defrag\IObitSelfCheck.exe
Task: {5A3FB241-0B11-4EA5-BC66-0D9F1B406040} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM => {C8367320-6F85-11E0-A1F0-0800200C9A66} C:\WINDOWS\System32\BthTelemetry.dll [33280 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
Task: {5CF5B95C-C54B-4697-8C32-723C548D82B8} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [3007760 2019-04-24] (IObit Information Technology -> IObit)
Task: {646249BF-D2DD-400C-AB78-A2C49C52C684} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {69887541-E547-4B2E-BEA5-AD20C17542E0} - System32\Tasks\Samsung Update Configuration => C:\ProgramData\Samsung\SamsungUpdateConfiguration\ModifyServerRefresh.exe [3440800 2019-03-12] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
Task: {6A7774AE-D53D-4146-9015-39DE88677CD4} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {6E25C5E7-F8D6-43B7-9566-32381CDB8BD6} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe
Task: {74F8E0E2-6FD8-474C-BC06-2712B5370F05} - System32\Tasks\TidyNetwork Metro => C:\Program Files (x86)\TidyNetwork.com\tidy2start.exe [56320 2013-09-19] () [File not signed]
Task: {785DABBF-6B48-473F-975E-F6D7539582D6} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2281944 2019-06-04] (AVAST Software s.r.o. -> AVAST Software)
Task: {796EEE4B-387F-4AA1-A1F2-9FB62FDE79D3} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3940232 2019-07-23] (AVAST Software s.r.o. -> AVAST Software)
Task: {7D14737B-D103-4CC1-B310-D3F62CB7F849} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2491742788-3381537054-3154308567-1001Core => C:\Users\Lauren\AppData\Local\Google\Update\GoogleUpdate.exe [153752 2016-11-22] (Google Inc -> Google Inc.)
Task: {7D222E19-F9D1-47D8-8DA4-CB344743718C} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe
Task: {7DCBE193-E3ED-4188-B137-E37CAE40621C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2491742788-3381537054-3154308567-1001UA => C:\Users\Lauren\AppData\Local\Google\Update\GoogleUpdate.exe [153752 2016-11-22] (Google Inc -> Google Inc.)
Task: {7E50664C-0B5F-4E6C-978B-86BD722BA62E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {7FEF46EE-5AD6-48E6-8BC0-9938B0573D5D} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [136176 2019-07-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {805F915E-B917-4788-A243-BF241A41CFE2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16835256 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {80E4C15F-05B2-4D3A-BB23-ABF367DAFDBF} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {89DC30C8-E920-481F-952C-54420B7A9CEF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {8AB9C945-DEBE-4568-A8AC-530C06188433} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-07-10] (Adobe Inc. -> Adobe)
Task: {8B6759EE-1C08-4B8F-955C-774AB5A6544E} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {8F39BE62-F98B-4583-A96D-7F822A973DF5} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe
Task: {90684398-1137-41CA-9EB0-8171CBF89AA1} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {91662C14-A2E4-4849-A3D2-0F479B35531E} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2623096 2012-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics CO., LTD.)
Task: {970788F8-2038-4B5E-801D-D610AAB952F0} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {9C2AC059-0E66-487A-841E-5BDFC37ABE34} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {A5E6AFD0-FE2F-4890-9E1D-1A80F2ABDEF7} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel® Update Manager -> Intel Corporation)
Task: {A7CA392C-2127-4140-B0D3-9D964A70E8E7} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26045472 2019-06-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {ADF87FF6-32AC-4DA4-99F4-D20304B2A2A9} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {B4A0ECF7-78E3-4AA3-AEE1-16849FA39C9C} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [136176 2019-07-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {BE57068B-DB18-47FE-AAFB-7AEC004690F1} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1100920 2019-07-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {C883CA17-4FED-496C-A9C7-418E8B61D6D6} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel® Software Asset Manager -> Intel Corporation)
Task: {C8D2C31E-3823-4C7F-87AA-9C1A8A67549B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {C9DCF59E-6B97-4C0C-8641-B8261089C8CA} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {CA22282D-D6FA-4E71-BAD4-BFB58146A45C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {CB7D6380-C785-449F-A769-6EBA4F31A9CB} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {D2B9EF89-525F-4383-91AE-E40BB508CB90} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6059664 2019-07-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {DB21EF32-6BA9-4118-BBC1-BC4FF48961E5} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {DCCF1D78-0002-4884-B33C-98E8F50751FF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {DD6E9523-2D55-4876-A5B5-C3B857E9EE3A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {E17CE0E3-0EAE-451A-9B17-64C6B5F51E59} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel® Update Manager -> Intel Corporation)
Task: {E6186C7C-9ED9-453E-BE79-798EF4795FDD} - System32\Tasks\SUPatchForW10Up => C:\ProgramData\Samsung\SamsungUpdatePatch\SUPatchForW10Up.exe [3148800 2015-08-18] (Samsung Electronics CO., LTD.) [File not signed]
Task: {E8765D6A-C420-4218-BDA1-770873225757} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26045472 2019-06-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {EAB351BE-D448-463C-9C8C-3DB527C934DF} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {F40C5AFD-A25A-4073-B67F-79FCD5E2A4D9} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [876320 2016-07-05] (Samsung Electronics CO., LTD. -> SEC)
Task: {FE040846-FCB8-420F-9322-289A845E81BD} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {FEDB6062-F0D6-4E78-8311-2EB0891CEAD6} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2154064 2019-07-15] (Microsoft Corporation -> Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9e1949d0-2879-4c52-a5f5-c6f7aaa1d6ee}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-2491742788-3381537054-3154308567-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung13.msn.com/
HKU\S-1-5-21-2491742788-3381537054-3154308567-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com
SearchScopes: HKU\S-1-5-21-2491742788-3381537054-3154308567-1001 -> DefaultScope {3FA8BE7B-B212-4D8F-95A4-5FBE39E45BCF} URL = 
SearchScopes: HKU\S-1-5-21-2491742788-3381537054-3154308567-1001 -> {3FA8BE7B-B212-4D8F-95A4-5FBE39E45BCF} URL = 
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2018-07-19] (IObit Information Technology -> IObit)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2019-07-15] (Microsoft Corporation -> Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-09-13] (Qualcomm Atheros -> Qualcomm Atheros Commnucations) [File not signed]
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2019-07-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll [2018-11-28] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-11-28] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation) [File not signed]
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation) [File not signed]
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation) [File not signed]
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation) [File not signed]
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation) [File not signed]
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation) [File not signed]
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation) [File not signed]
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-07-15] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-07-15] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-07-15] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-07-15] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-07-15] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-07-15] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-07-15] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-07-15] (Microsoft Corporation -> Microsoft Corporation)
Handler: skype4com - No CLSID Value
 
FireFox:
========
FF DefaultProfile: sf9ii6xi.default-1437193012555
FF ProfilePath: C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\sf9ii6xi.default-1437193012555 [2019-07-24]
FF user.js: detected! => C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\sf9ii6xi.default-1437193012555\user.js [2019-02-12]
FF Homepage: Mozilla\Firefox\Profiles\sf9ii6xi.default-1437193012555 -> www.msn.com
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_223.dll [2019-07-10] (Adobe Inc. -> )
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-07-15] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_223.dll [2019-07-10] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1228198.dll [2017-02-27] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2017-10-17] (CANON INC.) [File not signed]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-11-28] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-11-28] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-07-15] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2019-07-15] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-27] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.5.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2491742788-3381537054-3154308567-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Lauren\AppData\Local\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin HKU\S-1-5-21-2491742788-3381537054-3154308567-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Lauren\AppData\Local\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://msn.com/
CHR StartupUrls: Default -> "hxxp://msn.com/","hxxp://www.facebook.com/","hxxp://www.npr.org/"
CHR Profile: C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default [2019-07-24]
CHR Extension: (Docs) - C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
CHR Extension: (Google Drive) - C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17]
CHR Extension: (YouTube) - C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-03]
CHR Extension: (Honey) - C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2019-07-12]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-04-19]
CHR Extension: (uBlock Origin) - C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2019-07-06]
CHR Extension: (Google Search) - C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-18]
CHR Extension: ( Colorful Galaxy) - C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default\Extensions\eaabbbedehhbogefnfdakijemlefkkeh [2017-07-21]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-06-07]
CHR Extension: (Google Docs Offline) - C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-21]
CHR Extension: (Avast Online Security) - C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-07-23]
CHR Extension: (Google Scholar Button) - C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldipcbpaocekfooobnbcddclnhejkcpn [2017-10-07]
CHR Extension: (Office Online) - C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndjpnladcallmjemlbaebfadecfhkepb [2019-07-06]
CHR Extension: (No Name) - C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2017-05-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Cite This For Me: Web Citer) - C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnnmhgkokpalnmbeighfomegjfkklkle [2017-03-02]
CHR Extension: (Gmail) - C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-29]
CHR Extension: (Chrome Media Router) - C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-07-07]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 AdobeActiveFileMonitor4.0; C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe [102400 2005-09-09] () [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2019-04-29] (Apple Inc. -> Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6844776 2019-05-28] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [409224 2019-05-27] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-05-27] (AVAST Software s.r.o. -> AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11153952 2019-06-27] (Microsoft Corporation -> Microsoft Corporation)
R2 DSAService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe [26984 2019-06-27] (IDSA Production signing key -> Intel)
R3 DSAUpdateService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe [72552 2019-06-27] (IDSA Production signing key -> Intel)
S4 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics CO., LTD.)
S3 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [937208 2018-12-19] (Intel® Software Development Products -> )
S4 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-08] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [316760 2019-05-14] (Intel® pGFX -> Intel Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [391744 2017-07-11] (Canon Inc. -> )
S4 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation -> Intel Corporation)
S3 Intel® SUR QC SAM; C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel® Software Asset Manager -> Intel Corporation)
S2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [153360 2018-09-25] (IObit Information Technology -> IObit)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel® Update Manager -> Intel Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
S3 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3000664 2015-01-06] (Samsung Electronics CO., LTD. -> Samsung Electronics CO., LTD.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [256120 2016-02-01] (Synaptics Incorporated -> Synaptics Incorporated)
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe [195832 2018-12-19] (Intel® Software Development Products -> )
S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [937208 2018-12-19] (Intel® Software Development Products -> )
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4413440 2019-03-14] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107160 2019-02-16] (Microsoft Corporation -> Microsoft Corporation)
S4 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-13] (Atheros) [File not signed]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [37320 2019-07-23] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [209256 2019-07-23] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [263224 2019-07-23] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [206056 2019-07-23] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [61688 2019-07-23] (AVAST Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15488 2019-01-08] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [279336 2019-07-23] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42504 2019-07-23] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [112520 2019-07-23] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [88160 2019-07-23] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1030992 2019-07-23] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [477288 2019-07-23] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [387392 2019-07-23] (AVAST Software s.r.o. -> AVAST Software)
R3 athr; C:\WINDOWS\System32\drivers\athw8x.sys [4233728 2018-04-11] (Microsoft Windows -> Qualcomm Atheros Communications, Inc.)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-24] (CyberLink -> CyberLink)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
R3 IUProcessFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUProcessFilter.sys [37184 2018-10-16] (IObit Information Technology -> IObit)
R3 IURegistryFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IURegistryFilter.sys [43392 2018-10-16] (IObit Information Technology -> IObit)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [199768 2019-07-24] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [224408 2019-07-24] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2019-07-24] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-07-24] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [116112 2019-07-24] (Malwarebytes Corporation -> Malwarebytes)
R3 RadioHIDMini; C:\WINDOWS\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Samsung Electronics CO., LTD. -> Windows ® Win 7 DDK provider)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2018-04-11] (Microsoft Windows -> Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Microsoft Windows Hardware Compatibility Publisher -> Realsil Semiconductor Corporation)
R0 SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [30744 2017-03-09] (IObit Information Technology -> IObit)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
R2 aswMonFlt; system32\drivers\aswMonFlt.sys [X]
R2 aswStm; system32\drivers\aswStm.sys [X]
S3 cpuz143; \??\C:\WINDOWS\temp\cpuz143\cpuz143_x64.sys [X]
S4 IUFileFilter; \??\C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUFileFilter.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-07-24 20:45 - 2019-07-24 20:45 - 000001528 _____ C:\Users\Lauren\Desktop\FRST64 - Shortcut.lnk
2019-07-24 20:43 - 2019-07-24 20:46 - 000048729 _____ C:\Users\Lauren\Downloads\FRST.txt
2019-07-24 20:43 - 2019-07-24 20:43 - 000000000 ____D C:\FRST
2019-07-24 20:42 - 2019-07-24 20:42 - 002095104 _____ (Farbar) C:\Users\Lauren\Downloads\FRST64.exe
2019-07-24 20:14 - 2019-07-24 20:14 - 000116112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-07-24 20:14 - 2019-07-24 20:14 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-07-24 20:13 - 2019-07-24 20:14 - 000224408 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-07-24 20:13 - 2019-07-24 20:14 - 000199768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-07-24 20:13 - 2019-07-24 20:13 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-07-24 20:13 - 2019-07-24 20:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-07-24 20:13 - 2019-06-26 13:00 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-07-24 20:13 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-07-23 23:42 - 2019-07-23 23:42 - 000225816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswacec97ffa337e523.tmp
2019-07-23 23:42 - 2019-07-23 23:42 - 000169112 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswed4d565b22e0b4df.tmp
2019-07-23 23:42 - 2019-07-23 23:41 - 000363400 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2019-07-23 22:07 - 2019-07-23 22:07 - 000000000 ____D C:\Users\Lauren\AppData\Local\mbam
2019-07-23 22:06 - 2019-07-23 22:06 - 000000000 ____D C:\Users\Lauren\AppData\Local\mbamtray
2019-07-23 22:03 - 2019-07-23 22:03 - 000000000 ____D C:\Program Files\Malwarebytes
2019-07-16 19:25 - 2019-07-16 19:25 - 020891464 _____ (Piriform Software Ltd) C:\Users\Lauren\Downloads\ccsetup560.exe
2019-07-12 19:33 - 2019-07-12 19:33 - 000770511 _____ C:\Users\Lauren\Downloads\Applebees Allergen Information 20181114.pdf
2019-07-10 18:58 - 2019-07-10 18:58 - 016008864 _____ (IObit ) C:\Users\Lauren\Downloads\smart-defragsetup.exe
2019-07-10 11:46 - 2019-07-03 22:56 - 007519896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-07-10 11:46 - 2019-07-03 22:42 - 006570368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-07-10 11:46 - 2019-07-03 22:37 - 025857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-07-10 11:45 - 2019-07-04 03:40 - 021390504 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-07-10 11:45 - 2019-07-04 03:40 - 001631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-07-10 11:45 - 2019-07-04 03:40 - 001616840 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-07-10 11:45 - 2019-07-04 03:40 - 000790416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-07-10 11:45 - 2019-07-04 03:21 - 008627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2019-07-10 11:45 - 2019-07-04 03:20 - 001609216 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2019-07-10 11:45 - 2019-07-04 03:18 - 003614208 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-07-10 11:45 - 2019-07-04 03:18 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-07-10 11:45 - 2019-07-04 02:56 - 001453416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-07-10 11:45 - 2019-07-04 02:51 - 020384128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-07-10 11:45 - 2019-07-04 02:41 - 007990784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2019-07-10 11:45 - 2019-07-04 02:37 - 002882048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-07-10 11:45 - 2019-07-04 02:36 - 001471488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-07-10 11:45 - 2019-07-03 23:00 - 001035040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-07-10 11:45 - 2019-07-03 22:58 - 001328440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2019-07-10 11:45 - 2019-07-03 22:58 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-07-10 11:45 - 2019-07-03 22:57 - 003292152 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-07-10 11:45 - 2019-07-03 22:57 - 001027384 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-07-10 11:45 - 2019-07-03 22:57 - 000986128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2019-07-10 11:45 - 2019-07-03 22:57 - 000776784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-07-10 11:45 - 2019-07-03 22:57 - 000723728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-07-10 11:45 - 2019-07-03 22:57 - 000708696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-07-10 11:45 - 2019-07-03 22:57 - 000362264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2019-07-10 11:45 - 2019-07-03 22:56 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-07-10 11:45 - 2019-07-03 22:56 - 007436536 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-07-10 11:45 - 2019-07-03 22:56 - 002810680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-07-10 11:45 - 2019-07-03 22:56 - 002571640 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-07-10 11:45 - 2019-07-03 22:56 - 001566520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2019-07-10 11:45 - 2019-07-03 22:56 - 001459120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-07-10 11:45 - 2019-07-03 22:56 - 001260776 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-07-10 11:45 - 2019-07-03 22:56 - 001141496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-07-10 11:45 - 2019-07-03 22:56 - 000983936 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-07-10 11:45 - 2019-07-03 22:56 - 000767536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2019-07-10 11:45 - 2019-07-03 22:56 - 000734952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-07-10 11:45 - 2019-07-03 22:56 - 000493752 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2019-07-10 11:45 - 2019-07-03 22:43 - 000832016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2019-07-10 11:45 - 2019-07-03 22:42 - 006044008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-07-10 11:45 - 2019-07-03 22:42 - 002479176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-07-10 11:45 - 2019-07-03 22:42 - 001980984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-07-10 11:45 - 2019-07-03 22:42 - 001427768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2019-07-10 11:45 - 2019-07-03 22:42 - 000356312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2019-07-10 11:45 - 2019-07-03 22:41 - 000559328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2019-07-10 11:45 - 2019-07-03 22:33 - 022017536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-07-10 11:45 - 2019-07-03 22:29 - 022717440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-07-10 11:45 - 2019-07-03 22:26 - 004385280 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-07-10 11:45 - 2019-07-03 22:25 - 019372544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-07-10 11:45 - 2019-07-03 22:25 - 007589888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-07-10 11:45 - 2019-07-03 22:25 - 004861440 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-07-10 11:45 - 2019-07-03 22:25 - 003401216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-07-10 11:45 - 2019-07-03 22:24 - 000567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-07-10 11:45 - 2019-07-03 22:23 - 001765888 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2019-07-10 11:45 - 2019-07-03 22:22 - 003707904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-07-10 11:45 - 2019-07-03 22:22 - 002587648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2019-07-10 11:45 - 2019-07-03 22:22 - 002176000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-07-10 11:45 - 2019-07-03 22:22 - 001561088 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-07-10 11:45 - 2019-07-03 22:22 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-07-10 11:45 - 2019-07-03 22:22 - 001175552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2019-07-10 11:45 - 2019-07-03 22:21 - 005784064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-07-10 11:45 - 2019-07-03 22:21 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-07-10 11:45 - 2019-07-03 22:21 - 003202560 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2019-07-10 11:45 - 2019-07-03 22:21 - 002166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-07-10 11:45 - 2019-07-03 22:21 - 001920000 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2019-07-10 11:45 - 2019-07-03 22:20 - 001156608 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-07-10 11:45 - 2019-07-03 22:20 - 000544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-07-10 11:45 - 2019-07-03 22:20 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-07-10 11:45 - 2019-07-03 22:19 - 000886272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-07-10 11:45 - 2019-07-03 22:18 - 002602496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2019-07-10 11:45 - 2019-07-03 22:18 - 000953344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2019-07-10 11:45 - 2019-07-03 22:17 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-07-10 11:45 - 2019-06-13 06:15 - 000324408 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-07-10 11:45 - 2019-06-13 06:12 - 002871848 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2019-07-10 11:45 - 2019-06-13 06:05 - 000810296 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2019-07-10 11:45 - 2019-06-13 06:04 - 001721144 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2019-07-10 11:45 - 2019-06-13 06:00 - 000464696 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2019-07-10 11:45 - 2019-06-13 05:59 - 000740664 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2019-07-10 11:45 - 2019-06-13 05:58 - 000637752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2019-07-10 11:45 - 2019-06-13 05:58 - 000071480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2019-07-10 11:45 - 2019-06-13 05:56 - 000164152 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2019-07-10 11:45 - 2019-06-13 05:43 - 001048480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2019-07-10 11:45 - 2019-06-13 05:42 - 004038688 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2019-07-10 11:45 - 2019-06-13 05:42 - 000566536 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe
2019-07-10 11:45 - 2019-06-13 05:36 - 000251000 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2019-07-10 11:45 - 2019-06-13 05:35 - 001376688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2019-07-10 11:45 - 2019-06-13 05:18 - 006586880 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2019-07-10 11:45 - 2019-06-13 05:18 - 004847104 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2019-07-10 11:45 - 2019-06-13 05:17 - 012756992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-07-10 11:45 - 2019-06-13 05:16 - 000767488 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcommdlg.dll
2019-07-10 11:45 - 2019-06-13 05:15 - 004718080 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-07-10 11:45 - 2019-06-13 05:14 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2019-07-10 11:45 - 2019-06-13 05:14 - 000900096 _____ (Microsoft Corporation) C:\WINDOWS\system32\slui.exe
2019-07-10 11:45 - 2019-06-13 05:14 - 000346624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2019-07-10 11:45 - 2019-06-13 05:13 - 002920448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2019-07-10 11:45 - 2019-06-13 05:13 - 001339392 _____ (Microsoft Corporation) C:\WINDOWS\system32\TaskFlowDataEngine.dll
2019-07-10 11:45 - 2019-06-13 05:13 - 000951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2019-07-10 11:45 - 2019-06-13 05:13 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2019-07-10 11:45 - 2019-06-13 04:07 - 001027008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2019-07-10 11:45 - 2019-06-13 04:05 - 003700160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2019-07-10 11:45 - 2019-06-13 03:55 - 005657088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2019-07-10 11:45 - 2019-06-13 03:54 - 011942912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-07-10 11:45 - 2019-06-13 03:50 - 000896512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2019-07-10 11:45 - 2019-06-13 03:49 - 002406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2019-07-10 11:45 - 2019-06-13 01:46 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedRealitySvc.dll
2019-07-10 11:45 - 2019-06-13 01:01 - 000513336 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2019-07-10 11:45 - 2019-06-13 01:01 - 000511288 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2019-07-10 11:45 - 2019-06-13 00:59 - 000785264 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll
2019-07-10 11:45 - 2019-06-13 00:47 - 005625160 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-07-10 11:45 - 2019-06-13 00:46 - 000510296 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2019-07-10 11:45 - 2019-06-13 00:46 - 000093984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-07-10 11:45 - 2019-06-13 00:45 - 002421560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-07-10 11:45 - 2019-06-13 00:44 - 002769688 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-07-10 11:45 - 2019-06-13 00:44 - 002546704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2019-07-10 11:45 - 2019-06-13 00:44 - 001098272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-07-10 11:45 - 2019-06-13 00:44 - 001033696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2019-07-10 11:45 - 2019-06-13 00:44 - 000607112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2019-07-10 11:45 - 2019-06-13 00:44 - 000545808 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-07-10 11:45 - 2019-06-13 00:16 - 001626112 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2019-07-10 11:45 - 2019-06-13 00:15 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-07-10 11:45 - 2019-06-13 00:14 - 003318784 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2019-07-10 11:45 - 2019-06-13 00:13 - 004771840 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2019-07-10 11:45 - 2019-06-13 00:13 - 002370048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-07-10 11:45 - 2019-06-13 00:12 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-07-10 11:45 - 2019-06-13 00:12 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-07-10 11:45 - 2019-06-13 00:12 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-07-10 11:45 - 2019-06-13 00:12 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-07-10 11:45 - 2019-06-13 00:12 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll
2019-07-10 11:45 - 2019-06-13 00:10 - 002912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-07-10 11:45 - 2019-06-13 00:10 - 001400832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-07-10 11:45 - 2019-06-13 00:10 - 001215488 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-07-10 11:45 - 2019-06-13 00:09 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2019-07-10 11:45 - 2019-06-13 00:09 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-07-10 11:45 - 2019-06-13 00:08 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-07-10 11:45 - 2019-06-12 23:14 - 000415544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2019-07-10 11:45 - 2019-06-12 23:07 - 000080744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2019-07-10 11:45 - 2019-06-12 23:06 - 002256768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-07-10 11:45 - 2019-06-12 23:06 - 001130776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-07-10 11:45 - 2019-06-12 22:47 - 003554304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2019-07-10 11:45 - 2019-06-12 22:47 - 002899456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2019-07-10 11:45 - 2019-06-12 22:46 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-07-10 11:45 - 2019-06-12 22:44 - 001003008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-07-10 11:45 - 2019-06-12 22:43 - 000681472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-07-10 11:44 - 2019-07-04 03:43 - 000094008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2019-07-10 11:44 - 2019-07-04 03:22 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2019-07-10 11:44 - 2019-07-04 03:22 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2019-07-10 11:44 - 2019-07-04 03:19 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2019-07-10 11:44 - 2019-07-04 02:54 - 000662352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-07-10 11:44 - 2019-07-03 22:58 - 000416312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2019-07-10 11:44 - 2019-07-03 22:58 - 000192824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2019-07-10 11:44 - 2019-07-03 22:57 - 000568104 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-07-10 11:44 - 2019-07-03 22:57 - 000209424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2019-07-10 11:44 - 2019-07-03 22:57 - 000194360 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2019-07-10 11:44 - 2019-07-03 22:57 - 000137656 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2019-07-10 11:44 - 2019-07-03 22:57 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-07-10 11:44 - 2019-07-03 22:57 - 000091776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys
2019-07-10 11:44 - 2019-07-03 22:56 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-07-10 11:44 - 2019-07-03 22:56 - 000604984 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2019-07-10 11:44 - 2019-07-03 22:56 - 000115512 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2019-07-10 11:44 - 2019-07-03 22:43 - 000665440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-07-10 11:44 - 2019-07-03 22:43 - 000328696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2019-07-10 11:44 - 2019-07-03 22:43 - 000287376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2019-07-10 11:44 - 2019-07-03 22:43 - 000191800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2019-07-10 11:44 - 2019-07-03 22:42 - 000573808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2019-07-10 11:44 - 2019-07-03 22:42 - 000097272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2019-07-10 11:44 - 2019-07-03 22:26 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2019-07-10 11:44 - 2019-07-03 22:26 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2019-07-10 11:44 - 2019-07-03 22:25 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2019-07-10 11:44 - 2019-07-03 22:25 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2019-07-10 11:44 - 2019-07-03 22:24 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys
2019-07-10 11:44 - 2019-07-03 22:24 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2019-07-10 11:44 - 2019-07-03 22:24 - 000153600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2019-07-10 11:44 - 2019-07-03 22:23 - 001217536 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2019-07-10 11:44 - 2019-07-03 22:23 - 000786432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2019-07-10 11:44 - 2019-07-03 22:22 - 000300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2019-07-10 11:44 - 2019-07-03 22:22 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2019-07-10 11:44 - 2019-07-03 22:22 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2019-07-10 11:44 - 2019-07-03 22:21 - 001220608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2019-07-10 11:44 - 2019-07-03 22:21 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2019-07-10 11:44 - 2019-07-03 22:21 - 000124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2019-07-10 11:44 - 2019-07-03 22:21 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2019-07-10 11:44 - 2019-07-03 22:20 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2019-07-10 11:44 - 2019-07-03 22:19 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2019-07-10 11:44 - 2019-07-03 22:18 - 001076224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2019-07-10 11:44 - 2019-07-03 22:18 - 000965632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2019-07-10 11:44 - 2019-07-03 22:18 - 000275968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2019-07-10 11:44 - 2019-07-03 21:01 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim
2019-07-10 11:44 - 2019-06-21 02:50 - 000280584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2019-07-10 11:44 - 2019-06-13 05:40 - 000540984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2019-07-10 11:44 - 2019-06-13 05:38 - 000766264 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2019-07-10 11:44 - 2019-06-13 05:37 - 000101192 _____ (Microsoft Corporation) C:\WINDOWS\system32\changepk.exe
2019-07-10 11:44 - 2019-06-13 05:36 - 000236520 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2019-07-10 11:44 - 2019-06-13 05:34 - 000146888 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingUI.exe
2019-07-10 11:44 - 2019-06-13 05:17 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmvdsitf.dll
2019-07-10 11:44 - 2019-06-13 05:17 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2019-07-10 11:44 - 2019-06-13 05:17 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2019-07-10 11:44 - 2019-06-13 05:17 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2019-07-10 11:44 - 2019-06-13 05:15 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpgradeResultsUI.exe
2019-07-10 11:44 - 2019-06-13 05:14 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\DesktopSwitcherDataModel.dll
2019-07-10 11:44 - 2019-06-13 05:13 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2019-07-10 11:44 - 2019-06-13 05:12 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2019-07-10 11:44 - 2019-06-13 05:10 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsbas.dll
2019-07-10 11:44 - 2019-06-13 04:07 - 000660496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2019-07-10 11:44 - 2019-06-13 04:07 - 000221232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll
2019-07-10 11:44 - 2019-06-13 03:54 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmvdsitf.dll
2019-07-10 11:44 - 2019-06-13 03:53 - 000089600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2019-07-10 11:44 - 2019-06-13 03:51 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2019-07-10 11:44 - 2019-06-13 03:49 - 000371200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2019-07-10 11:44 - 2019-06-13 01:48 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2019-07-10 11:44 - 2019-06-13 01:01 - 000036152 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2019-07-10 11:44 - 2019-06-13 00:47 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-07-10 11:44 - 2019-06-13 00:46 - 001076536 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2019-07-10 11:44 - 2019-06-13 00:44 - 000130624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2019-07-10 11:44 - 2019-06-13 00:17 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2019-07-10 11:44 - 2019-06-13 00:16 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2019-07-10 11:44 - 2019-06-13 00:15 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2019-07-10 11:44 - 2019-06-13 00:15 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2019-07-10 11:44 - 2019-06-13 00:15 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2019-07-10 11:44 - 2019-06-13 00:15 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\KdsCli.dll
2019-07-10 11:44 - 2019-06-13 00:14 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2019-07-10 11:44 - 2019-06-13 00:14 - 000361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2019-07-10 11:44 - 2019-06-13 00:14 - 000302080 _____ (Microsoft Corporation) C:\WINDOWS\system32\CXHProvisioningServer.dll
2019-07-10 11:44 - 2019-06-13 00:13 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2019-07-10 11:44 - 2019-06-13 00:13 - 000322560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-07-10 11:44 - 2019-06-13 00:13 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2019-07-10 11:44 - 2019-06-13 00:12 - 000501248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2019-07-10 11:44 - 2019-06-13 00:11 - 000508416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2019-07-10 11:44 - 2019-06-13 00:11 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2019-07-10 11:44 - 2019-06-13 00:11 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2019-07-10 11:44 - 2019-06-13 00:10 - 000871424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2019-07-10 11:44 - 2019-06-13 00:10 - 000869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2019-07-10 11:44 - 2019-06-13 00:10 - 000849408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2019-07-10 11:44 - 2019-06-13 00:10 - 000523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2019-07-10 11:44 - 2019-06-13 00:09 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2019-07-10 11:44 - 2019-06-12 23:08 - 000443632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2019-07-10 11:44 - 2019-06-12 23:07 - 000101192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2019-07-10 11:44 - 2019-06-12 23:06 - 000581600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-07-10 11:44 - 2019-06-12 22:49 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enrollmentapi.dll
2019-07-10 11:44 - 2019-06-12 22:47 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2019-07-10 11:44 - 2019-06-12 22:46 - 000331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-07-10 11:44 - 2019-06-12 22:46 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2019-07-10 11:44 - 2019-06-12 22:45 - 000602112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2019-07-10 11:44 - 2019-06-12 22:45 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-07-10 11:44 - 2019-06-12 22:44 - 000648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2019-07-10 11:44 - 2019-06-12 22:44 - 000630784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
2019-07-10 11:44 - 2019-06-12 22:44 - 000582144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2019-07-10 11:44 - 2019-06-12 22:44 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-07-10 11:44 - 2019-06-12 22:43 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2019-07-10 11:44 - 2019-06-12 22:43 - 000445952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2019-07-04 06:56 - 2019-07-04 06:56 - 000944581 _____ C:\Users\Lauren\Downloads\8313200120278669_2019_06_17_1.pdf
2019-06-26 06:27 - 2019-06-26 06:27 - 020650160 _____ (Piriform Software Ltd) C:\Users\Lauren\Downloads\ccsetup559.exe
 
==================== One month (modified) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-07-24 20:45 - 2013-09-19 19:09 - 000000000 ____D C:\Users\Lauren\Desktop\Computer Maintenance
2019-07-24 20:30 - 2018-04-11 17:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-07-24 20:14 - 2013-09-19 18:35 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-07-24 20:13 - 2018-04-11 17:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-07-24 20:06 - 2018-07-13 17:38 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-07-24 18:14 - 2018-07-13 18:21 - 000004158 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{17E2FEF5-2C7F-4E6A-8B5A-57757D3D06A8}
2019-07-24 16:29 - 2016-11-22 22:31 - 000002596 _____ C:\Users\Lauren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome Canary.lnk
2019-07-24 05:32 - 2013-09-18 13:57 - 000000000 ___HD C:\Users\Lauren\AppData\Local\CrashDumps
2019-07-24 00:13 - 2013-09-18 23:19 - 000000000 ___RD C:\Users\Lauren\Desktop\Unused Icons
2019-07-24 00:00 - 2014-08-27 07:10 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinRAR.lnk
2019-07-24 00:00 - 2014-08-27 07:10 - 000000000 ____D C:\Users\Lauren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-07-24 00:00 - 2014-08-27 07:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-07-24 00:00 - 2014-08-27 07:09 - 000000000 ____D C:\Program Files\WinRAR
2019-07-24 00:00 - 2014-01-29 20:02 - 000001143 _____ C:\Users\Public\Desktop\VLC media player.lnk
2019-07-23 23:44 - 2018-07-13 18:21 - 000003990 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2019-07-23 23:42 - 2019-02-25 22:48 - 000279336 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2019-07-23 23:42 - 2018-10-28 22:06 - 000042504 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2019-07-23 23:42 - 2018-07-13 12:33 - 000477288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2019-07-23 23:42 - 2018-07-13 12:33 - 000387392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2019-07-23 23:42 - 2018-07-13 12:33 - 000112520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2019-07-23 23:42 - 2018-07-13 12:33 - 000088160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2019-07-23 23:41 - 2019-01-14 11:00 - 000263224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2019-07-23 23:41 - 2019-01-08 12:06 - 000206056 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2019-07-23 23:41 - 2019-01-08 12:06 - 000061688 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2019-07-23 23:41 - 2019-01-08 12:06 - 000037320 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2019-07-23 23:41 - 2018-07-13 12:33 - 001030992 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2019-07-23 23:41 - 2018-07-13 12:33 - 000209256 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2019-07-23 23:01 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-07-23 22:57 - 2012-09-18 05:38 - 000000000 ____D C:\ProgramData\WinClon
2019-07-23 22:48 - 2014-09-28 00:17 - 000000000 __SHD C:\Users\Lauren\IntelGraphicsProfiles
2019-07-23 22:42 - 2018-07-13 18:21 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-07-23 22:41 - 2018-04-11 15:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-07-23 22:08 - 2016-02-29 19:34 - 000000000 ____D C:\ProgramData\ProductData
2019-07-20 16:51 - 2018-04-11 17:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-07-19 23:42 - 2017-12-07 09:39 - 000000000 ____D C:\Users\Lauren\AppData\Local\Packages
2019-07-19 19:36 - 2019-05-29 18:30 - 000002970 _____ C:\WINDOWS\System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132
2019-07-19 19:36 - 2019-05-29 18:30 - 000002604 _____ C:\WINDOWS\System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon
2019-07-19 19:36 - 2019-03-13 14:32 - 000002796 _____ C:\WINDOWS\System32\Tasks\Samsung Update Configuration
2019-07-19 19:36 - 2018-09-06 06:52 - 000002988 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-07-19 19:36 - 2018-07-13 18:21 - 000003752 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-07-19 19:36 - 2018-07-13 18:21 - 000003526 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2491742788-3381537054-3154308567-1001UA
2019-07-19 19:36 - 2018-07-13 18:21 - 000003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2019-07-19 19:36 - 2018-07-13 18:21 - 000003450 _____ C:\WINDOWS\System32\Tasks\Open URL by RoboForm
2019-07-19 19:36 - 2018-07-13 18:21 - 000003346 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-07-19 19:36 - 2018-07-13 18:21 - 000003322 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2019-07-19 19:36 - 2018-07-13 18:21 - 000003258 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2491742788-3381537054-3154308567-1001Core
2019-07-19 19:36 - 2018-07-13 18:21 - 000003122 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-07-19 19:36 - 2018-07-13 18:21 - 000003042 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2019-07-19 19:36 - 2018-07-13 18:21 - 000002966 _____ C:\WINDOWS\System32\Tasks\Run RoboForm TaskBar Icon
2019-07-19 19:36 - 2018-07-13 18:21 - 000002862 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2491742788-3381537054-3154308567-1001
2019-07-19 19:36 - 2018-07-13 18:21 - 000002776 _____ C:\WINDOWS\System32\Tasks\Settings
2019-07-19 19:36 - 2018-07-13 18:21 - 000002680 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon
2019-07-19 19:36 - 2018-07-13 18:21 - 000002644 _____ C:\WINDOWS\System32\Tasks\Apple Diagnostics
2019-07-19 19:36 - 2018-07-13 18:21 - 000002626 _____ C:\WINDOWS\System32\Tasks\WLANStartup
2019-07-19 19:36 - 2018-07-13 18:21 - 000002462 _____ C:\WINDOWS\System32\Tasks\advRecovery
2019-07-19 19:36 - 2018-07-13 18:21 - 000002452 _____ C:\WINDOWS\System32\Tasks\SmartDefrag_Startup
2019-07-19 19:36 - 2018-07-13 18:21 - 000002452 _____ C:\WINDOWS\System32\Tasks\IObitSelfCheckTask
2019-07-19 19:36 - 2018-07-13 18:21 - 000002448 _____ C:\WINDOWS\System32\Tasks\SmartDefrag_Update
2019-07-19 19:36 - 2018-07-13 18:21 - 000002406 _____ C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_Lauren
2019-07-19 19:36 - 2018-07-13 18:21 - 000002380 _____ C:\WINDOWS\System32\Tasks\SAgent
2019-07-19 19:36 - 2018-07-13 18:21 - 000002280 _____ C:\WINDOWS\System32\Tasks\RTKCPL
2019-07-19 19:36 - 2018-07-13 18:21 - 000002270 _____ C:\WINDOWS\System32\Tasks\TidyNetwork Metro
2019-07-19 19:36 - 2018-07-13 18:21 - 000002268 _____ C:\WINDOWS\System32\Tasks\SUPatchForW10Up
2019-07-19 19:36 - 2018-07-13 18:21 - 000002254 _____ C:\WINDOWS\System32\Tasks\Synaptics TouchPad Enhancements
2019-07-19 19:36 - 2018-07-13 18:21 - 000002220 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2019-07-19 19:36 - 2018-07-13 18:21 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2019-07-19 15:47 - 2018-04-11 17:36 - 000000000 ____D C:\WINDOWS\INF
2019-07-18 00:22 - 2019-04-30 23:42 - 000013615 _____ C:\Users\Lauren\Desktop\Checkbook.xlsx
2019-07-16 19:35 - 2014-06-20 00:08 - 000000000 ____D C:\Users\Lauren\Desktop\Funny pictures
2019-07-16 17:28 - 2014-05-28 19:22 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-07-15 22:54 - 2018-04-11 17:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-07-15 22:51 - 2019-04-30 22:56 - 000000000 ____D C:\Program Files\Microsoft Office
2019-07-11 01:23 - 2018-07-13 17:46 - 000002409 _____ C:\Users\Lauren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-07-11 01:23 - 2013-11-02 08:25 - 000000000 __RDO C:\Users\Lauren\SkyDrive
2019-07-10 18:59 - 2017-01-21 21:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag
2019-07-10 17:51 - 2018-07-13 18:04 - 000838624 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-07-10 17:47 - 2015-09-16 13:37 - 000000000 ___RD C:\Users\Lauren\3D Objects
2019-07-10 17:47 - 2013-03-27 19:04 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-07-10 17:43 - 2018-07-13 17:38 - 003100104 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-07-10 17:39 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-07-10 17:39 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2019-07-10 17:38 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2019-07-10 17:38 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-07-10 17:38 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2019-07-10 17:38 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\ShellComponents
2019-07-10 17:38 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\Provisioning
2019-07-10 17:38 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-07-10 17:38 - 2018-04-11 15:04 - 000000000 ____D C:\WINDOWS\system32\Dism
2019-07-10 17:15 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-07-10 17:15 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-07-10 11:57 - 2018-04-11 17:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-07-10 11:44 - 2013-09-18 23:31 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-07-10 11:39 - 2013-09-18 23:31 - 136618864 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-06-28 07:16 - 2018-07-11 05:52 - 000000000 ____D C:\ProgramData\Packages
2019-06-28 05:29 - 2019-05-29 18:31 - 000002738 _____ C:\WINDOWS\System32\Tasks\USER_ESRV_SVC_QUEENCREEK
2019-06-28 05:26 - 2016-02-18 23:26 - 000000000 ____D C:\ProgramData\Package Cache
2019-06-28 05:26 - 2013-11-02 07:46 - 000000000 ____D C:\Program Files (x86)\Intel
2019-06-28 05:26 - 2012-09-18 05:27 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
 
==================== Files in the root of some directories ================
 
2013-09-19 16:14 - 2013-09-19 16:14 - 000000844 ____H () C:\Users\Lauren\AppData\Local\recently-used.xbel
 
==================== SigCheck ===============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-07-2019 01
Ran by Lauren (24-07-2019 20:47:49)
Running from C:\Users\Lauren\Downloads
Windows 10 Home Version 1803 17134.885 (X64) (2018-07-14 00:23:13)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2491742788-3381537054-3154308567-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2491742788-3381537054-3154308567-503 - Limited - Disabled)
Guest (S-1-5-21-2491742788-3381537054-3154308567-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2491742788-3381537054-3154308567-1015 - Limited - Enabled)
Lauren (S-1-5-21-2491742788-3381537054-3154308567-1001 - Administrator - Enabled) => C:\Users\Lauren
WDAGUtilityAccount (S-1-5-21-2491742788-3381537054-3154308567-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 25.0.0.134 - Adobe Systems Incorporated)
Adobe Anchor Service x64 CS4 (HKLM\...\{887797BF-37A5-4199-B0C9-0D38D6196E9A}) (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps x64 CS4 (HKLM\...\{90BA8112-80B3-4617-A3C1-BD2771B60F74}) (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 x64 (HKLM\...\{8DAA31EB-6830-4006-A99F-4DF8AB24714F}) (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 x64 (HKLM\...\{A3454894-144A-4D80-B605-C128FE0D7329}) (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.223 - Adobe)
Adobe Fonts All x64 (HKLM\...\{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}) (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 x64 (HKLM\...\{8875A1C0-6308-4790-8CF6-D34E89880052}) (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe PDF Library Files x64 CS4 (HKLM\...\{DFFABE78-8173-4E97-9C5C-22FB26192FC5}) (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (64 Bit) (HKLM\...\{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (HKLM-x32\...\Adobe_faf656ef605427ee2f42989c3ad31b8) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 4.0 (HKLM-x32\...\Adobe Photoshop Elements 4) (Version: 4.0 - Adobe Systems Inc.)
Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.8.198 - Adobe Systems, Inc.)
Adobe Type Support x64 CS4 (HKLM\...\{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}) (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin x64 (HKLM\...\{295CFB7C-A57E-4313-93E7-68E7CE1D0332}) (Version: 1.1 - Adobe Systems Incorporated) Hidden
Advanced SystemCare 12 (HKLM-x32\...\Advanced SystemCare_is1) (Version: 12.3.0 - IObit)
AmScope AmScope 3.7 (HKLM-x32\...\{1B67D67B-E7ED-4055-951F-C78FCF99A210}) (Version: 3.7 - AmScope)
Apple Application Support (32-bit) (HKLM-x32\...\{C1BCFECF-6EC2-4750-9072-5E2489423F8F}) (Version: 7.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B202C7F5-7DE3-4FBF-B259-E70E625F56FC}) (Version: 7.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B5A46811-3612-4DA5-8A5A-E6DED5D7C523}) (Version: 12.2.1.12 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.6.2383 - AVAST Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.4.4 - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.7.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.20.13 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 5.5.0 - Canon Inc.)
Canon MG3600 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3600_series) (Version: 1.00 - Canon Inc.)
Canon MG3600 series On-screen Manual (HKLM-x32\...\Canon MG3600 series On-screen Manual) (Version: 7.8.0 - Canon Inc.)
Canon MG3600 series User Registration (HKLM-x32\...\Canon MG3600 series User Registration) (Version:  - ‭Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.6.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.6.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.8.5 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.60 - Piriform)
Connect (HKLM-x32\...\{B29AD377-CC12-490A-A480-1452337C618D}) (Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.1912 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
D-Fend Reloaded 1.4.2 (deinstall) (HKLM-x32\...\D-Fend Reloaded) (Version: 1.4.2 - Alexander Herzog)
Dropbox (HKU\S-1-5-21-2491742788-3381537054-3154308567-1001\...\Dropbox) (Version: 2.0.26 - Dropbox, Inc.)
FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
Galería de fotos (HKLM-x32\...\{959BC6D1-38C8-441F-9466-9ECCD4E68413}) (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Galerie de photos (HKLM-x32\...\{FE8DFDD0-A543-4A83-B7A9-C411138194D5}) (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 75.0.3770.142 - Google LLC)
Google Chrome Canary (HKU\S-1-5-21-2491742788-3381537054-3154308567-1001\...\Google Chrome SxS) (Version: 77.0.3863.2 - Google LLC)
Google Earth Pro (HKLM-x32\...\{9D524A1E-F2FC-444D-B12A-7592CEB56EB5}) (Version: 7.3.2.5776 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Guild Wars (HKLM-x32\...\Guild Wars) (Version:  - )
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33070) (Version: 3.6.1.33070.11 - Intel)
Intel Driver && Support Assistant (HKLM-x32\...\{0C478EAE-B49D-46A9-8B7F-9634A74602ED}) (Version: 19.6.26.3 - Intel) Hidden
Intel® Computing Improvement Program (HKLM\...\{D40D4164-EEDB-4F0F-85C6-2058A9E34CC7}) (Version: 2.4.04370 - Intel Corporation)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.5069 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{dbe96554-7594-4bba-b7c5-fc6c72dbaa39}) (Version: 19.6.26.3 - Intel)
IObit Uninstaller 8 (HKLM-x32\...\IObitUninstall) (Version: 8.4.0.8 - IObit)
iTunes (HKLM\...\{A8AF3EF8-5010-4A92-BCCA-90F62A7D62B8}) (Version: 12.9.5.7 - Apple Inc.)
Java 8 Update 191 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
kuler (HKLM-x32\...\{098727E1-775A-4450-B573-3F441F1CA243}) (Version: 2.0 - Adobe Systems Incorporated) Hidden
Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.11328.20368 - Microsoft Corporation)
Microsoft Office XP Professional with FrontPage (HKLM-x32\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2491742788-3381537054-3154308567-1001\...\OneDriveSetup.exe) (Version: 19.103.0527.0003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{40F55150-F43D-4C9F-9A00-1A0A6F1EB7F0}) (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{9846E46F-07E0-4BDF-985A-E3FBA8C15877}) (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}) (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{E1DA4302-1C06-4533-AF6D-9D68B01FCB34}) (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 47.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.2 (x86 en-US)) (Version: 47.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.11328.20368 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11425.20244 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11425.20244 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.11328.20368 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11425.20244 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.11328.20368 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.11425.20244 - Microsoft Corporation) Hidden
PDF Settings CS4 (HKLM-x32\...\{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}) (Version: 9.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw (HKLM-x32\...\{CC75AB5C-2110-4A7F-AF52-708680D22FE8}) (Version: 5.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw_x64 (HKLM\...\{2D74E972-5A85-44DC-9193-8A302BA8C181}) (Version: 5.0 - Adobe Systems Incorporated) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.209 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.1.0.3 - Samsung Electronics CO., LTD.)
Samsung Survey (HKLM-x32\...\{F1F6B58E-CF23-475C-AA96-EC658E9E50F3}) (Version: 2.0.1 - Samsung Electronics Co., Ltd.)
ScopeTek DCM35or130 (HKLM-x32\...\{85131E6D-6750-4a31-9D08-C5A46E6AF4E0}) (Version: 1.2 - ScopeTek)
Settings (HKLM-x32\...\{52E5DE60-C96B-42CC-9A37-FE04725940AE}) (Version: 2.0.0 - Samsung Electronics CO., LTD.)
Skype version 8.34 (HKLM-x32\...\Skype_is1) (Version: 8.34 - Skype Technologies S.A.)
Smart Defrag 6 (HKLM-x32\...\Smart Defrag_is1) (Version: 6.3 - IObit)
Smart Switch (HKLM-x32\...\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.0.15064.11 - Samsung Electronics Co., Ltd.) Hidden
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.0.15064.11 - Samsung Electronics Co., Ltd.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stuck Pixel Fixer (HKLM-x32\...\{236D481D-81BD-4249-89EE-B2A44A234FBC}) (Version: 1.00.0000 - Cameron Gray)
Suite Shared Configuration CS4 (HKLM-x32\...\{842B4B72-9E8F-4962-B3C1-1C422A5C4434}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Support Center (HKLM\...\{AC0273F1-68A3-42CF-B487-C594B0A92F8D}) (Version: 2.0.12 - Samsung Electronics CO., LTD.)
SW Update (HKLM-x32\...\{1687FC01-135F-4ADE-B828-B461CC74BD8A}) (Version: 2.2.4 - Samsung Electronics CO., LTD.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.2.1.8 - Synaptics Incorporated)
System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
Trillian (HKLM-x32\...\Trillian) (Version:  - Cerulean Studios, LLC)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F14FB68A-9188-4036-AD0D-D054BC9C9291}) (Version: 2.59.0.0 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.7.1 - VideoLAN)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 5.55 - NCH Software)
Windower (HKU\S-1-5-21-2491742788-3381537054-3154308567-1001\...\Windower) (Version: 4.0.0.0 - Windower Team)
Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass  (07/27/2012 20.57.1.735) (HKLM\...\9F04C462DAB591BDCCE784F77E4D4F1736010B92) (Version: 07/27/2012 20.57.1.735 - Samsung Electronics Co. Ltd.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)
Zip Motion Block Video codec (Remove Only) (HKLM-x32\...\ZMBV) (Version:  - DOSBox Team)
Zoo Tycoon 2 Endangered Species (HKLM-x32\...\Zoo Tycoon 2) (Version: 1.0 - Microsoft)
 
Packages:
=========
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1550.4.0_x86__kgqvnymyfvs32 [2019-07-16] (king.com)
Canon Inkjet Print Utility -> C:\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_2.8.0.1_neutral__6e5tt8cgb93ep [2019-05-24] (Canon Inc.)
Evernote -> C:\Program Files\WindowsApps\Evernote.Evernote_6.19.8555.0_x86__q4d96b2w5wcc2 [2019-06-29] (Evernote)
Fresh Paint -> C:\Program Files\WindowsApps\Microsoft.FreshPaint_3.1.10383.1000_x86__8wekyb3d8bbwe [2019-06-07] (Microsoft Corporation)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_100.1.581.0_x64__v10z8vjag6ke6 [2019-07-19] (HP Inc.)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe [2019-07-09] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-13] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-13] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-19] (Microsoft Corporation) [MS Ad]
Microsoft Phone -> C:\Program Files\WindowsApps\Microsoft.CommsPhone_3.43.20002.1000_x64__8wekyb3d8bbwe [2018-09-08] (Microsoft Corporation)
Microsoft Phone Companion -> C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1802.311.0_x64__8wekyb3d8bbwe [2018-02-12] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.6132.0_x64__8wekyb3d8bbwe [2019-06-21] (Microsoft Studios) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-19] (Microsoft Corporation) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-19] (Microsoft Corporation) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2015-12-11] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-20] (Microsoft Corporation) [MS Ad]
Music Maker Jam -> C:\Program Files\WindowsApps\MAGIX.MusicMakerJam_2.3.1055.0_x64__a2t3txkz9j1jw [2017-06-08] (MAGIX)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.93.478.0_x64__mcm4njqhnhss8 [2019-06-27] (Netflix, Inc.)
PhotoEditor -> C:\Program Files\WindowsApps\6E04A0BD.PhotoEditor_1.0.0.37_neutral__ez4k4b2fwzhzt [2015-12-11] (SAMSUNG ELECTRONICS CO,. LTD.)
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2019-06-02] (Microsoft Corporation)
S Camera -> C:\Program Files\WindowsApps\CyberLinkCorp.ss.SCamera_1.0.1903.26021_x86__h7cwzt5medr84 [2015-12-11] (CYBERLINKCOM)
S Gallery -> C:\Program Files\WindowsApps\CyberLinkCorp.ss.SGallery_1.0.1903.26021_x86__h7cwzt5medr84 [2015-12-11] (CYBERLINKCOM)
S Player -> C:\Program Files\WindowsApps\CyberLinkCorp.ss.SPlayer_1.0.2216.21222_x86__h7cwzt5medr84 [2015-12-11] (CYBERLINKCOM)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-08] (Twitter Inc.)
Xbox 360 SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxCompanion_1.4.3.0_x64__8wekyb3d8bbwe [2015-12-11] (Microsoft Corporation) [MS Ad]
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2491742788-3381537054-3154308567-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Lauren\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2491742788-3381537054-3154308567-1001_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145}\localserver32 -> C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe (IDSA Production signing key -> Intel)
CustomCLSID: HKU\S-1-5-21-2491742788-3381537054-3154308567-1001_Classes\CLSID\{62634D95-960B-4834-8E71-A70408AD8FD9}\InprocServer32 -> C:\Users\Lauren\AppData\Local\Google\Update\1.3.34.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2491742788-3381537054-3154308567-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel® pGFX -> Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2491742788-3381537054-3154308567-1001_Classes\CLSID\{86508D42-E5D7-4D10-9C6F-D427AEEB85B5}\InprocServer32 -> C:\Users\Lauren\AppData\Local\Google\Update\1.3.34.11\psuser_64.dll (Google Inc -> Google LLC)
CustomCLSID: HKU\S-1-5-21-2491742788-3381537054-3154308567-1001_Classes\CLSID\{D9AC5E73-BB10-467b-B884-AA1E475C51F5}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated)
CustomCLSID: HKU\S-1-5-21-2491742788-3381537054-3154308567-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Lauren\AppData\Local\Google\Update\1.3.34.11\psuser_64.dll (Google Inc -> Google LLC)
CustomCLSID: HKU\S-1-5-21-2491742788-3381537054-3154308567-1001_Classes\CLSID\{FA372A6E-149F-4E95-832D-8F698D40AD7F}\localserver32 -> C:\Users\Lauren\AppData\Local\Google\Chrome SxS\Application\77.0.3863.2\notification_helper.exe (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-2491742788-3381537054-3154308567-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lauren\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2491742788-3381537054-3154308567-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lauren\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2491742788-3381537054-3154308567-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lauren\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2491742788-3381537054-3154308567-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lauren\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-05-27] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-05-27] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lauren\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-06-05] (Dropbox -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lauren\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-06-05] (Dropbox -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lauren\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-06-05] (Dropbox -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lauren\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-06-05] (Dropbox -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lauren\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-06-05] (Dropbox -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lauren\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-06-05] (Dropbox -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lauren\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-06-05] (Dropbox -> Dropbox, Inc.)
ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2018-07-06] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-05-27] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-07-18] (CyberLink -> Cyberlink)
ContextMenuHandlers1: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2018-07-21] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2016-03-25] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2018-07-06] (IObit Information Technology -> IObit)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-07-18] (CyberLink -> Cyberlink)
ContextMenuHandlers2: [{C95FFEAE-A32E-4122-A5C4-49B5BFB69795}] -> {C95FFEAE-A32E-4122-A5C4-49B5BFB69795} => C:\Program Files\Common Files\Adobe\Adobe Drive CS4\ADFSMenu.dll [2008-08-14] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-05-27] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [{C95FFEAE-A32E-4122-A5C4-49B5BFB69795}] -> {C95FFEAE-A32E-4122-A5C4-49B5BFB69795} => C:\Program Files\Common Files\Adobe\Adobe Drive CS4\ADFSMenu.dll [2008-08-14] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
ContextMenuHandlers4: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2018-07-06] (IObit Information Technology -> IObit)
ContextMenuHandlers4: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2018-07-21] (IObit Information Technology -> IObit)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2019-05-14] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\WINDOWS\system32\igfxOSP.dll [2019-05-14] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [{C95FFEAE-A32E-4122-A5C4-49B5BFB69795}] -> {C95FFEAE-A32E-4122-A5C4-49B5BFB69795} => C:\Program Files\Common Files\Adobe\Adobe Drive CS4\ADFSMenu.dll [2008-08-14] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-05-27] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2018-07-21] (IObit Information Technology -> IObit)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2016-03-25] (IObit Information Technology -> IObit)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-2491742788-3381537054-3154308567-1001: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lauren\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-06-05] (Dropbox -> Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-2491742788-3381537054-3154308567-1001: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lauren\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-06-05] (Dropbox -> Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-2491742788-3381537054-3154308567-1001: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lauren\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-06-05] (Dropbox -> Dropbox, Inc.)
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\Lauren\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-09-19 16:08 - 2013-09-19 16:08 - 000056320 _____ () [File not signed] C:\Program Files (x86)\TidyNetwork.com\tidy2start.exe
2018-01-24 19:56 - 2015-01-09 09:46 - 000008192 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNSS_ENU.DLL
2018-01-24 19:56 - 2015-01-09 09:44 - 000104960 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNSS_IMG.dll
2017-05-24 19:18 - 2014-03-18 05:00 - 000406016 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNMLMCB.DLL
2018-01-24 19:45 - 2015-03-17 09:51 - 000375296 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNMN6PPM.DLL
2016-01-13 21:10 - 2014-03-18 06:00 - 000408576 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNMXLMCB.DLL
2012-09-18 05:27 - 2012-07-08 22:47 - 000277504 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2491742788-3381537054-3154308567-1001\...\sharepoint.com -> hxxps://ecatmontana-files.sharepoint.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 07:25 - 2019-01-09 16:25 - 000000826 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;%SYSTEMROOT%\System32\OpenSSH\
HKCU\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files (x86)\Skype\Phone\;C:\Users\Lauren\AppData\Local\Microsoft\WindowsApps
HKU\S-1-5-21-2491742788-3381537054-3154308567-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Lauren\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
If an entry is included in the fixlist, it will be removed.
 
MSCONFIG\Services: AdobeActiveFileMonitor4.0 => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: AtherosSvc => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: Easy Launcher => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: Intel® Capability Licensing Service Interface => 2
MSCONFIG\Services: Intel® ME Service => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: UNS => 2
MSCONFIG\Services: ZAtheros Bt and Wlan Coex Agent => 2
MSCONFIG\startupfolder: C:^Users^Lauren^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\WINDOWS\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
HKLM\...\StartupApproved\StartupFolder: => "Microsoft Office.lnk"
HKLM\...\StartupApproved\Run: => "BtTray"
HKLM\...\StartupApproved\Run: => "BtvStack"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Adobe Reader Speed Launcher"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Adobe Photo Downloader"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "AdobeCS4ServiceManager"
HKU\S-1-5-21-2491742788-3381537054-3154308567-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-2491742788-3381537054-3154308567-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2491742788-3381537054-3154308567-1001\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-2491742788-3381537054-3154308567-1001\...\StartupApproved\Run: => "OneDrive"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{EC36A378-3639-4FAE-81BD-B0F057B3057C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{0FD5EB97-E7B2-4382-BDE3-A817E9E440BE}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{4C207CBA-12B3-4D46-84DD-8532C499F110}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C3C7259F-4FF0-423E-8B55-2912E11A0263}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{FCEC23D6-D519-405E-B12B-8FBE976CADEB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{8D5D5C0E-D545-4745-A419-16F5EC33E6B1}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
FirewallRules: [{79CCF073-E9BD-4ABB-A496-E87E4ACA2CBC}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
FirewallRules: [{75076F52-1D10-4C3C-8517-85C33A680F2A}] => (Allow) LPort=5353
FirewallRules: [UDP Query User{F5520894-10FC-4B20-9D10-01EAFD89F541}C:\program files (x86)\trillian\trillian.exe] => (Allow) C:\program files (x86)\trillian\trillian.exe (Cerulean Studios, LLC -> Cerulean Studios)
FirewallRules: [TCP Query User{16E0099F-7DEB-46A0-898A-C9E3E955ECE1}C:\program files (x86)\trillian\trillian.exe] => (Allow) C:\program files (x86)\trillian\trillian.exe (Cerulean Studios, LLC -> Cerulean Studios)
FirewallRules: [{B6BB7EC7-5F99-4D13-8121-855409419B1B}] => (Allow) C:\Program Files (x86)\Microsoft Games\Zoo Tycoon 2\zt.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{A5AC41AE-5BFD-4242-A9FB-DF40A5ECD87C}] => (Allow) C:\Program Files (x86)\Microsoft Games\Zoo Tycoon 2\zt.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{72666E80-102E-418B-82B2-67B385044C85}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3FF9A994-CC66-4686-A0FA-EF2A0FB5DDC7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B1253B55-ED6D-44EB-9F92-A05AAE1B1A0C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{01C4909B-67FD-44E1-9656-0103E7B0F9EB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{37D7597F-A819-48CE-9484-57F674E5A12A}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe (SQUARE ENIX CO., LTD. -> SQUARE ENIX CO., LTD.)
FirewallRules: [{320DB9B6-3A96-4ABE-BD3F-89E3F92345CB}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe (SQUARE ENIX CO., LTD. -> SQUARE ENIX CO., LTD.)
FirewallRules: [{D7AF3853-5C16-4F60-A201-2C54800AE714}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe (SQUARE ENIX CO., LTD. -> SQUARE ENIX CO., LTD.)
FirewallRules: [{6BAA2E87-9D4F-4EC0-A204-DF0F6C83A593}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe (SQUARE ENIX CO., LTD. -> SQUARE ENIX CO., LTD.)
FirewallRules: [{E5BB9C85-0F6E-4E59-910E-A9DC2FD8C5AA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{85ABA9C0-6C69-4C42-B892-C2DBA7A74580}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [UDP Query User{51E0D359-0E2B-494A-9A89-ECBFFD5EC3EA}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{1ECCDCDC-C243-477B-9581-CF7E24BCBAA5}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe (Valve -> Valve Corporation)
FirewallRules: [UDP Query User{EEEEB6FF-6CD1-4FC5-A4BB-F199C2EF51F9}C:\program files (x86)\steam\steamapps\common\ffxina\squareenix\playonlineviewer\pol.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\ffxina\squareenix\playonlineviewer\pol.exe (SQUARE ENIX CO., LTD.) [File not signed]
FirewallRules: [TCP Query User{5BC16B9C-C58C-44EC-B52A-4404777B9718}C:\program files (x86)\steam\steamapps\common\ffxina\squareenix\playonlineviewer\pol.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\ffxina\squareenix\playonlineviewer\pol.exe (SQUARE ENIX CO., LTD.) [File not signed]
FirewallRules: [{53D26857-381A-4420-BDC1-1359F50C6806}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FFXINA\SquareEnix\FINAL FANTASY XI\ToolsUS\FINAL FANTASY XI Config.exe (SQUARE ENIX CO., LTD. -> SQUARE ENIX CO., LTD.)
FirewallRules: [{5CCA6A97-8E20-4F4F-A894-A2055A4367C6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FFXINA\SquareEnix\FINAL FANTASY XI\ToolsUS\FINAL FANTASY XI Config.exe (SQUARE ENIX CO., LTD. -> SQUARE ENIX CO., LTD.)
FirewallRules: [{108C9EB5-03E4-45A7-ACB4-BCB4136F557F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FFXINA\SquareEnix\PlayOnlineViewer\polcfg\polcfg.exe (SQUARE ENIX CO., LTD.) [File not signed]
FirewallRules: [{C41F8BD1-73C2-41FE-93CD-6447DE6D336D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FFXINA\SquareEnix\PlayOnlineViewer\polcfg\polcfg.exe (SQUARE ENIX CO., LTD.) [File not signed]
FirewallRules: [{9097CA4D-53FE-4437-892F-1F9C1B502E6F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FFXINA\SquareEnix\FINAL FANTASY XI\polboot.exe (SQUARE ENIX CO., LTD. -> SQUARE ENIX CO., LTD.)
FirewallRules: [{06E92212-DB32-48BD-A09A-A5F0D6D20CEE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FFXINA\SquareEnix\FINAL FANTASY XI\polboot.exe (SQUARE ENIX CO., LTD. -> SQUARE ENIX CO., LTD.)
FirewallRules: [{B9C6FB98-8BE3-40D7-A59B-15F07FB8D533}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{35CCF564-889D-4810-8E91-A8ECE2741CE1}] => (Allow) LPort=2869
FirewallRules: [{60D484B8-1DF6-4A79-AD79-801AF1D0F2ED}] => (Allow) LPort=1900
FirewallRules: [{CFFD3CAD-1FDC-46B1-9720-34B8319B35D3}] => (Allow) C:\Users\Lauren\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox -> Dropbox, Inc.)
FirewallRules: [{97EFE6FD-99A6-415E-AD32-492837B39751}] => (Allow) C:\Users\Lauren\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox -> Dropbox, Inc.)
FirewallRules: [TCP Query User{FA12E8FA-92F2-4527-AAFC-F4D85D209610}C:\program files (x86)\guild wars 2\gw2.exe] => (Allow) C:\program files (x86)\guild wars 2\gw2.exe (ArenaNet LLC -> ArenaNet)
FirewallRules: [UDP Query User{BC583485-3709-40BA-A523-59CEE07FBD16}C:\program files (x86)\guild wars 2\gw2.exe] => (Allow) C:\program files (x86)\guild wars 2\gw2.exe (ArenaNet LLC -> ArenaNet)
FirewallRules: [TCP Query User{45268128-1F34-4EE1-9202-60D08E5C28B5}C:\program files (x86)\guild wars 2\gw2.exe] => (Allow) C:\program files (x86)\guild wars 2\gw2.exe (ArenaNet LLC -> ArenaNet)
FirewallRules: [UDP Query User{6F9E9DA8-ED9C-4907-9527-15A735C69119}C:\program files (x86)\guild wars 2\gw2.exe] => (Allow) C:\program files (x86)\guild wars 2\gw2.exe (ArenaNet LLC -> ArenaNet)
FirewallRules: [{79BB3C27-0933-4A7B-A5DD-B3B46E42482C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{1F47B823-879F-4AEB-A5CA-69541CF5708A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe (Bethesda Softworks) [File not signed]
FirewallRules: [TCP Query User{12DDF5D3-9A7C-4F04-A464-0F3B8A9C3C06}C:\users\lauren\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\lauren\appdata\roaming\dropbox\bin\dropbox.exe (Dropbox -> Dropbox, Inc.)
FirewallRules: [UDP Query User{9B84DF5B-8FCE-4477-986A-AC733149B88A}C:\users\lauren\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\lauren\appdata\roaming\dropbox\bin\dropbox.exe (Dropbox -> Dropbox, Inc.)
FirewallRules: [{D751D40E-DF2F-464C-B381-3BA615200D4E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DDBCAF1B-C032-451C-95EA-DC0CC21281F5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{73CAC09A-FF13-4DD3-B42F-F2D76CE9B2D2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B7658005-5C97-4080-A13B-CA457935C003}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{19C783D0-2371-4529-AA27-75A38DBF214F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe No File
FirewallRules: [{C463D72E-ACDB-4889-BE8A-F0AF2ADD69D2}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe No File
FirewallRules: [{8DEB7327-FB33-4EE8-B17C-97CFA1E8660B}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{C21070AF-C092-40F5-A436-3D250B8FEF4D}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{1EB3DADC-290E-453C-9E9A-3F898110DDAA}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A57DD56F-F373-4762-9128-7EA47A399F29}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{55DB8AC8-F7A8-478F-B09E-689BCB9C8177}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8553F316-CA91-42DB-918D-022E1AE3AF14}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BF1AD627-80ED-4DA9-99F9-D90A96B70643}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{078E9484-69BB-4BC9-9F0F-993204352639}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4AF4CD7C-DB6A-4A5E-8BDF-B0DD73DB2EDF}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{647D25EF-7279-491E-83D8-061E363347EB}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel® Software Development Products -> )
FirewallRules: [{B9B981A5-6AF7-46F4-8262-3D049F947CAD}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel® Software Development Products -> )
FirewallRules: [{D3FE19FF-330F-4A21-9B53-97D29D74C279}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel® Software Development Products -> )
FirewallRules: [{876E9500-EB93-44D8-8518-82C5845DF3A5}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel® Software Development Products -> )
FirewallRules: [{F1CC8981-4013-416C-AA8F-431139A18D1E}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6EE8EDB9-B1FC-4E5D-979F-B9991A793FDB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
 
==================== Restore Points =========================
 
07-07-2019 09:13:21 Scheduled Checkpoint
10-07-2019 11:38:09 Windows Update
19-07-2019 13:43:39 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/24/2019 05:32:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SUPatchForW10Up.exe, version: 1.0.0.2, time stamp: 0x55d30044
Faulting module name: SUPatchForW10Up.exe, version: 1.0.0.2, time stamp: 0x55d30044
Exception code: 0x40000015
Fault offset: 0x001afc80
Faulting process id: 0x55c
Faulting application start time: 0x01d54210a5343b0c
Faulting application path: C:\ProgramData\Samsung\SamsungUpdatePatch\SUPatchForW10Up.exe
Faulting module path: C:\ProgramData\Samsung\SamsungUpdatePatch\SUPatchForW10Up.exe
Report Id: 02eede54-5327-4c2f-9022-ffe1ffcc9d87
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/24/2019 05:12:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SUPatchForW10Up.exe, version: 1.0.0.2, time stamp: 0x55d30044
Faulting module name: SUPatchForW10Up.exe, version: 1.0.0.2, time stamp: 0x55d30044
Exception code: 0x40000015
Fault offset: 0x001afc80
Faulting process id: 0x1d4c
Faulting application start time: 0x01d5420de2bae807
Faulting application path: C:\ProgramData\Samsung\SamsungUpdatePatch\SUPatchForW10Up.exe
Faulting module path: C:\ProgramData\Samsung\SamsungUpdatePatch\SUPatchForW10Up.exe
Report Id: b1b955f0-1321-42d3-b84f-3e0c0b8eee1c
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/24/2019 04:52:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SUPatchForW10Up.exe, version: 1.0.0.2, time stamp: 0x55d30044
Faulting module name: SUPatchForW10Up.exe, version: 1.0.0.2, time stamp: 0x55d30044
Exception code: 0x40000015
Fault offset: 0x001afc80
Faulting process id: 0xf10
Faulting application start time: 0x01d5420ac9ec3cbc
Faulting application path: C:\ProgramData\Samsung\SamsungUpdatePatch\SUPatchForW10Up.exe
Faulting module path: C:\ProgramData\Samsung\SamsungUpdatePatch\SUPatchForW10Up.exe
Report Id: 96f98d42-de76-4cd5-9473-98d5da380b91
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/24/2019 04:30:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SUPatchForW10Up.exe, version: 1.0.0.2, time stamp: 0x55d30044
Faulting module name: SUPatchForW10Up.exe, version: 1.0.0.2, time stamp: 0x55d30044
Exception code: 0x40000015
Fault offset: 0x001afc80
Faulting process id: 0x2d80
Faulting application start time: 0x01d542083bd05e60
Faulting application path: C:\ProgramData\Samsung\SamsungUpdatePatch\SUPatchForW10Up.exe
Faulting module path: C:\ProgramData\Samsung\SamsungUpdatePatch\SUPatchForW10Up.exe
Report Id: 547ae4b3-c5c9-434d-a08a-bbf86e802d13
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/24/2019 04:11:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SUPatchForW10Up.exe, version: 1.0.0.2, time stamp: 0x55d30044
Faulting module name: SUPatchForW10Up.exe, version: 1.0.0.2, time stamp: 0x55d30044
Exception code: 0x40000015
Fault offset: 0x001afc80
Faulting process id: 0x17e0
Faulting application start time: 0x01d542053fd1c91d
Faulting application path: C:\ProgramData\Samsung\SamsungUpdatePatch\SUPatchForW10Up.exe
Faulting module path: C:\ProgramData\Samsung\SamsungUpdatePatch\SUPatchForW10Up.exe
Report Id: 8e975334-7304-4c80-8c39-17347282ba94
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/24/2019 03:50:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SUPatchForW10Up.exe, version: 1.0.0.2, time stamp: 0x55d30044
Faulting module name: SUPatchForW10Up.exe, version: 1.0.0.2, time stamp: 0x55d30044
Exception code: 0x40000015
Fault offset: 0x001afc80
Faulting process id: 0x2d48
Faulting application start time: 0x01d542029076a68d
Faulting application path: C:\ProgramData\Samsung\SamsungUpdatePatch\SUPatchForW10Up.exe
Faulting module path: C:\ProgramData\Samsung\SamsungUpdatePatch\SUPatchForW10Up.exe
Report Id: 768337f3-948d-40a3-95d5-bce058aed453
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/24/2019 03:31:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SUPatchForW10Up.exe, version: 1.0.0.2, time stamp: 0x55d30044
Faulting module name: SUPatchForW10Up.exe, version: 1.0.0.2, time stamp: 0x55d30044
Exception code: 0x40000015
Fault offset: 0x001afc80
Faulting process id: 0x2cec
Faulting application start time: 0x01d541ffe133cf3c
Faulting application path: C:\ProgramData\Samsung\SamsungUpdatePatch\SUPatchForW10Up.exe
Faulting module path: C:\ProgramData\Samsung\SamsungUpdatePatch\SUPatchForW10Up.exe
Report Id: f3463580-c1fe-4dfc-91ac-80196c169583
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/24/2019 03:12:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SUPatchForW10Up.exe, version: 1.0.0.2, time stamp: 0x55d30044
Faulting module name: SUPatchForW10Up.exe, version: 1.0.0.2, time stamp: 0x55d30044
Exception code: 0x40000015
Fault offset: 0x001afc80
Faulting process id: 0x1784
Faulting application start time: 0x01d541fd42d84507
Faulting application path: C:\ProgramData\Samsung\SamsungUpdatePatch\SUPatchForW10Up.exe
Faulting module path: C:\ProgramData\Samsung\SamsungUpdatePatch\SUPatchForW10Up.exe
Report Id: a930d75f-279a-45e8-ba7b-edfa005a64fd
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (07/24/2019 08:28:27 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/24/2019 04:26:41 PM) (Source: DCOM) (EventID: 10016) (User: LAURENSPC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 and APPID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 to the user LaurensPC\Lauren SID (S-1-5-21-2491742788-3381537054-3154308567-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/24/2019 04:24:59 PM) (Source: DCOM) (EventID: 10016) (User: LAURENSPC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 and APPID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 to the user LaurensPC\Lauren SID (S-1-5-21-2491742788-3381537054-3154308567-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/23/2019 10:55:11 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {B91D5831-B1BD-4608-8198-D72E155020F7} did not register with DCOM within the required timeout.
 
Error: (07/23/2019 10:53:11 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {B91D5831-B1BD-4608-8198-D72E155020F7} did not register with DCOM within the required timeout.
 
Error: (07/23/2019 10:51:11 PM) (Source: DCOM) (EventID: 10016) (User: LAURENSPC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user LaurensPC\Lauren SID (S-1-5-21-2491742788-3381537054-3154308567-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/23/2019 10:51:11 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {B91D5831-B1BD-4608-8198-D72E155020F7} did not register with DCOM within the required timeout.
 
Error: (07/23/2019 10:50:39 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
 
 
CodeIntegrity:
===================================
 
Date: 2019-07-24 20:33:09.193
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2019-07-24 20:33:07.872
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2019-07-24 20:33:06.282
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2019-07-24 20:33:03.493
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2019-07-24 20:33:03.283
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2019-07-24 20:33:03.116
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2019-07-24 20:33:02.182
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2019-07-24 20:33:02.060
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
==================== Memory info =========================== 
 
BIOS: American Megatrends Inc. P03ABE 09/20/2012
Motherboard: SAMSUNG ELECTRONICS CO., LTD. NP350V5C-A01US
Processor: Intel® Core™ i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 72%
Total physical RAM: 6035.54 MB
Available physical RAM: 1651.53 MB
Total Virtual: 7252 MB
Available Virtual: 1996.46 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:673.19 GB) (Free:293.38 GB) NTFS
 
\\?\Volume{a429298c-d79a-4cc0-b438-8636083cd78f}\ (Windows RE tools) (Fixed) (Total:0.49 GB) (Free:0.17 GB) NTFS
\\?\Volume{06613955-bdb6-4033-b662-15afcec5bf25}\ () (Fixed) (Total:0.89 GB) (Free:0.36 GB) NTFS
\\?\Volume{50988b64-9f71-4d7c-be52-5a64c42be8dd}\ () (Fixed) (Total:0.34 GB) (Free:0.31 GB) NTFS
\\?\Volume{14619228-65c0-401d-a068-fc6212765d22}\ (SAMSUNG_REC2) (Fixed) (Total:22.31 GB) (Free:0.75 GB) NTFS
\\?\Volume{3a122d7b-b6b0-47fa-4173-636c65706975}\ (SAMSUNG_REC) (Fixed) (Total:1 GB) (Free:0.26 GB) FAT32
\\?\Volume{6ca64be2-1ed6-4a9d-b8a2-35a0c0d9cfc0}\ (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.26 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: B0B02E26)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 


  • 0

Advertisements

#2
iMacg3
Posted 25 July 2019 - 12:56 PM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Hi Lovltn848, welcome to the Geeks to Go malware removal forum.

I am iMacg3 and will be helping you with your computer problems.

Please keep the following information in mind before we begin:
  • Back up any important data before we continue.
    • Back up any important data on your computer to external media. I will not knowingly suggest any steps that will damage your computer; however, malware infections are often unpredictable and it may be necessary to reformat and reinstall your operating system depending on the infection.
  • Do not run any fixes or tools on your system unless I request that you do so.
    • Running additional tools on your system can interfere with the clean-up process, or cause issues such as false positives.
  • Please read all instructions carefully, and complete them in the order listed.
    • Items that are especially important will be highlighted in bold or red.
  • If your computer seems to start working normally, please don't abandon the topic.
    • Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.
  • If you have pirated or illegal software on your computer, uninstall it now before proceeding.
    • Using pirated/cracked software is an easy way to infect your computer - almost as easy as intentionally downloading malware. Therefore, please remove any, if present, before we begin the clean-up.
  • If you don't respond to your topic in 4 days, it will be closed.
    • If your topic is closed and you still need assistance, send me or any Moderator a Private Message with a link to your topic.
  • If you have questions at any time during the cleanup, feel free to ask.
---------------------------------------------------

Do you use the program Smart Defrag 6?

---------------------------------------------------
I noticed you have disabled some startup items using msconfig. msconfig is designed to be used for temporary/troubleshooting issues, and is not recommended as a startup manager.

MSConfig - Normal Startup
  • Press the Windows key + R.
  • Type msconfig in the Run box and press Enter.
  • MSConfig will open. Select the Normal Startup radio button and click Apply > OK.
  • Restart your computer to apply the changes.
---------------------------------------------------
Farbar Recovery Scan Tool - Fix
  • Highlight the contents of the below code box and press Ctrl + C on your keyboard:
    Start::
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {16B03F99-9ECE-44B0-931E-F58CC15CFEE0} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {348B62AC-B045-416F-9D52-053A5BBD8B8D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {74F8E0E2-6FD8-474C-BC06-2712B5370F05} - System32\Tasks\TidyNetwork Metro => C:\Program Files (x86)\TidyNetwork.com\tidy2start.exe [56320 2013-09-19] () [File not signed]
Task: {7E50664C-0B5F-4E6C-978B-86BD722BA62E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {80E4C15F-05B2-4D3A-BB23-ABF367DAFDBF} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {89DC30C8-E920-481F-952C-54420B7A9CEF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {970788F8-2038-4B5E-801D-D610AAB952F0} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {ADF87FF6-32AC-4DA4-99F4-D20304B2A2A9} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {C8D2C31E-3823-4C7F-87AA-9C1A8A67549B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {CA22282D-D6FA-4E71-BAD4-BFB58146A45C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {DCCF1D78-0002-4884-B33C-98E8F50751FF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {DD6E9523-2D55-4876-A5B5-C3B857E9EE3A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {FE040846-FCB8-420F-9322-289A845E81BD} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
SearchScopes: HKU\S-1-5-21-2491742788-3381537054-3154308567-1001 -> DefaultScope {3FA8BE7B-B212-4D8F-95A4-5FBE39E45BCF} URL = 
SearchScopes: HKU\S-1-5-21-2491742788-3381537054-3154308567-1001 -> {3FA8BE7B-B212-4D8F-95A4-5FBE39E45BCF} URL = 
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Handler: skype4com - No CLSID Value
FF user.js: detected! => C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\sf9ii6xi.default-1437193012555\user.js [2019-02-12]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
S3 cpuz143; \??\C:\WINDOWS\temp\cpuz143\cpuz143_x64.sys [X]
2019-07-19 19:36 - 2018-07-13 18:21 - 000002270 _____ C:\WINDOWS\System32\Tasks\TidyNetwork Metro
CustomCLSID: HKU\S-1-5-21-2491742788-3381537054-3154308567-1001_Classes\CLSID\{62634D95-960B-4834-8E71-A70408AD8FD9}\InprocServer32 -> C:\Users\Lauren\AppData\Local\Google\Update\1.3.34.7\psuser_64.dll => No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
FirewallRules: [{19C783D0-2371-4529-AA27-75A38DBF214F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe No File
FirewallRules: [{C463D72E-ACDB-4889-BE8A-F0AF2ADD69D2}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe No File
C:\Program Files (x86)\TidyNetwork.com
Folder: C:\ProgramData\WinClon
CMD: Bitsadmin /Reset /Allusers
End::
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Double-click FRST.exe/FRST64.exe to run it.
  • Press the Fix button just once and wait.
  • Restart the computer if prompted.
  • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
  • Please copy and paste its contents into your reply.
---------------------------------------------------
AdwCleaner

Download AdwCleaner and save it to your desktop.
  • Right-click on the AdwCleaner icon and select Run as Administrator
  • Accept the EULA (I agree), then click on Scan.
  • When the scan is complete, click View Scan Log File. (Don't click the Clean and Repair button yet)
  • The scan log will open in Notepad.
  • Copy and paste its contents into your next reply.
  • Note: The log is also saved to C:\AdwCleaner\Logs\AdwCleaner[Sxx].txt
---------------------------------------------------

In your next reply, please include:
  • Fixlog.txt
  • AdwCleaner[Sxx].txt
  • Let me know how the computer is doing.

  • 0

#3
Lovltn848
Posted 25 July 2019 - 10:13 PM

Lovltn848

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 237 posts
Fix result of Farbar Recovery Scan Tool (x64) Version: 15-07-2019 01
Ran by Lauren (25-07-2019 21:46:26) Run:1
Running from C:\Users\Lauren\Downloads
Loaded Profiles: Lauren (Available Profiles: Lauren)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {16B03F99-9ECE-44B0-931E-F58CC15CFEE0} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {348B62AC-B045-416F-9D52-053A5BBD8B8D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {74F8E0E2-6FD8-474C-BC06-2712B5370F05} - System32\Tasks\TidyNetwork Metro => C:\Program Files (x86)\TidyNetwork.com\tidy2start.exe [56320 2013-09-19] () [File not signed]
Task: {7E50664C-0B5F-4E6C-978B-86BD722BA62E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {80E4C15F-05B2-4D3A-BB23-ABF367DAFDBF} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {89DC30C8-E920-481F-952C-54420B7A9CEF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {970788F8-2038-4B5E-801D-D610AAB952F0} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {ADF87FF6-32AC-4DA4-99F4-D20304B2A2A9} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {C8D2C31E-3823-4C7F-87AA-9C1A8A67549B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {CA22282D-D6FA-4E71-BAD4-BFB58146A45C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {DCCF1D78-0002-4884-B33C-98E8F50751FF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {DD6E9523-2D55-4876-A5B5-C3B857E9EE3A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {FE040846-FCB8-420F-9322-289A845E81BD} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
SearchScopes: HKU\S-1-5-21-2491742788-3381537054-3154308567-1001 -> DefaultScope {3FA8BE7B-B212-4D8F-95A4-5FBE39E45BCF} URL = 
SearchScopes: HKU\S-1-5-21-2491742788-3381537054-3154308567-1001 -> {3FA8BE7B-B212-4D8F-95A4-5FBE39E45BCF} URL = 
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Handler: skype4com - No CLSID Value
FF user.js: detected! => C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\sf9ii6xi.default-1437193012555\user.js [2019-02-12]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
S3 cpuz143; \??\C:\WINDOWS\temp\cpuz143\cpuz143_x64.sys [X]
2019-07-19 19:36 - 2018-07-13 18:21 - 000002270 _____ C:\WINDOWS\System32\Tasks\TidyNetwork Metro
CustomCLSID: HKU\S-1-5-21-2491742788-3381537054-3154308567-1001_Classes\CLSID\{62634D95-960B-4834-8E71-A70408AD8FD9}\InprocServer32 -> C:\Users\Lauren\AppData\Local\Google\Update\1.3.34.7\psuser_64.dll => No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
FirewallRules: [{19C783D0-2371-4529-AA27-75A38DBF214F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe No File
FirewallRules: [{C463D72E-ACDB-4889-BE8A-F0AF2ADD69D2}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe No File
C:\Program Files (x86)\TidyNetwork.com
Folder: C:\ProgramData\WinClon
CMD: Bitsadmin /Reset /Allusers
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{16B03F99-9ECE-44B0-931E-F58CC15CFEE0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{16B03F99-9ECE-44B0-931E-F58CC15CFEE0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{348B62AC-B045-416F-9D52-053A5BBD8B8D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{348B62AC-B045-416F-9D52-053A5BBD8B8D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{74F8E0E2-6FD8-474C-BC06-2712B5370F05}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{74F8E0E2-6FD8-474C-BC06-2712B5370F05}" => removed successfully
C:\WINDOWS\System32\Tasks\TidyNetwork Metro => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TidyNetwork Metro" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7E50664C-0B5F-4E6C-978B-86BD722BA62E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E50664C-0B5F-4E6C-978B-86BD722BA62E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{80E4C15F-05B2-4D3A-BB23-ABF367DAFDBF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{80E4C15F-05B2-4D3A-BB23-ABF367DAFDBF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{89DC30C8-E920-481F-952C-54420B7A9CEF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{89DC30C8-E920-481F-952C-54420B7A9CEF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{970788F8-2038-4B5E-801D-D610AAB952F0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{970788F8-2038-4B5E-801D-D610AAB952F0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ADF87FF6-32AC-4DA4-99F4-D20304B2A2A9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ADF87FF6-32AC-4DA4-99F4-D20304B2A2A9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C8D2C31E-3823-4C7F-87AA-9C1A8A67549B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C8D2C31E-3823-4C7F-87AA-9C1A8A67549B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CA22282D-D6FA-4E71-BAD4-BFB58146A45C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA22282D-D6FA-4E71-BAD4-BFB58146A45C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DCCF1D78-0002-4884-B33C-98E8F50751FF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DCCF1D78-0002-4884-B33C-98E8F50751FF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DD6E9523-2D55-4876-A5B5-C3B857E9EE3A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD6E9523-2D55-4876-A5B5-C3B857E9EE3A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FE040846-FCB8-420F-9322-289A845E81BD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FE040846-FCB8-420F-9322-289A845E81BD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKU\S-1-5-21-2491742788-3381537054-3154308567-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-2491742788-3381537054-3154308567-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3FA8BE7B-B212-4D8F-95A4-5FBE39E45BCF} => removed successfully
HKLM\Software\Classes\CLSID\{3FA8BE7B-B212-4D8F-95A4-5FBE39E45BCF} => not found
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => removed successfully
HKLM\Software\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => not found
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}" => removed successfully
HKLM\Software\Classes\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => not found
HKLM\Software\Classes\PROTOCOLS\Handler\skype4com => removed successfully
C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\sf9ii6xi.default-1437193012555\user.js => moved successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => removed successfully
HKLM\System\CurrentControlSet\Services\cpuz143 => removed successfully
cpuz143 => service removed successfully
"C:\WINDOWS\System32\Tasks\TidyNetwork Metro" => not found
HKU\S-1-5-21-2491742788-3381537054-3154308567-1001_Classes\CLSID\{62634D95-960B-4834-8E71-A70408AD8FD9} => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{19C783D0-2371-4529-AA27-75A38DBF214F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C463D72E-ACDB-4889-BE8A-F0AF2ADD69D2}" => removed successfully
C:\Program Files (x86)\TidyNetwork.com => moved successfully
 
========================= Folder: C:\ProgramData\WinClon ========================
 
2012-09-18 05:38 - 2016-07-28 07:45 - 000000044 ____A [82424395F42D0AED09A73E6BDA30D1A5] () C:\ProgramData\WinClon\InitRun.srs
2016-08-04 16:40 - 2019-07-23 22:57 - 000000046 ____A [AAB9D3AAD587BD732E1BFADB59D5FF82] () C:\ProgramData\WinClon\InstRes.srs
2012-09-18 05:38 - 2016-07-28 07:44 - 000000046 ____A [AAB9D3AAD587BD732E1BFADB59D5FF82] () C:\ProgramData\WinClon\InstRet.srs
2017-05-04 20:16 - 2019-07-23 22:57 - 000000018 ____A [95C02B55BC10BB48016EBDBAE1919701] () C:\ProgramData\WinClon\Network.srs
2012-09-18 05:38 - 2016-07-28 07:45 - 000001510 ____A [B3E75ABD4C8F89FAE7E5CFAE2883B98A] () C:\ProgramData\WinClon\Recovery.xml
2013-03-28 11:54 - 2013-09-18 14:01 - 000000362 ____A [B2E3438DAFD409C01AD0E96705905BF8] () C:\ProgramData\WinClon\RestoreList.srs
2012-09-18 05:38 - 2016-07-28 07:45 - 000000280 ____A [8358A1B813C170B994EA566C10194BCB] () C:\ProgramData\WinClon\Schedule.srs
2012-09-18 05:38 - 2012-09-18 05:38 - 000000000 ____A [D41D8CD98F00B204E9800998ECF8427E] () C:\ProgramData\WinClon\SS.DAT
2012-09-18 05:38 - 2013-03-28 11:54 - 000000168 ____A [1694B47F5A3F860306186F76DAE77F48] () C:\ProgramData\WinClon\WinClon.srs
2013-03-28 11:54 - 2016-08-04 16:40 - 000000448 ____A [73534C2F9212532DEC2197C925C4F6D3] () C:\ProgramData\WinClon\WinClonInit.srs
2012-09-18 05:38 - 2019-07-23 22:57 - 000000044 ____A [B15ED4409FF83CB6D980DB08F188241D] () C:\ProgramData\WinClon\WinClonLang.ini
2012-09-18 05:38 - 2016-08-04 16:39 - 000000100 ____A [B79828EDBDD6B9A15F86CE96223B43C4] () C:\ProgramData\WinClon\WinCmd.srs
2012-09-18 05:38 - 2019-07-25 21:42 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\WinClon\Logs
2012-09-18 05:38 - 2012-09-18 05:59 - 000133664 ____A [993CFF4527F91B55C7BBA5345D4E8EE0] () C:\ProgramData\WinClon\Logs\2012-09-18.txt
2012-09-18 17:16 - 2012-09-19 00:00 - 000314462 ____A [042D178E7AC17DB23CF1B8789D483100] () C:\ProgramData\WinClon\Logs\2012-09-19.txt
2013-03-27 19:08 - 2013-03-27 19:10 - 000009840 ____A [5D39B256B85FA04E39B63CDB728D68C2] () C:\ProgramData\WinClon\Logs\2013-03-28.txt
2013-09-18 13:59 - 2013-09-19 00:15 - 000057406 ____A [5B5B64586DC0773286D2A8B4B95BA84F] () C:\ProgramData\WinClon\Logs\2013-09-18.txt
2013-09-20 02:56 - 2013-09-20 20:43 - 000035236 ____A [32D3F8D173E98C02B083E91963B5F7F7] () C:\ProgramData\WinClon\Logs\2013-09-20.txt
2013-09-22 19:44 - 2013-09-22 19:50 - 000017504 ____A [5CE432B5999C095559769F7EAA94A14E] () C:\ProgramData\WinClon\Logs\2013-09-22.txt
2013-09-26 06:52 - 2013-09-26 06:52 - 000018082 ____A [0D86030B60D2F31C07C078BDC22B55D6] () C:\ProgramData\WinClon\Logs\2013-09-26.txt
2013-09-30 07:48 - 2013-09-30 07:48 - 000017722 ____A [D06D102D88FD6CCCA160CC3691506141] () C:\ProgramData\WinClon\Logs\2013-09-30.txt
2013-10-12 03:41 - 2013-10-12 03:41 - 000018082 ____A [19620916F342D92ABF7AE8295D159496] () C:\ProgramData\WinClon\Logs\2013-10-12.txt
2013-10-16 20:37 - 2013-10-16 20:37 - 000018262 ____A [08FBDABC6537C1D34014FB096ED05DD8] () C:\ProgramData\WinClon\Logs\2013-10-16.txt
2013-11-02 08:26 - 2013-11-02 08:26 - 000018082 ____A [A482767A6895B02E75CDA5486A91CFA4] () C:\ProgramData\WinClon\Logs\2013-11-02.txt
2013-11-16 08:04 - 2013-11-16 08:04 - 000018082 ____A [A4C248716F1A413B2D581D7050BC537A] () C:\ProgramData\WinClon\Logs\2013-11-16.txt
2013-11-18 09:19 - 2013-11-18 09:19 - 000017722 ____A [FE9E169295AFF530C0D4523A034E6550] () C:\ProgramData\WinClon\Logs\2013-11-18.txt
2013-12-03 22:40 - 2013-12-03 22:58 - 000035802 ____A [2B2E6A38EC6FD371C17BE9068A29420B] () C:\ProgramData\WinClon\Logs\2013-12-03.txt
2013-12-08 14:39 - 2013-12-08 14:39 - 000017722 ____A [E4F3E00E825D546A4CF66D511D8A3431] () C:\ProgramData\WinClon\Logs\2013-12-08.txt
2013-12-13 07:55 - 2013-12-13 07:55 - 000017722 ____A [74D1887C1A5B9501601556198CF92725] () C:\ProgramData\WinClon\Logs\2013-12-13.txt
2013-12-19 23:40 - 2013-12-19 23:40 - 000018082 ____A [A2430F207BB30897B2C6FD71CCE94459] () C:\ProgramData\WinClon\Logs\2013-12-19.txt
2013-12-31 08:06 - 2013-12-31 17:57 - 000053702 ____A [B83BC8BCA0DC40E465EBF8808DA26D9E] () C:\ProgramData\WinClon\Logs\2013-12-31.txt
2014-01-07 21:46 - 2014-01-07 21:46 - 000017902 ____A [535F331A573434E2E004B193E6236594] () C:\ProgramData\WinClon\Logs\2014-01-07.txt
2014-01-23 22:19 - 2014-01-23 22:19 - 000018082 ____A [0B11BE021D65BEA3D4DBA9AB5478D87B] () C:\ProgramData\WinClon\Logs\2014-01-23.txt
2014-02-14 05:25 - 2014-02-14 13:34 - 000035442 ____A [30E00C67E309A828A00877D955D3591D] () C:\ProgramData\WinClon\Logs\2014-02-14.txt
2014-02-20 15:02 - 2014-02-20 15:03 - 000018082 ____A [7043461A7BF3F57F004E4A98E995992F] () C:\ProgramData\WinClon\Logs\2014-02-20.txt
2014-02-26 20:12 - 2014-02-26 20:12 - 000018262 ____A [655753B28F8AE0BF4CDEC119038B906B] () C:\ProgramData\WinClon\Logs\2014-02-26.txt
2014-03-13 06:52 - 2014-03-13 06:52 - 000018082 ____A [575D3AB248FD525A5DE09A01BC0A7203] () C:\ProgramData\WinClon\Logs\2014-03-13.txt
2014-03-20 21:14 - 2014-03-20 21:14 - 000018082 ____A [126B80F3829FDE1C46CEC98B13CF6EEE] () C:\ProgramData\WinClon\Logs\2014-03-20.txt
2014-03-21 06:58 - 2014-03-21 06:58 - 000017722 ____A [9ABE080F1817614BDD403F9FE60E999B] () C:\ProgramData\WinClon\Logs\2014-03-21.txt
2014-03-26 20:15 - 2014-03-26 20:15 - 000018262 ____A [B979AECC9F6450B7F7E70E45688F37B5] () C:\ProgramData\WinClon\Logs\2014-03-26.txt
2014-04-02 06:56 - 2014-04-02 06:57 - 000018262 ____A [89A96F3051BB2BC77B6941F0D16BEFB2] () C:\ProgramData\WinClon\Logs\2014-04-02.txt
2014-04-04 12:13 - 2014-04-04 12:13 - 000017722 ____A [4F025ED72298545B9E75C23EC3A13540] () C:\ProgramData\WinClon\Logs\2014-04-04.txt
2014-04-11 23:33 - 2014-04-11 23:51 - 000035442 ____A [353E2075E2A7ADEDDE96A746F6BC1886] () C:\ProgramData\WinClon\Logs\2014-04-11.txt
2014-04-25 22:02 - 2014-04-25 22:03 - 000017722 ____A [BC6F00EF5E40EA528D23BEC069D2DBE8] () C:\ProgramData\WinClon\Logs\2014-04-25.txt
2014-04-29 18:10 - 2014-04-29 18:10 - 000017902 ____A [1DB0A9D86FBCE02B933D70997779A92D] () C:\ProgramData\WinClon\Logs\2014-04-29.txt
2014-05-05 17:01 - 2014-05-05 17:01 - 000017722 ____A [509F7C5C3D19684D282DBC5693E1C6E3] () C:\ProgramData\WinClon\Logs\2014-05-05.txt
2014-05-16 19:26 - 2014-05-16 19:26 - 000017722 ____A [7EE6D2E22D145326956B3A7211967FE8] () C:\ProgramData\WinClon\Logs\2014-05-16.txt
2014-05-18 11:34 - 2014-05-18 11:37 - 000017722 ____A [49D8C6C7B98AFE098960E319D104DE1C] () C:\ProgramData\WinClon\Logs\2014-05-18.txt
2014-05-23 22:50 - 2014-05-23 22:50 - 000017516 ____A [0966B6134AB102D600104CFD4F995823] () C:\ProgramData\WinClon\Logs\2014-05-23.txt
2014-05-27 23:56 - 2014-05-27 23:57 - 000017902 ____A [06F42D8942EF8433D932BF2725AAFA89] () C:\ProgramData\WinClon\Logs\2014-05-27.txt
2014-05-30 06:56 - 2014-05-30 06:56 - 000017722 ____A [9A07E606042F61F726879AAC60CA97BD] () C:\ProgramData\WinClon\Logs\2014-05-30.txt
2014-06-02 17:40 - 2014-06-02 18:05 - 000035442 ____A [35A0CB347CA966D84D22ACB27BC4E11F] () C:\ProgramData\WinClon\Logs\2014-06-02.txt
2014-06-03 19:50 - 2014-06-03 19:50 - 000017694 ____A [17ED0C528189B22E90F94DD9309B0E51] () C:\ProgramData\WinClon\Logs\2014-06-03.txt
2014-06-08 20:52 - 2014-06-08 20:52 - 000017722 ____A [C72C2F88BF90C99D8274F5164DB7AA7A] () C:\ProgramData\WinClon\Logs\2014-06-08.txt
2014-06-13 06:56 - 2014-06-13 19:05 - 000035442 ____A [7C2D3074DCF2DE57836DC33E0D9B4BD5] () C:\ProgramData\WinClon\Logs\2014-06-13.txt
2014-06-18 22:42 - 2014-06-18 22:42 - 000018262 ____A [E22BADC1D90BAE1998430F7C5CBB65CB] () C:\ProgramData\WinClon\Logs\2014-06-18.txt
2014-06-20 20:33 - 2014-06-20 20:34 - 000017722 ____A [A46F13308C6B4DE6C7CE0448668B3DFA] () C:\ProgramData\WinClon\Logs\2014-06-20.txt
2014-06-25 06:55 - 2014-06-25 06:55 - 000018262 ____A [6274CF74F507DAFF5062667E803E3D9D] () C:\ProgramData\WinClon\Logs\2014-06-25.txt
2014-07-08 22:04 - 2014-07-08 22:05 - 000017902 ____A [C5465CB73409F472F3567D52EC39C557] () C:\ProgramData\WinClon\Logs\2014-07-08.txt
2014-07-11 17:19 - 2014-07-11 17:19 - 000017722 ____A [634277FF6573B23BB98E7791F27D47DF] () C:\ProgramData\WinClon\Logs\2014-07-11.txt
2014-07-14 17:28 - 2014-07-14 17:28 - 000017722 ____A [F7A7BC7BC3446F5062D712170AB0A8C3] () C:\ProgramData\WinClon\Logs\2014-07-14.txt
2014-07-18 21:37 - 2014-07-18 21:38 - 000017722 ____A [7FF6085F3AFBB30178D1CF8F3E3AC739] () C:\ProgramData\WinClon\Logs\2014-07-18.txt
2014-07-20 21:40 - 2014-07-20 21:40 - 000017722 ____A [F39ED8A157D8A43A84923BF21C9975DA] () C:\ProgramData\WinClon\Logs\2014-07-20.txt
2014-08-15 06:49 - 2014-08-15 06:50 - 000017722 ____A [D24106CED31148EA35E4C367FD1DB912] () C:\ProgramData\WinClon\Logs\2014-08-15.txt
2014-08-29 20:33 - 2014-08-29 20:33 - 000017722 ____A [829F69B1ACE69A3B3370CE0D67D3CF0B] () C:\ProgramData\WinClon\Logs\2014-08-29.txt
2014-09-07 20:30 - 2014-09-07 20:30 - 000017722 ____A [83055F64E3552D615EF60DED3C54A297] () C:\ProgramData\WinClon\Logs\2014-09-07.txt
2014-09-12 20:03 - 2014-09-12 20:03 - 000017722 ____A [7353A62CE7055F211EC3479E707FCF03] () C:\ProgramData\WinClon\Logs\2014-09-12.txt
2014-09-19 16:31 - 2014-09-19 16:32 - 000017722 ____A [228A909A57CB442DAC50575DF9177B61] () C:\ProgramData\WinClon\Logs\2014-09-19.txt
2014-09-28 00:20 - 2014-09-28 00:21 - 000017722 ____A [8098E1588691F9AA6683502F9A31ACC9] () C:\ProgramData\WinClon\Logs\2014-09-28.txt
2014-10-07 22:08 - 2014-10-07 22:09 - 000017902 ____A [B3590AB28B4E4D06C398011CED68C05B] () C:\ProgramData\WinClon\Logs\2014-10-07.txt
2014-10-14 23:26 - 2014-10-14 23:26 - 000017902 ____A [328DF7317B3581EA9D32777956C20B6A] () C:\ProgramData\WinClon\Logs\2014-10-14.txt
2014-10-17 20:01 - 2014-10-17 20:02 - 000017722 ____A [EE627AFD958E21790F51673162053561] () C:\ProgramData\WinClon\Logs\2014-10-17.txt
2014-11-01 21:31 - 2014-11-01 21:32 - 000018082 ____A [FB6A7527489D34C559548220E13B4F80] () C:\ProgramData\WinClon\Logs\2014-11-01.txt
2014-11-15 12:38 - 2014-11-15 12:38 - 000018082 ____A [ED7DF63A24C8E3CD9E4FAEC68EDB17A1] () C:\ProgramData\WinClon\Logs\2014-11-15.txt
2014-11-21 08:49 - 2014-11-21 08:49 - 000017722 ____A [25AC711DBD2CB433130F580602B386E7] () C:\ProgramData\WinClon\Logs\2014-11-21.txt
2014-11-27 23:25 - 2014-11-27 23:25 - 000017872 ____A [E57A3E0E96564DD37F819A4B01BD0599] () C:\ProgramData\WinClon\Logs\2014-11-27.txt
2014-12-01 07:55 - 2014-12-01 07:55 - 000017722 ____A [DFEBA61097D87A9C44FB295A2EA84D93] () C:\ProgramData\WinClon\Logs\2014-12-01.txt
2014-12-11 20:25 - 2014-12-11 20:26 - 000018082 ____A [65A98EB28F28B9859FBCD6B957257204] () C:\ProgramData\WinClon\Logs\2014-12-11.txt
2014-12-14 21:20 - 2014-12-14 21:20 - 000017722 ____A [FDAF9F0FFE8B745FB6ED95D9238164A9] () C:\ProgramData\WinClon\Logs\2014-12-14.txt
2014-12-26 17:54 - 2014-12-26 17:54 - 000017722 ____A [2D6573909ECA1603EA7FA91FD7B0FAB2] () C:\ProgramData\WinClon\Logs\2014-12-26.txt
2014-12-30 08:01 - 2014-12-30 08:01 - 000017902 ____A [FB91F951C6114DD35381478B2D3C5A5C] () C:\ProgramData\WinClon\Logs\2014-12-30.txt
2015-01-03 19:03 - 2015-01-03 19:04 - 000018082 ____A [B357078762EF4A3006654EB91ABD6016] () C:\ProgramData\WinClon\Logs\2015-01-03.txt
2015-01-16 08:50 - 2015-01-16 08:50 - 000017722 ____A [785FDAD37DDF0E9FFDE00B999B56586A] () C:\ProgramData\WinClon\Logs\2015-01-16.txt
2015-01-17 23:42 - 2015-01-17 23:43 - 000018082 ____A [59F389B0780525F4E1A2B5E0F7FD6BF0] () C:\ProgramData\WinClon\Logs\2015-01-17.txt
2015-01-30 08:42 - 2015-01-30 08:43 - 000017722 ____A [F1DBD1EF869AC685F135DF09FBB2839C] () C:\ProgramData\WinClon\Logs\2015-01-30.txt
2015-02-03 01:28 - 2015-02-03 01:29 - 000017902 ____A [A5D823262CA992248AE458B3AC28F987] () C:\ProgramData\WinClon\Logs\2015-02-03.txt
2015-02-06 18:37 - 2015-02-06 18:38 - 000017722 ____A [A1CD47B25531B9DA59D36B5CE9BC0170] () C:\ProgramData\WinClon\Logs\2015-02-06.txt
2015-02-13 21:47 - 2015-02-13 21:47 - 000017722 ____A [2123668C31C9AB69A626A1655676E2E5] () C:\ProgramData\WinClon\Logs\2015-02-13.txt
2015-02-20 19:06 - 2015-02-20 19:06 - 000017516 ____A [58EAD7495B843391E3022284068FBB7A] () C:\ProgramData\WinClon\Logs\2015-02-20.txt
2015-02-21 18:55 - 2015-02-21 18:56 - 000017872 ____A [7B94B4E53F36A7DAA9B21960DE704533] () C:\ProgramData\WinClon\Logs\2015-02-21.txt
2015-03-13 20:29 - 2015-03-13 20:30 - 000017516 ____A [B6995CCB64B39C5BE4433F1B65EE2CCF] () C:\ProgramData\WinClon\Logs\2015-03-13.txt
2015-03-19 07:46 - 2015-03-19 07:47 - 000018082 ____A [1CB1585FDFF13C8F36198EC92770025F] () C:\ProgramData\WinClon\Logs\2015-03-19.txt
2015-03-20 20:13 - 2015-03-20 20:13 - 000017722 ____A [3BE5D3050AC94679DE4B010CBF7C0199] () C:\ProgramData\WinClon\Logs\2015-03-20.txt
2015-04-07 19:45 - 2015-04-07 19:45 - 000017902 ____A [A45C103CF28D8961C18611BB5C4FAA0D] () C:\ProgramData\WinClon\Logs\2015-04-07.txt
2015-04-10 19:15 - 2015-04-10 19:16 - 000017722 ____A [F75CCED7E8066818344A61AEA3CE8FE2] () C:\ProgramData\WinClon\Logs\2015-04-10.txt
2015-04-15 19:29 - 2015-04-15 19:30 - 000018262 ____A [622EC8528EB11D306FB88DDD5C6448DF] () C:\ProgramData\WinClon\Logs\2015-04-15.txt
2015-04-22 18:22 - 2015-04-22 18:24 - 000018262 ____A [8AE23615728C07D5CA03C6738EF4C9E0] () C:\ProgramData\WinClon\Logs\2015-04-22.txt
2015-04-30 16:23 - 2015-04-30 16:23 - 000018082 ____A [10EB35A821BD865D759AD8E77CB07AB6] () C:\ProgramData\WinClon\Logs\2015-04-30.txt
2015-05-01 19:28 - 2015-05-01 19:29 - 000017722 ____A [9A888E7A2A2B3BC27BB11532A4A0AAD8] () C:\ProgramData\WinClon\Logs\2015-05-01.txt
2015-05-09 07:08 - 2015-05-09 07:08 - 000018082 ____A [AF13383F5DA15E9A330424FE707C9535] () C:\ProgramData\WinClon\Logs\2015-05-09.txt
2015-05-10 22:40 - 2015-05-10 22:40 - 000017722 ____A [13F8E6AE21F402468EA6B22B3615D617] () C:\ProgramData\WinClon\Logs\2015-05-10.txt
2015-05-12 20:43 - 2015-05-12 20:44 - 000017902 ____A [A2E95A060228EC7A20F1358F8C458AB8] () C:\ProgramData\WinClon\Logs\2015-05-12.txt
2015-05-18 21:38 - 2015-05-18 22:07 - 000035442 ____A [F2E55A6BBB319AA85F0EB91A4BBB9A41] () C:\ProgramData\WinClon\Logs\2015-05-18.txt
2015-06-13 23:17 - 2015-06-13 23:17 - 000018082 ____A [837AFF7A1BDE0B96D0BD799C123E7F9D] () C:\ProgramData\WinClon\Logs\2015-06-13.txt
2015-06-26 23:00 - 2015-06-26 23:01 - 000017722 ____A [DDED5274FA77F3485806CFCD6D5B8805] () C:\ProgramData\WinClon\Logs\2015-06-26.txt
2015-07-03 19:23 - 2015-07-03 19:23 - 000017722 ____A [6C5A7064E34294676D5FAB8FCF85121C] () C:\ProgramData\WinClon\Logs\2015-07-03.txt
2015-07-17 07:13 - 2015-07-17 07:14 - 000017722 ____A [50A7164230FF049890C9F9DE4F011F27] () C:\ProgramData\WinClon\Logs\2015-07-17.txt
2015-07-23 07:05 - 2015-07-23 07:06 - 000018082 ____A [B2000AE63ED527F6048E63F63999605F] () C:\ProgramData\WinClon\Logs\2015-07-23.txt
2015-07-25 22:34 - 2015-07-25 22:34 - 000018082 ____A [F83F91E5EA8CD7F50678D6E48C3155C1] () C:\ProgramData\WinClon\Logs\2015-07-25.txt
2015-08-06 20:48 - 2015-08-06 20:51 - 000018082 ____A [905FE236CC19B8409D674C4F96FD841D] () C:\ProgramData\WinClon\Logs\2015-08-06.txt
2015-08-13 23:13 - 2015-08-13 23:14 - 000018082 ____A [77DDA531FFBC9E848651A8FA6F8B0BEB] () C:\ProgramData\WinClon\Logs\2015-08-13.txt
2015-08-17 23:07 - 2015-08-17 23:07 - 000017722 ____A [F93B65028C9F3101E23F263EE5251357] () C:\ProgramData\WinClon\Logs\2015-08-17.txt
2015-08-22 23:40 - 2015-08-22 23:41 - 000018082 ____A [DC2D8F8CCBD4AAAA7347EE223F689DF3] () C:\ProgramData\WinClon\Logs\2015-08-22.txt
2015-08-29 23:07 - 2015-08-29 23:07 - 000018082 ____A [2B5ABC52527488F2E30BFEA328EC345F] () C:\ProgramData\WinClon\Logs\2015-08-29.txt
2015-09-09 16:20 - 2015-09-09 16:20 - 000018262 ____A [E42E8FA9D3E83A8B0928E1719E3E03A4] () C:\ProgramData\WinClon\Logs\2015-09-09.txt
2015-09-17 17:12 - 2015-09-17 17:13 - 000018082 ____A [375477DDD9BD9E782597FCE21B850FAA] () C:\ProgramData\WinClon\Logs\2015-09-17.txt
2015-10-17 07:42 - 2015-10-17 22:03 - 000036162 ____A [4F75D01FEF756C542DCC5492AF86486E] () C:\ProgramData\WinClon\Logs\2015-10-17.txt
2015-10-25 11:29 - 2015-10-25 19:38 - 000035442 ____A [60D7E67C4D6AFBA2BC30BD16D93C94C7] () C:\ProgramData\WinClon\Logs\2015-10-25.txt
2015-10-29 16:15 - 2015-10-29 17:27 - 000036162 ____A [35F2CCC7288BEB5985E8C823C8F3B5BD] () C:\ProgramData\WinClon\Logs\2015-10-29.txt
2015-10-31 18:26 - 2015-10-31 18:32 - 000018082 ____A [D6746A663A843607EB9639A703B81212] () C:\ProgramData\WinClon\Logs\2015-10-31.txt
2015-11-13 16:06 - 2015-11-13 16:06 - 000017722 ____A [BFAD20A307FF66F64E530D822D3EB702] () C:\ProgramData\WinClon\Logs\2015-11-13.txt
2015-12-03 18:30 - 2015-12-03 18:33 - 000018082 ____A [27BB9792510B0E936353F77D667BA407] () C:\ProgramData\WinClon\Logs\2015-12-03.txt
2015-12-10 18:58 - 2015-12-10 19:00 - 000018082 ____A [DE0E12658CE46FE381040CEA2DBBED3C] () C:\ProgramData\WinClon\Logs\2015-12-10.txt
2015-12-11 23:10 - 2015-12-11 23:21 - 000022648 ____A [4390CA356BFFB0AF284791DD766113B2] () C:\ProgramData\WinClon\Logs\2015-12-11.txt
2015-12-12 02:18 - 2015-12-12 02:23 - 000018082 ____A [209356AC94AFEF35A78ABB836D2419FE] () C:\ProgramData\WinClon\Logs\2015-12-12.txt
2015-12-14 08:51 - 2015-12-14 08:52 - 000017722 ____A [35721D8E99DD5829BD4C64DB353CE3BE] () C:\ProgramData\WinClon\Logs\2015-12-14.txt
2015-12-25 12:19 - 2015-12-25 12:30 - 000017722 ____A [D4437C3D1F03219BC0342722F776567A] () C:\ProgramData\WinClon\Logs\2015-12-25.txt
2016-01-06 15:46 - 2016-01-06 15:47 - 000018262 ____A [A72C33A7583BBAFE71CB543209EF22C1] () C:\ProgramData\WinClon\Logs\2016-01-06.txt
2016-01-10 22:16 - 2016-01-10 22:24 - 000017722 ____A [E36E3969396327D6A62658F93358522A] () C:\ProgramData\WinClon\Logs\2016-01-10.txt
2016-01-13 13:56 - 2016-01-13 13:57 - 000018262 ____A [1067B193250665069FB3EA1DBD5ED63F] () C:\ProgramData\WinClon\Logs\2016-01-13.txt
2016-02-01 17:23 - 2016-02-01 17:24 - 000017722 ____A [55BCE99CCA5F2622765AD80668B65FA9] () C:\ProgramData\WinClon\Logs\2016-02-01.txt
2016-02-11 18:05 - 2016-02-11 18:05 - 000017872 ____A [6FBEB47FB3529FCF3CF59FAA2DE2D906] () C:\ProgramData\WinClon\Logs\2016-02-11.txt
2016-02-12 08:57 - 2016-02-12 09:02 - 000017722 ____A [E8FA6DF5D9436E7A522DEB7563F44C14] () C:\ProgramData\WinClon\Logs\2016-02-12.txt
2016-02-17 21:51 - 2016-02-18 00:31 - 000036522 ____A [3C240C984A7559DD2838872F0DDFA090] () C:\ProgramData\WinClon\Logs\2016-02-17.txt
2016-02-29 19:31 - 2016-02-29 19:31 - 000017722 ____A [BD6E22C06DF9618C92D7582C3851DD54] () C:\ProgramData\WinClon\Logs\2016-02-29.txt
2016-03-07 19:27 - 2016-03-07 19:28 - 000017722 ____A [29AB4C4AEEE98FAAF578EA29C412AE98] () C:\ProgramData\WinClon\Logs\2016-03-07.txt
2016-03-14 12:28 - 2016-03-14 12:28 - 000017722 ____A [E686FFA8684EDF48522A7E231AF2FF5C] () C:\ProgramData\WinClon\Logs\2016-03-14.txt
2016-04-13 18:23 - 2016-04-13 18:23 - 000018262 ____A [573B1B7A38050D3677D4967E1532C749] () C:\ProgramData\WinClon\Logs\2016-04-13.txt
2016-05-11 18:47 - 2016-05-11 18:48 - 000018262 ____A [936055E7DEF91209130B35D2D264DD83] () C:\ProgramData\WinClon\Logs\2016-05-11.txt
2016-06-16 06:32 - 2016-06-16 15:24 - 000036162 ____A [52A4859E5D88C49E9DD43DF13723FC91] () C:\ProgramData\WinClon\Logs\2016-06-16.txt
2016-06-18 22:57 - 2016-06-18 22:57 - 000018082 ____A [ED8D3A084789E0F905FFA807D81E571A] () C:\ProgramData\WinClon\Logs\2016-06-18.txt
2016-07-12 05:47 - 2016-07-12 05:47 - 000017902 ____A [1A814012427AAB001D6DD627ECF60E72] () C:\ProgramData\WinClon\Logs\2016-07-12.txt
2016-07-16 21:42 - 2016-07-16 21:43 - 000018082 ____A [351D5B43335C6BC489C4125DA80B2AE2] () C:\ProgramData\WinClon\Logs\2016-07-16.txt
2016-07-19 06:52 - 2016-07-19 06:52 - 000017902 ____A [7D10BF67AAE8E0E8CF70B530E2989E15] () C:\ProgramData\WinClon\Logs\2016-07-19.txt
2016-07-20 23:15 - 2016-07-20 23:22 - 000018262 ____A [36AA164759AA708CBCA89ADC21E236EF] () C:\ProgramData\WinClon\Logs\2016-07-20.txt
2016-07-28 07:43 - 2016-07-28 07:45 - 000038286 ____A [14B3ABC18D865405C68F1795307CADF4] () C:\ProgramData\WinClon\Logs\2016-07-28.txt
2016-07-30 22:30 - 2016-07-30 22:30 - 000019820 ____A [79C28D25B99E3DA5034815933BA24B5D] () C:\ProgramData\WinClon\Logs\2016-07-30.txt
2016-08-04 16:36 - 2016-08-04 16:40 - 000015664 ____A [453EF0778743360D8AEE9FFFBDD57492] () C:\ProgramData\WinClon\Logs\2016-08-04.txt
2016-08-17 16:01 - 2016-08-17 16:03 - 000014438 ____A [10B8EE123D6C6C9B87895BF09F0C6047] () C:\ProgramData\WinClon\Logs\2016-08-17.txt
2016-09-07 13:31 - 2016-09-07 19:02 - 000028874 ____A [266833EA5DE833543C331FB0D4BD27E0] () C:\ProgramData\WinClon\Logs\2016-09-07.txt
2016-09-17 21:27 - 2016-09-17 21:27 - 000014296 ____A [BDC07EB7DF95B548BB1AA342EC6E63FA] () C:\ProgramData\WinClon\Logs\2016-09-17.txt
2016-09-18 21:07 - 2016-09-18 21:07 - 000014012 ____A [23683766C96557D22FDE9F529560E8BD] () C:\ProgramData\WinClon\Logs\2016-09-18.txt
2016-09-20 20:33 - 2016-09-20 22:54 - 000043602 ____A [BD618320C1249E926980336385B201B2] () C:\ProgramData\WinClon\Logs\2016-09-20.txt
2016-10-13 18:05 - 2016-10-13 18:07 - 000014296 ____A [6C82DFDC5E8716821C7177F911D69B45] () C:\ProgramData\WinClon\Logs\2016-10-13.txt
2016-10-15 03:52 - 2016-10-15 03:53 - 000014296 ____A [6F79D89608D2AA23CC736069CF7635CB] () C:\ProgramData\WinClon\Logs\2016-10-15.txt
2016-10-28 06:59 - 2016-10-28 07:01 - 000014012 ____A [6D088FD750C871D51B0ADE4BE4EF49BE] () C:\ProgramData\WinClon\Logs\2016-10-28.txt
2016-11-04 23:02 - 2016-11-04 23:07 - 000014012 ____A [FD05A0F67CB9D117FEAAAD730D7971C6] () C:\ProgramData\WinClon\Logs\2016-11-04.txt
2016-11-10 16:17 - 2016-11-10 16:17 - 000014296 ____A [D7BEE8992A4C7234F18956977AF31EDB] () C:\ProgramData\WinClon\Logs\2016-11-10.txt
2016-11-22 22:57 - 2016-11-22 23:04 - 000014154 ____A [ADCC86B357FFC35A2BB151734BE9DED3] () C:\ProgramData\WinClon\Logs\2016-11-22.txt
2016-11-28 17:48 - 2016-11-28 17:49 - 000014012 ____A [FE9E0330D56F77BA9A3E7981252F88B9] () C:\ProgramData\WinClon\Logs\2016-11-28.txt
2016-12-15 01:33 - 2016-12-15 01:37 - 000014296 ____A [53CAEFCD7ADD77F670C52D1298A52BFC] () C:\ProgramData\WinClon\Logs\2016-12-15.txt
2016-12-28 01:00 - 2016-12-28 01:08 - 000014438 ____A [42C796B41AE4F50B38108E786A440970] () C:\ProgramData\WinClon\Logs\2016-12-28.txt
2017-01-21 21:38 - 2017-01-21 21:42 - 000014296 ____A [9A5F6A833775703BAF53D29DC157BFC9] () C:\ProgramData\WinClon\Logs\2017-01-21.txt
2017-01-23 15:58 - 2017-01-23 15:58 - 000014012 ____A [4F49696EA5A99F4EF5AD448691404E27] () C:\ProgramData\WinClon\Logs\2017-01-23.txt
2017-01-26 07:30 - 2017-01-26 07:34 - 000014296 ____A [D36CB63FFB7A332C06856F85766CEC7B] () C:\ProgramData\WinClon\Logs\2017-01-26.txt
2017-02-14 21:00 - 2017-02-14 21:04 - 000014154 ____A [9DE9E1F031C4C027A0513762A3069D14] () C:\ProgramData\WinClon\Logs\2017-02-14.txt
2017-02-23 23:37 - 2017-02-23 23:38 - 000014296 ____A [F7146F0169E7A2C48D3C13FD11B75591] () C:\ProgramData\WinClon\Logs\2017-02-23.txt
2017-02-26 13:36 - 2017-02-26 13:39 - 000014012 ____A [448B3D010ED1A084DF3CE811927FC2C1] () C:\ProgramData\WinClon\Logs\2017-02-26.txt
2017-03-01 16:03 - 2017-03-01 16:15 - 000028874 ____A [C837B34CCBE3CC6BF287E60FC4F3698D] () C:\ProgramData\WinClon\Logs\2017-03-01.txt
2017-03-14 19:15 - 2017-03-14 19:16 - 000014154 ____A [69A30FE53B0D8619E607D086F69A155A] () C:\ProgramData\WinClon\Logs\2017-03-14.txt
2017-03-21 19:57 - 2017-03-21 20:02 - 000014154 ____A [F8605D1F0CF628FB6A2C893200D22EB3] () C:\ProgramData\WinClon\Logs\2017-03-21.txt
2017-04-13 16:21 - 2017-04-13 16:22 - 000014296 ____A [CA5515B5EBDC976F4C68820F65A076F3] () C:\ProgramData\WinClon\Logs\2017-04-13.txt
2017-04-14 23:28 - 2017-04-14 23:31 - 000014012 ____A [55C675464301E54F738AC0E0E8335188] () C:\ProgramData\WinClon\Logs\2017-04-14.txt
2017-04-16 12:38 - 2017-04-16 12:39 - 000013842 ____A [15437578D58DEA6E45C9C463793ABEAC] () C:\ProgramData\WinClon\Logs\2017-04-16.txt
2017-05-04 20:11 - 2017-05-04 20:16 - 000014296 ____A [0B4AADFDD9F3856D725E18858D0BA123] () C:\ProgramData\WinClon\Logs\2017-05-04.txt
2017-05-10 17:00 - 2017-05-10 17:02 - 000014438 ____A [C041F07E606C83987EE3A1B22041B39D] () C:\ProgramData\WinClon\Logs\2017-05-10.txt
2017-05-20 20:53 - 2017-05-20 20:54 - 000014296 ____A [9F0124C8067DFBEF2B6B5D436328E2E4] () C:\ProgramData\WinClon\Logs\2017-05-20.txt
2017-05-24 17:59 - 2017-05-24 18:05 - 000014438 ____A [5855B717253D79B2C96846460E38257F] () C:\ProgramData\WinClon\Logs\2017-05-24.txt
2017-06-02 20:15 - 2017-06-02 20:16 - 000014012 ____A [1C89F19A612D59327FAF6F4D54C48D18] () C:\ProgramData\WinClon\Logs\2017-06-02.txt
2017-06-14 18:47 - 2017-06-14 18:47 - 000014438 ____A [7A905D9C0987BB6718E055F1AFC38F1E] () C:\ProgramData\WinClon\Logs\2017-06-14.txt
2017-07-12 18:39 - 2017-07-12 18:40 - 000014438 ____A [BDD8C61688F6048B2A5D5C1D908A94EC] () C:\ProgramData\WinClon\Logs\2017-07-12.txt
2017-08-10 05:48 - 2017-08-10 05:49 - 000014296 ____A [B784143DDB15CAABE91DDD1DAE03F2B3] () C:\ProgramData\WinClon\Logs\2017-08-10.txt
2017-09-13 19:00 - 2017-09-13 19:01 - 000014438 ____A [480E5043CD055DC894CE6AED1B5D8550] () C:\ProgramData\WinClon\Logs\2017-09-13.txt
2017-10-11 19:16 - 2017-10-11 19:16 - 000014438 ____A [DB4762D9E0FB070A6FBDB99C79132CEC] () C:\ProgramData\WinClon\Logs\2017-10-11.txt
2017-11-07 20:18 - 2017-11-07 20:19 - 000014154 ____A [2BDDF934D758AD9BD5460C9C44067738] () C:\ProgramData\WinClon\Logs\2017-11-07.txt
2017-11-15 18:29 - 2017-11-15 18:30 - 000014438 ____A [567F810FBE25E2C76D09D6595633450C] () C:\ProgramData\WinClon\Logs\2017-11-15.txt
2017-12-07 17:36 - 2017-12-07 17:37 - 000014296 ____A [B0E5B3B91815258A496B1449D057B07C] () C:\ProgramData\WinClon\Logs\2017-12-07.txt
2017-12-13 09:25 - 2017-12-13 09:27 - 000014438 ____A [AD371D071AEC827B19729286BBF53482] () C:\ProgramData\WinClon\Logs\2017-12-13.txt
2017-12-15 18:55 - 2017-12-15 18:56 - 000014012 ____A [4B9856817BD0D7BD39362D0958332FAA] () C:\ProgramData\WinClon\Logs\2017-12-15.txt
2017-12-29 18:55 - 2017-12-29 18:56 - 000014012 ____A [4A99281AE5D4AFD9137B5B7F44E4E7A2] () C:\ProgramData\WinClon\Logs\2017-12-29.txt
2018-01-11 09:18 - 2018-01-11 09:20 - 000014296 ____A [9933E2821AFDDD101FC8F0A0F57E725A] () C:\ProgramData\WinClon\Logs\2018-01-11.txt
2018-01-24 19:09 - 2018-01-24 20:00 - 000028874 ____A [9084FB9F02F5023C78A92C9A045ABB6C] () C:\ProgramData\WinClon\Logs\2018-01-24.txt
2018-02-13 23:25 - 2018-02-13 23:27 - 000014154 ____A [59D6F625842F60942CF9DE442732405C] () C:\ProgramData\WinClon\Logs\2018-02-13.txt
2018-02-25 19:26 - 2018-02-25 19:27 - 000014012 ____A [A0A97E037E192CAF658504110C5773E8] () C:\ProgramData\WinClon\Logs\2018-02-25.txt
2018-03-27 00:06 - 2018-03-27 00:18 - 000014154 ____A [228D0AEFAFE29A0D065B1B7EACEFC868] () C:\ProgramData\WinClon\Logs\2018-03-27.txt
2018-04-12 18:00 - 2018-04-12 18:01 - 000014296 ____A [B006D899E7EA3F7BF5963BE4043A2DDE] () C:\ProgramData\WinClon\Logs\2018-04-12.txt
2018-05-08 21:28 - 2018-05-08 21:29 - 000014154 ____A [21A2F20C4C3DE06C13B91E98E04287B6] () C:\ProgramData\WinClon\Logs\2018-05-08.txt
2018-05-24 18:26 - 2018-05-24 18:27 - 000014296 ____A [8420994086B795BD5682D7CA89623669] () C:\ProgramData\WinClon\Logs\2018-05-24.txt
2018-05-28 23:49 - 2018-05-28 23:50 - 000014012 ____A [52B3975DEAD56690FAC5FB5ADC334E1A] () C:\ProgramData\WinClon\Logs\2018-05-28.txt
2018-06-01 06:49 - 2018-06-01 06:51 - 000014012 ____A [C1E559FB036F55E8AA90AC3BCBCD9698] () C:\ProgramData\WinClon\Logs\2018-06-01.txt
2018-06-13 17:55 - 2018-06-13 17:56 - 000014438 ____A [92E6EAAF3C92712C09547A1EAD6D8C0F] () C:\ProgramData\WinClon\Logs\2018-06-13.txt
2018-07-10 18:08 - 2018-07-10 18:11 - 000014154 ____A [A045DA27EB97CB50830F279C2E87BF64] () C:\ProgramData\WinClon\Logs\2018-07-10.txt
2018-07-13 06:48 - 2018-07-13 18:37 - 000028022 ____A [D173A474490EDD36124EF5CD0123EA65] () C:\ProgramData\WinClon\Logs\2018-07-13.txt
2018-07-18 17:57 - 2018-07-18 17:58 - 000014438 ____A [B9493A9580F1AAB0B69AB1B250801B08] () C:\ProgramData\WinClon\Logs\2018-07-18.txt
2018-08-14 21:23 - 2018-08-14 21:25 - 000014154 ____A [4FA623F995204F2F566AC0FCDDA3D9E1] () C:\ProgramData\WinClon\Logs\2018-08-14.txt
2018-09-01 09:41 - 2018-09-01 09:42 - 000014296 ____A [301F8C615BFAB4F32E4C92D138BF8CC7] () C:\ProgramData\WinClon\Logs\2018-09-01.txt
2018-09-12 17:52 - 2018-09-12 17:54 - 000014438 ____A [15E9C23CBEB2026FB0B00E756C72B605] () C:\ProgramData\WinClon\Logs\2018-09-12.txt
2018-10-09 18:11 - 2018-10-09 18:13 - 000014154 ____A [A14C185181209BC3F4CC6607F1789D3D] () C:\ProgramData\WinClon\Logs\2018-10-09.txt
2018-10-21 05:55 - 2018-10-21 05:58 - 000014012 ____A [4C12D528A2F8BA780F11551EDBA02549] () C:\ProgramData\WinClon\Logs\2018-10-21.txt
2018-11-14 18:45 - 2018-11-14 18:56 - 000014438 ____A [DE0E3C017BA2044817C6C2FA85F59696] () C:\ProgramData\WinClon\Logs\2018-11-14.txt
2018-11-21 23:50 - 2018-11-22 00:01 - 000014438 ____A [323DA9435749D4593E2D6220A27F592E] () C:\ProgramData\WinClon\Logs\2018-11-21.txt
2018-11-28 07:54 - 2018-11-28 07:56 - 000014438 ____A [31E01FF926C8FCC72BA4488376E1A9C2] () C:\ProgramData\WinClon\Logs\2018-11-28.txt
2018-12-13 00:23 - 2018-12-13 00:24 - 000014438 ____A [6D6177F64DCD05231FD7DF89DA9ED534] () C:\ProgramData\WinClon\Logs\2018-12-12.txt
2018-12-13 18:46 - 2018-12-13 18:48 - 000014296 ____A [2FBEAB15F83B5DBC12DF2349C4F81221] () C:\ProgramData\WinClon\Logs\2018-12-13.txt
2018-12-20 18:49 - 2018-12-20 19:01 - 000014296 ____A [B362DB000B452F60B1ADAA89E4BE1669] () C:\ProgramData\WinClon\Logs\2018-12-20.txt
2019-01-09 19:00 - 2019-01-09 19:03 - 000014438 ____A [5A2BC15FF087656BAD5EC6E9C178B990] () C:\ProgramData\WinClon\Logs\2019-01-09.txt
2019-01-10 18:49 - 2019-01-10 18:51 - 000014296 ____A [8A9C5D89966C63F75606EC25073CD47A] () C:\ProgramData\WinClon\Logs\2019-01-10.txt
2019-02-12 18:55 - 2019-02-12 19:01 - 000014154 ____A [4A05461C5C8BFB9D9CF469562F5842F3] () C:\ProgramData\WinClon\Logs\2019-02-12.txt
2019-02-14 20:20 - 2019-02-14 20:24 - 000014296 ____A [9CF3F888CA2B18A8529E8DE446D55E64] () C:\ProgramData\WinClon\Logs\2019-02-14.txt
2019-03-01 18:54 - 2019-03-01 19:03 - 000014012 ____A [DF007391A8507DA814FC3F5E837B7138] () C:\ProgramData\WinClon\Logs\2019-03-01.txt
2019-03-13 18:01 - 2019-03-13 18:05 - 000014438 ____A [0348503E7DDAE73DF67DB0A69469E8F7] () C:\ProgramData\WinClon\Logs\2019-03-13.txt
2019-03-19 17:42 - 2019-03-19 17:48 - 000014154 ____A [EC407B64BEAD4C50EF730F6A76F9CB6E] () C:\ProgramData\WinClon\Logs\2019-03-19.txt
2019-04-04 20:24 - 2019-04-04 20:31 - 000014296 ____A [D7686898B3820D001D7C2A9742E58249] () C:\ProgramData\WinClon\Logs\2019-04-04.txt
2019-04-09 23:31 - 2019-04-09 23:33 - 000014154 ____A [0A2DED5EC6177EED0A7A30BD980BCB10] () C:\ProgramData\WinClon\Logs\2019-04-09.txt
2019-04-28 12:44 - 2019-04-28 12:47 - 000014012 ____A [7961A95E553391B8511BCCAFB8BC5AFD] () C:\ProgramData\WinClon\Logs\2019-04-28.txt
2019-04-30 23:02 - 2019-04-30 23:09 - 000014154 ____A [318A96598E8A70A6B81A67898BEC79B0] () C:\ProgramData\WinClon\Logs\2019-04-30.txt
2019-05-15 18:24 - 2019-05-15 18:34 - 000014438 ____A [3038174DEBC8DB76A978C30205525C8B] () C:\ProgramData\WinClon\Logs\2019-05-15.txt
2019-05-29 18:57 - 2019-05-29 19:08 - 000014438 ____A [A43CC35FCCBD56A6D830EAF3B2331DA1] () C:\ProgramData\WinClon\Logs\2019-05-29.txt
2019-06-11 18:14 - 2019-06-11 18:16 - 000014154 ____A [1DD68D47ACBF1AA30A0ED53B229E348D] () C:\ProgramData\WinClon\Logs\2019-06-11.txt
2019-06-14 05:26 - 2019-06-14 05:27 - 000014012 ____A [282E8C01402051FA194363D5AE952113] () C:\ProgramData\WinClon\Logs\2019-06-14.txt
2019-07-10 17:56 - 2019-07-10 18:03 - 000014438 ____A [0D39555DF6F5EFCBA9AC4955C605C2CA] () C:\ProgramData\WinClon\Logs\2019-07-10.txt
2019-07-23 22:51 - 2019-07-23 22:57 - 000014154 ____A [146F4DC7C5935C0907DF7D76F17E5C31] () C:\ProgramData\WinClon\Logs\2019-07-23.txt
2019-07-25 21:42 - 2019-07-25 21:52 - 000001380 ____A [E7D5B941681DAD58D5F4DDA407AB5096] () C:\ProgramData\WinClon\Logs\2019-07-25.txt
2012-09-19 17:02 - 2015-12-11 23:26 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\WinClon\OSBoot
2012-09-19 17:02 - 2015-12-11 23:26 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\WinClon\OSBoot\Win8
2012-09-19 17:02 - 2015-12-11 23:26 - 000000000 _RSHD [00000000000000000000000000000000] () C:\ProgramData\WinClon\OSBoot\Win8\EFI
2012-09-19 17:02 - 2012-09-19 17:02 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\WinClon\OSBoot\Win8\EFI\Boot
2012-09-19 17:02 - 2012-07-25 22:57 - 001354480 ____A [87B6D22295A16073D8D456FC574441A8] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Boot\bootx64.efi
2012-09-19 17:02 - 2015-12-11 23:26 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft
2012-09-19 17:02 - 2015-12-12 00:02 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot
2012-09-19 17:02 - 2012-09-19 17:01 - 000045056 ____A [1AA0A097AA79C6827B073CC1BF15B88B] () C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\BCD
2012-09-19 17:02 - 2012-09-18 20:15 - 000036864 __ASH [0CD8EFAA25BBFE350F1A9DB225EE59A0] () C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\BCD.LOG
2012-09-19 17:02 - 2012-09-18 20:15 - 000000000 __ASH [D41D8CD98F00B204E9800998ECF8427E] () C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\BCD.LOG1
2012-09-19 17:02 - 2012-09-18 20:15 - 000000000 __ASH [D41D8CD98F00B204E9800998ECF8427E] () C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\BCD.LOG2
2012-09-19 17:02 - 2012-06-26 20:05 - 000004186 ____A [777C117E61DE98CB008C654382427296] () C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\boot.stl
2012-09-19 17:02 - 2012-07-25 22:57 - 001354480 ____A [87B6D22295A16073D8D456FC574441A8] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\bootmgfw.efi
2012-09-19 17:02 - 2012-07-25 22:57 - 001350896 ____A [BB971A4A02185961543C7903473A6680] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\bootmgr.efi
2012-09-19 17:02 - 2012-09-18 20:15 - 000065536 __ASH [C90ECA9ABB07965BD445CEE80C8688B7] () C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\BOOTSTAT.DAT
2012-09-19 17:02 - 2012-07-25 22:57 - 001263856 ____A [64E555D7C5B6B39CCF1FFC6570EBC886] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\memtest.efi
2012-09-19 17:02 - 2015-12-12 00:03 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\bg-BG
2012-09-19 17:02 - 2012-07-25 22:56 - 000077040 ____A [B04D19600DCEC1066298DA640EEA676E] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\bg-BG\bootmgfw.efi.mui
2012-09-19 17:02 - 2012-07-25 22:56 - 000077040 ____A [902A1C43BF451C9E1A9A5DCBFADD0547] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\bg-BG\bootmgr.efi.mui
2012-09-19 17:02 - 2015-12-12 00:03 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\cs-CZ
2012-09-19 17:02 - 2012-07-25 22:56 - 000076016 ____A [FF72DEB16A3C6F1FAC4A67DCBD34DF3B] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\cs-CZ\bootmgfw.efi.mui
2012-09-19 17:02 - 2012-07-25 22:56 - 000076016 ____A [E74CAE4DC7809C4BA8414B348A27FF5C] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\cs-CZ\bootmgr.efi.mui
2012-09-19 17:02 - 2012-07-25 22:56 - 000045296 ____A [F3D4A5E327F39A33014916A38841EFBC] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\cs-CZ\memtest.efi.mui
2012-09-19 17:02 - 2015-12-12 00:03 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\da-DK
2012-09-19 17:02 - 2012-07-25 22:56 - 000075504 ____A [4148F12B828B6B6BA1B17C47E0567385] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\da-DK\bootmgfw.efi.mui
2012-09-19 17:02 - 2012-07-25 22:56 - 000075504 ____A [33F6FE1A672769D964CCDC58BC9AB621] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\da-DK\bootmgr.efi.mui
2012-09-19 17:02 - 2012-07-25 22:56 - 000045296 ____A [1CC3520F8A40FD5F72E0132D64E82CC8] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\da-DK\memtest.efi.mui
2012-09-19 17:02 - 2015-12-12 00:03 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\de-DE
2012-09-19 17:02 - 2012-07-25 22:56 - 000078576 ____A [E89DEC628A945D07C1B850190FCC0617] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\de-DE\bootmgfw.efi.mui
2012-09-19 17:02 - 2012-07-25 22:56 - 000078576 ____A [DEF65FDE792D625D9E98CFAC39A8B8AC] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\de-DE\bootmgr.efi.mui
2012-09-19 17:02 - 2012-07-25 22:56 - 000045808 ____A [5B9482085149ADB8DFDB8741896F6E11] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\de-DE\memtest.efi.mui
2012-09-19 17:02 - 2015-12-12 00:03 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\el-GR
2012-09-19 17:02 - 2012-07-25 22:56 - 000079600 ____A [8D6DDAD219BAEC2E3A7E5D6831FD83A3] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\el-GR\bootmgfw.efi.mui
2012-09-19 17:02 - 2012-07-25 22:56 - 000079600 ____A [4A8514300937ED4A6533738D75312282] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\el-GR\bootmgr.efi.mui
2012-09-19 17:02 - 2012-07-25 22:56 - 000046320 ____A [F1AC9334B2F307DAB687DDA421867548] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\el-GR\memtest.efi.mui
2012-09-19 17:02 - 2015-12-12 00:03 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\en-GB
2012-09-19 17:02 - 2012-07-25 22:56 - 000073456 ____A [EEF707C0DB6573E00EBF0066FE7C6AA1] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\en-GB\bootmgfw.efi.mui
2012-09-19 17:02 - 2012-07-25 22:56 - 000073456 ____A [F99A2A002E008F99276A38F4C20AC2F4] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\en-GB\bootmgr.efi.mui
2012-09-19 17:02 - 2015-12-12 00:03 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\en-US
2012-09-19 17:02 - 2012-07-25 22:56 - 000073456 ____A [E39C35808277643ABB78B3DFF49BBA01] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\en-US\bootmgfw.efi.mui
2012-09-19 17:02 - 2012-07-25 22:56 - 000073456 ____A [1CE1120BE654207C3F34CBD3EC3DEA03] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\en-US\bootmgr.efi.mui
2012-09-19 17:02 - 2012-07-25 22:56 - 000045296 ____A [C83D6FC2A9CEE3D741724279A998C36F] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\en-US\memtest.efi.mui
2012-09-19 17:02 - 2015-12-12 00:03 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\es-ES
2012-09-19 17:02 - 2012-07-25 22:56 - 000077040 ____A [B559BBC0278AF4F37D614BD96A01DE6C] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\es-ES\bootmgfw.efi.mui
2012-09-19 17:02 - 2012-07-25 22:56 - 000077040 ____A [3AC0899B5248A3350240741D438F25DF] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\es-ES\bootmgr.efi.mui
2012-09-19 17:02 - 2012-07-25 22:56 - 000045808 ____A [44FD42723C43AF79FFB5DC2327F1F919] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\es-ES\memtest.efi.mui
2012-09-19 17:02 - 2015-12-12 00:03 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\et-EE
2012-09-19 17:02 - 2012-07-25 22:56 - 000074480 ____A [3D7A01C5BE178107B01B22DC90BB1729] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\et-EE\bootmgfw.efi.mui
2012-09-19 17:02 - 2012-07-25 22:56 - 000074480 ____A [800D9E7FE9B5A812A05829D72CBD9B4C] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\et-EE\bootmgr.efi.mui
2012-09-19 17:02 - 2015-12-12 00:03 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\fi-FI
2012-09-19 17:02 - 2012-07-25 22:56 - 000076528 ____A [7AFFD4008BF749CE1E55A35C2FC9BDA6] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\fi-FI\bootmgfw.efi.mui
2012-09-19 17:02 - 2012-07-25 22:56 - 000076528 ____A [CA4934032D53D74FB479BEB04330EB31] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\fi-FI\bootmgr.efi.mui
2012-09-19 17:02 - 2012-07-25 22:56 - 000045296 ____A [2D6FB05BB82340E8BEE6B7479268BB9F] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\fi-FI\memtest.efi.mui
2012-09-19 17:02 - 2015-12-12 00:03 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\Fonts
2012-09-19 17:02 - 2012-06-02 08:31 - 003694080 ____A [CEC569AA88293C3711AB8CE68523227E] () C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\Fonts\chs_boot.ttf
2012-09-19 17:02 - 2012-06-02 08:31 - 003876772 ____A [409CAA06620BFD1EC6D6B10F0A67E428] () C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\Fonts\cht_boot.ttf
2012-09-19 17:02 - 2012-06-02 08:31 - 001984228 ____A [27B5282821B61D8C6678FC577E9C1E73] () C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\Fonts\jpn_boot.ttf
2012-09-19 17:02 - 2012-06-02 08:31 - 002371360 ____A [FE9445AF8AC72E14F172A12EDF525494] () C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\Fonts\kor_boot.ttf
2012-09-19 17:02 - 2012-06-02 08:31 - 000168212 ____A [5A8ED2F52757D1CA0E83AB32CA50B123] () C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\Fonts\malgun_boot.ttf
2012-09-19 17:02 - 2012-06-02 08:31 - 000165764 ____A [E5214C50FB1D3BEFEA8805D61F60955B] () C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\Fonts\malgunn_boot.ttf
2012-09-19 17:02 - 2012-06-02 08:31 - 000134508 ____A [2AFB38E581871943363481CFC7E7AA73] () C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\Fonts\meiryo_boot.ttf
2012-09-19 17:02 - 2012-06-02 08:31 - 000132888 ____A [625F25CF2DDBB5D86B6406CFA414B986] () C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\Fonts\meiryon_boot.ttf
2012-09-19 17:02 - 2012-06-02 08:31 - 000154896 ____A [D5D815D42B5C9CC5B6F810ECB76E04CB] () C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\Fonts\msjh_boot.ttf
2012-09-19 17:02 - 2012-06-02 08:31 - 000152892 ____A [FF6A0FD77852E248E88C0113AB444A85] () C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\Fonts\msjhn_boot.ttf
2012-09-19 17:02 - 2012-06-02 08:31 - 000146228 ____A [48A70E0BCC3A92F643A20162D6B3A8B2] () C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\Fonts\msyh_boot.ttf
2012-09-19 17:02 - 2012-06-02 08:31 - 000142124 ____A [31135800CFA33B5F02467C3983D960C9] () C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\Fonts\msyhn_boot.ttf
2012-09-19 17:02 - 2012-06-02 08:31 - 000036020 ____A [0D6C704126891B79C4BFC5358D16D457] () C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\Fonts\segmono_boot.ttf
2012-09-19 17:02 - 2012-06-02 08:31 - 000077404 ____A [7C66A9789B235EE0670EF9E90BB999A9] () C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\Fonts\segoe_slboot.ttf
2012-09-19 17:02 - 2012-06-02 08:31 - 000077088 ____A [B9E2A44123C4DBE262F42693D1D11BBD] () C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\Fonts\segoen_slboot.ttf
2012-09-19 17:02 - 2012-06-02 08:31 - 000047452 ____A [D5CED633BF8446A3315EC58CD60148C1] () C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\Fonts\wgl4_boot.ttf
2012-09-19 17:02 - 2015-12-12 00:03 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\fr-FR
2012-09-19 17:02 - 2012-07-25 22:56 - 000078576 ____A [0E1DCC0E0A9DE450B68FF74E2D4BCCBD] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\fr-FR\bootmgfw.efi.mui
2012-09-19 17:02 - 2012-07-25 22:56 - 000078576 ____A [3777A238E4018E9973044F87056CB5B9] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\fr-FR\bootmgr.efi.mui
2012-09-19 17:02 - 2012-07-25 22:56 - 000045808 ____A [DE1D3D13250D03441DA1E670D7492FC5] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\fr-FR\memtest.efi.mui
2012-09-19 17:02 - 2015-12-12 00:03 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\hr-HR
2012-09-19 17:02 - 2012-07-25 22:56 - 000076016 ____A [3016095FC9B20FDE58BD5BC1B4711387] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\hr-HR\bootmgfw.efi.mui
2012-09-19 17:02 - 2012-07-25 22:56 - 000076016 ____A [93ABBD1CB8D485FCB6AB9F6050EB6FE3] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\hr-HR\bootmgr.efi.mui
2012-09-19 17:02 - 2015-12-12 00:03 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\hu-HU
2012-09-19 17:02 - 2012-07-25 22:56 - 000078064 ____A [B1E87423EAC9A466FA72846E5CEC1E5C] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\hu-HU\bootmgfw.efi.mui
2012-09-19 17:02 - 2012-07-25 22:56 - 000078064 ____A [A83C25DEC6C5C1207542345065440657] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\hu-HU\bootmgr.efi.mui
2012-09-19 17:02 - 2012-07-25 22:56 - 000045808 ____A [654B23C8D3CCC8898532D012C749FA92] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\hu-HU\memtest.efi.mui
2012-09-19 17:02 - 2015-12-12 00:03 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\it-IT
2012-09-19 17:02 - 2012-07-25 22:56 - 000076528 ____A [D0419078F2D0BDE0D244F3F311287261] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\it-IT\bootmgfw.efi.mui
2012-09-19 17:02 - 2012-07-25 22:56 - 000076528 ____A [FA323E3398E253AE517A2F7DD56140EB] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\it-IT\bootmgr.efi.mui
2012-09-19 17:02 - 2012-07-25 22:56 - 000045296 ____A [D3033D08F226105213AA4904D61739BE] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\it-IT\memtest.efi.mui
2012-09-19 17:02 - 2015-12-12 00:03 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\ja-JP
2012-09-19 17:02 - 2012-07-25 22:56 - 000067312 ____A [1E59AAF86D146ADFEA922C6AA640101D] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\ja-JP\bootmgfw.efi.mui
2012-09-19 17:02 - 2012-07-25 22:56 - 000067312 ____A [C8969E769777EC9AC955BABC6B1795B8] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\ja-JP\bootmgr.efi.mui
2012-09-19 17:02 - 2012-07-25 22:56 - 000042736 ____A [106B55AAE5188802A6DF4DA3B382EEF3] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\ja-JP\memtest.efi.mui
2012-09-19 17:02 - 2015-12-12 00:03 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\ko-KR
2012-09-19 17:02 - 2012-07-25 22:56 - 000066800 ____A [7F44EBDDCB4997EF51660F6856B0B493] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\ko-KR\bootmgfw.efi.mui
2012-09-19 17:02 - 2012-07-25 22:56 - 000066800 ____A [01173700F8945C812AE73C0CB8EAE261] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\ko-KR\bootmgr.efi.mui
2012-09-19 17:02 - 2012-07-25 22:56 - 000042736 ____A [1E100AB5E91035C019D7F249A94328B1] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\ko-KR\memtest.efi.mui
2012-09-19 17:02 - 2015-12-12 00:03 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\lt-LT
2012-09-19 17:02 - 2012-07-25 22:56 - 000075504 ____A [0C17F7DBE3D40390D2D637F3C11EDAC0] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\lt-LT\bootmgfw.efi.mui
2012-09-19 17:02 - 2012-07-25 22:56 - 000075504 ____A [6CC4F383044E92211DE1B823CB27EA95] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\lt-LT\bootmgr.efi.mui
2012-09-19 17:02 - 2015-12-12 00:03 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\lv-LV
2012-09-19 17:02 - 2012-07-25 22:56 - 000074992 ____A [681E0A22BAEDA9AB5959333C9389C161] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\lv-LV\bootmgfw.efi.mui
2012-09-19 17:02 - 2012-07-25 22:56 - 000074992 ____A [089F6163D19271E61E4E5F2AA7D8D4FB] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\lv-LV\bootmgr.efi.mui
2012-09-19 17:02 - 2015-12-12 00:03 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\nb-NO
2012-09-19 17:02 - 2012-07-25 22:56 - 000074992 ____A [810272C4AB8DC2D05DB7C5347D56018A] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\nb-NO\bootmgfw.efi.mui
2012-09-19 17:02 - 2012-07-25 22:56 - 000074984 ____A [B5DC7B8950D33A1AC11467A1DF49C9F2] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\nb-NO\bootmgr.efi.mui
2012-09-19 17:02 - 2012-07-25 22:56 - 000045808 ____A [44EA2FEA687F3FD4A1580217D915F860] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\nb-NO\memtest.efi.mui
2012-09-19 17:02 - 2015-12-12 00:03 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\nl-NL
2012-09-19 17:02 - 2012-07-25 22:56 - 000077552 ____A [415435E980DAE9A2DD0BBBBC2D17F305] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\nl-NL\bootmgfw.efi.mui
2012-09-19 17:02 - 2012-07-25 22:56 - 000077552 ____A [CE0901E6DC4ECC1D4ED87D5D6581979B] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\nl-NL\bootmgr.efi.mui
2012-09-19 17:02 - 2012-07-25 22:56 - 000045296 ____A [F75ECC231393F15D24275AF9063B954C] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\nl-NL\memtest.efi.mui
2012-09-19 17:02 - 2015-12-12 00:03 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\pl-PL
2012-09-19 17:02 - 2012-07-25 22:56 - 000077552 ____A [55A1D0B45CCC51FAD0B90D706469AAA0] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\pl-PL\bootmgfw.efi.mui
2012-09-19 17:02 - 2012-07-25 22:56 - 000077552 ____A [8B3387B3811A776BF050D762ADFEBD9A] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\pl-PL\bootmgr.efi.mui
2012-09-19 17:02 - 2012-07-25 22:56 - 000045808 ____A [FD1D75298250C7F6C2F25114F9A91387] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\pl-PL\memtest.efi.mui
2012-09-19 17:02 - 2015-12-12 00:03 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\pt-BR
2012-09-19 17:02 - 2012-07-25 22:56 - 000076016 ____A [1C3696796E82576F9C9B35AEC0027A61] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\pt-BR\bootmgfw.efi.mui
2012-09-19 17:02 - 2012-07-25 22:56 - 000076016 ____A [30163F0A81653A9CC3E405CFC3875D30] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\pt-BR\bootmgr.efi.mui
2012-09-19 17:02 - 2012-07-25 22:56 - 000045296 ____A [902601D79F46258CE07A8406DA2EF176] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\pt-BR\memtest.efi.mui
2012-09-19 17:02 - 2015-12-12 00:03 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\pt-PT
2012-09-19 17:02 - 2012-07-25 22:56 - 000076528 ____A [97A7340B6DA922E532B353B5EA65964D] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\pt-PT\bootmgfw.efi.mui
2012-09-19 17:02 - 2012-07-25 22:56 - 000076528 ____A [8672E8718878ECC2BEB6CD744F5DBC5E] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\pt-PT\bootmgr.efi.mui
2012-09-19 17:02 - 2012-07-25 22:56 - 000045808 ____A [45DC26CC135B90B83A7F190FBB84AA69] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\pt-PT\memtest.efi.mui
2012-09-19 17:02 - 2015-12-12 00:03 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\qps-ploc
2012-09-19 17:02 - 2012-07-25 22:56 - 000073456 ____A [51E9DCF48D0BD7F54941B5CCC8622D7A] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\qps-ploc\bootmgfw.efi.mui
2012-09-19 17:02 - 2012-07-25 22:56 - 000073456 ____A [12E3EE6912EAE254E1AD23D90718A873] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\qps-ploc\bootmgr.efi.mui
2012-09-19 17:02 - 2012-07-25 22:56 - 000045296 ____A [2A11C60FB69C1A92C97B228FEAF6BBA3] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\qps-ploc\memtest.efi.mui
2012-09-19 17:02 - 2015-12-12 00:03 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\Resources
2012-09-19 17:02 - 2012-07-25 22:57 - 000018160 ____A [65DD7E103A0879A48FB9DC0595B02094] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\Resources\bootres.dll
2012-09-19 17:02 - 2015-12-12 00:03 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\Resources\en-US
2012-09-19 17:02 - 2012-07-26 01:50 - 000011504 ____A [D135F3A1AB01A5C202CE240A26FC0E4F] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\Resources\en-US\bootres.dll.mui
2012-09-19 17:02 - 2015-12-12 00:03 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\Resources\es-ES
2012-09-19 17:02 - 2012-09-18 20:20 - 000011504 ____A [90FED295B3A24CE622EB6BE1ADD96C31] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\Resources\es-ES\bootres.dll.mui
2012-09-19 17:02 - 2015-12-12 00:03 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\Resources\fr-FR
2012-09-19 17:02 - 2012-09-18 20:26 - 000011504 ____A [ADD9BF2E048E93E31FB158BF6E8386B3] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\Resources\fr-FR\bootres.dll.mui
2012-09-19 17:02 - 2015-12-12 00:03 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\ro-RO
2012-09-19 17:02 - 2012-07-25 22:56 - 000075504 ____A [8BAC4FAECB44F33F01275D42388C32DC] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\ro-RO\bootmgfw.efi.mui
2012-09-19 17:02 - 2012-07-25 22:56 - 000075504 ____A [A72DE501D5876FF6C3FF63BE088DA015] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\ro-RO\bootmgr.efi.mui
2012-09-19 17:02 - 2015-12-12 00:03 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\ru-RU
2012-09-19 17:02 - 2012-07-25 22:56 - 000076528 ____A [D1E06D5C0CDF9FF6447620F4C8352B69] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\ru-RU\bootmgfw.efi.mui
2012-09-19 17:02 - 2012-07-25 22:56 - 000076528 ____A [22CC84FB0CFBD3CA874FECDA4D1162CE] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\ru-RU\bootmgr.efi.mui
2012-09-19 17:02 - 2012-07-25 22:56 - 000044784 ____A [9A9FF8AAC6F16B04528219C9CD19743E] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\ru-RU\memtest.efi.mui
2012-09-19 17:02 - 2015-12-12 00:03 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\sk-SK
2012-09-19 17:02 - 2012-07-25 22:56 - 000076528 ____A [8811A130E4FA220535C0F700D304397A] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\sk-SK\bootmgfw.efi.mui
2012-09-19 17:02 - 2012-07-25 22:56 - 000076528 ____A [D00D425E444B0D30F9C018181097D1F1] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\sk-SK\bootmgr.efi.mui
2012-09-19 17:02 - 2015-12-12 00:03 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\sl-SI
2012-09-19 17:02 - 2012-07-25 22:56 - 000076016 ____A [B071B8254EB3B9B1BFEEA0DB71175AC8] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\sl-SI\bootmgfw.efi.mui
2012-09-19 17:02 - 2012-07-25 22:56 - 000076016 ____A [F9A9D147CEB3D3A642CDB23318992ED9] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\sl-SI\bootmgr.efi.mui
2012-09-19 17:02 - 2015-12-12 00:03 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\sr-Latn-CS
2012-09-19 17:02 - 2012-07-25 22:56 - 000076528 ____A [879B1CEAAFD46DC9E9929522F5F86AB9] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\sr-Latn-CS\bootmgfw.efi.mui
2012-09-19 17:02 - 2012-07-25 22:56 - 000076528 ____A [CDC96A8F267BF729033D436BC1D276FA] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\sr-Latn-CS\bootmgr.efi.mui
2012-09-19 17:02 - 2015-12-12 00:03 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\sv-SE
2012-09-19 17:02 - 2012-07-25 22:56 - 000076016 ____A [C1C5A83E552F96164364E977D0ADCBB2] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\sv-SE\bootmgfw.efi.mui
2012-09-19 17:02 - 2012-07-25 22:56 - 000076016 ____A [575AD69313D90B6CA9C5597F60D3F882] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\sv-SE\bootmgr.efi.mui
2012-09-19 17:02 - 2012-07-25 22:56 - 000045296 ____A [6FAA5796BE8C9147FF969F21FCF6B033] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\sv-SE\memtest.efi.mui
2012-09-19 17:02 - 2015-12-12 00:03 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\tr-TR
2012-09-19 17:02 - 2012-07-25 22:56 - 000074992 ____A [09D17374C1DCF53AD5B8023CB73257B2] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\tr-TR\bootmgfw.efi.mui
2012-09-19 17:02 - 2012-07-25 22:56 - 000074992 ____A [FD217BBE37501A1D27BD9E01F8AAB4AC] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\tr-TR\bootmgr.efi.mui
2012-09-19 17:02 - 2012-07-25 22:56 - 000045296 ____A [68263E6814856DFF4E0FF25151C6317F] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\tr-TR\memtest.efi.mui
2012-09-19 17:02 - 2015-12-12 00:03 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\uk-UA
2012-09-19 17:02 - 2012-07-25 22:56 - 000076528 ____A [18E70A6260CB4DA4D0E920D73E60BC7C] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\uk-UA\bootmgfw.efi.mui
2012-09-19 17:02 - 2012-07-25 22:56 - 000076528 ____A [906B7439C8D0C9B2439B1368FA89AF5C] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\uk-UA\bootmgr.efi.mui
2012-09-19 17:02 - 2015-12-12 00:03 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\zh-CN
2012-09-19 17:02 - 2012-07-25 22:56 - 000063728 ____A [33A1F3CDC35DD4FC4B514B18D0F5AF2F] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\zh-CN\bootmgfw.efi.mui
2012-09-19 17:02 - 2012-07-25 22:56 - 000063728 ____A [DF75BBF8680F57C47DB2826C826BA7B9] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\zh-CN\bootmgr.efi.mui
2012-09-19 17:02 - 2012-07-25 22:56 - 000042224 ____A [BF25B7DC7D793B808EFEF9A12CAE60F3] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\zh-CN\memtest.efi.mui
2012-09-19 17:02 - 2015-12-12 00:03 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\zh-HK
2012-09-19 17:02 - 2012-07-25 22:56 - 000063728 ____A [9DAB6798E369E8D9EC6C6A12A0E090AD] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\zh-HK\bootmgfw.efi.mui
2012-09-19 17:02 - 2012-07-25 22:56 - 000063728 ____A [67A8A603D61FA7DFCC62E7B5B16ACC8B] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\zh-HK\bootmgr.efi.mui
2012-09-19 17:02 - 2012-07-25 22:56 - 000042224 ____A [98E1A389B139021E5D4483A28F9CF2BC] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\zh-HK\memtest.efi.mui
2012-09-19 17:02 - 2015-12-12 00:03 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\zh-TW
2012-09-19 17:02 - 2012-07-25 22:56 - 000063728 ____A [F583B91C1E390525DC2B55ACF6E07A0D] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\zh-TW\bootmgfw.efi.mui
2012-09-19 17:02 - 2012-07-25 22:56 - 000063728 ____A [FF22DC09C09F1355716CB91EFCC6851A] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\zh-TW\bootmgr.efi.mui
2012-09-19 17:02 - 2012-07-25 22:56 - 000042224 ____A [C425F86BC1F07FD493A875D9EDCF88F9] (Microsoft Corporation) C:\ProgramData\WinClon\OSBoot\Win8\EFI\Microsoft\Boot\zh-TW\memtest.efi.mui
2012-09-19 17:02 - 2012-09-19 17:02 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\WinClon\OSRE
2012-09-19 17:02 - 2012-09-19 17:02 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\WinClon\OSRE\Win8
2012-09-19 17:02 - 2012-09-19 17:02 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\WinClon\OSRE\Win8\Recovery
2012-09-19 17:02 - 2012-09-19 17:02 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\WinClon\OSRE\Win8\Recovery\WindowsRE
2012-09-19 17:02 - 2012-08-19 05:26 - 301170761 __ASH [D41D8CD98F00B204E9800998ECF8427E] () C:\ProgramData\WinClon\OSRE\Win8\Recovery\WindowsRE\winre.wim
2013-03-28 11:54 - 2013-03-28 11:54 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\WinClon\Preview
2013-03-28 11:54 - 2013-03-28 11:54 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\WinClon\Preview\395404627300105
2013-03-28 11:54 - 2012-09-19 17:11 - 000000078 ____A [F1D2FFCBFB7357EE928B13E22D1CF699] () C:\ProgramData\WinClon\Preview\395404627300105\BackDate.txt
2013-03-28 11:54 - 2012-09-19 17:11 - 000000002 ____A [F3B25701FE362EC84616A93A45CE9998] () C:\ProgramData\WinClon\Preview\395404627300105\Desktop.txt
2013-03-28 11:54 - 2012-09-19 17:11 - 000000751 ____A [E08CE12628235FBA89846E2F4084AFC7] () C:\ProgramData\WinClon\Preview\395404627300105\Pro_0.bmp
2013-03-28 11:54 - 2012-09-19 17:11 - 000000431 ____A [96EF7072C28709B2029FDA569A02E570] () C:\ProgramData\WinClon\Preview\395404627300105\Pro_1.bmp
2013-03-28 11:54 - 2012-09-19 17:11 - 000000168 ____A [9407ABC2171F2AC572FE40E3C84F5C30] () C:\ProgramData\WinClon\Preview\395404627300105\Pro_10.bmp
2013-03-28 11:54 - 2012-09-19 17:11 - 000000725 ____A [DBAC7FFF2982580BB4B86C513477513D] () C:\ProgramData\WinClon\Preview\395404627300105\Pro_11.bmp
2013-03-28 11:54 - 2012-09-19 17:11 - 000000778 ____A [4A15A98596FB63FB7EB4ECB042702A9A] () C:\ProgramData\WinClon\Preview\395404627300105\Pro_12.bmp
2013-03-28 11:54 - 2012-09-19 17:11 - 000000716 ____A [999C87A16FB6D800F5A8E4C7C82014C5] () C:\ProgramData\WinClon\Preview\395404627300105\Pro_13.bmp
2013-03-28 11:54 - 2012-09-19 17:11 - 000003003 ____A [BB25E0ED8E8A1581357F513912E8CB9D] () C:\ProgramData\WinClon\Preview\395404627300105\Pro_14.bmp
2013-03-28 11:54 - 2012-09-19 17:11 - 000000368 ____A [72388474EC1D3B61F38ACF65AA26A142] () C:\ProgramData\WinClon\Preview\395404627300105\Pro_15.bmp
2013-03-28 11:54 - 2012-09-19 17:11 - 000000749 ____A [8C373F87858FE34571E93B7567A56B31] () C:\ProgramData\WinClon\Preview\395404627300105\Pro_16.bmp
2013-03-28 11:54 - 2012-09-19 17:11 - 000000689 ____A [9B8C63D1F88F2FC69509EA01E33DA8D8] () C:\ProgramData\WinClon\Preview\395404627300105\Pro_17.bmp
2013-03-28 11:54 - 2012-09-19 17:11 - 000000451 ____A [A5A46D4B139C6089AA5CA1857F8A091C] () C:\ProgramData\WinClon\Preview\395404627300105\Pro_18.bmp
2013-03-28 11:54 - 2012-09-19 17:11 - 000000570 ____A [C58F4EF0DD578CBE48B32F9A91A62C03] () C:\ProgramData\WinClon\Preview\395404627300105\Pro_19.bmp
2013-03-28 11:54 - 2012-09-19 17:11 - 000000617 ____A [4450D40F54491105266EBCE25B855347] () C:\ProgramData\WinClon\Preview\395404627300105\Pro_2.bmp
2013-03-28 11:54 - 2012-09-19 17:11 - 000000943 ____A [2039987855DE084BFEC50B458509689B] () C:\ProgramData\WinClon\Preview\395404627300105\Pro_20.bmp
2013-03-28 11:54 - 2012-09-19 17:11 - 000000974 ____A [0B82BBEC81CDD46D9513712F6E03AD14] () C:\ProgramData\WinClon\Preview\395404627300105\Pro_3.bmp
2013-03-28 11:54 - 2012-09-19 17:11 - 000000891 ____A [EE2A9CAF1C8082FBD4194634F0B407BE] () C:\ProgramData\WinClon\Preview\395404627300105\Pro_4.bmp
2013-03-28 11:54 - 2012-09-19 17:11 - 000000811 ____A [A305EC1EDCA0DCC709722E9683D1268A] () C:\ProgramData\WinClon\Preview\395404627300105\Pro_5.bmp
2013-03-28 11:54 - 2012-09-19 17:11 - 000000908 ____A [2E721ADF835E259C8D18591B2CF67184] () C:\ProgramData\WinClon\Preview\395404627300105\Pro_6.bmp
2013-03-28 11:54 - 2012-09-19 17:11 - 000000502 ____A [54D2B1598F4634C1DEEA650939DC5E3A] () C:\ProgramData\WinClon\Preview\395404627300105\Pro_7.bmp
2013-03-28 11:54 - 2012-09-19 17:11 - 000000608 ____A [F4EBE556EC091E262794FE80457FFA6C] () C:\ProgramData\WinClon\Preview\395404627300105\Pro_8.bmp
2013-03-28 11:54 - 2012-09-19 17:11 - 000001070 ____A [12992D971375B08AF5FB9806831490DD] () C:\ProgramData\WinClon\Preview\395404627300105\Pro_9.bmp
2013-03-28 11:54 - 2012-09-19 17:11 - 000006516 ____A [86FEEDE8A4509AEB89FD0AC730D3CDE3] () C:\ProgramData\WinClon\Preview\395404627300105\Programs.txt
 
====== End of Folder: ======
 
 
========= Bitsadmin /Reset /Allusers =========
 
 
BITSADMIN version 3.0
BITS administration utility.
© Copyright Microsoft Corp.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 202927072 B
Java, Flash, Steam htmlcache => 107620942 B
Windows/system/drivers => 116653661 B
Edge => 406380 B
Chrome => 529855782 B
Firefox => 6070252 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 3736 B
LocalService => 0 B
NetworkService => 1592 B
NetworkService => 0 B
Lauren => 16469330 B
 
RecycleBin => 0 B
EmptyTemp: => 944.6 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 21:56:25 ====
 
# -------------------------------
# Malwarebytes AdwCleaner 7.4.0.0
# -------------------------------
# Build:    07-23-2019
# Database: 2019-07-22.1 (Local)
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    07-25-2019
# Duration: 00:01:54
# OS:       Windows 10 Home
# Scanned:  35810
# Detected: 80
 
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
PUP.Optional.AdvancedSystemCare C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare C:\Program Files (x86)\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare C:\ProgramData\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare C:\ProgramData\IObit\Advanced SystemCare V8
PUP.Optional.AdvancedSystemCare C:\Users\Lauren\AppData\LocalLow\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare C:\Users\Lauren\AppData\Roaming\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare C:\Users\Lauren\AppData\Roaming\IObit\Advanced SystemCare V7
PUP.Optional.AdvancedSystemCare C:\Users\Lauren\AppData\Roaming\IObit\Advanced SystemCare V8
PUP.Optional.AdvancedSystemCare C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
PUP.Optional.DriverBooster      C:\Users\Lauren\AppData\Roaming\IOBIT\Driver Booster
PUP.Optional.DriverTalent       C:\OSTotoFolder
PUP.Optional.DriverTalent       C:\Program Files (x86)\OSTotoSoft
PUP.Optional.Legacy             C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare
PUP.Optional.Legacy             C:\Users\Lauren\AppData\Local\torch
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
PUP.Optional.AdvancedSystemCare HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Advanced SystemCare 12
PUP.Optional.AdvancedSystemCare HKLM\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
PUP.Optional.AdvancedSystemCare HKLM\SOFTWARE\CLASSES\DRIVE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
PUP.Optional.AdvancedSystemCare HKLM\SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
PUP.Optional.AdvancedSystemCare HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Advanced SystemCare
PUP.Optional.AdvancedSystemCare HKLM\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\Advanced SystemCare
PUP.Optional.AdvancedSystemCare HKLM\Software\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}
PUP.Optional.AdvancedSystemCare HKLM\Software\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}
PUP.Optional.AdvancedSystemCare HKLM\Software\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IOBIT\ASC
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IObit\RealTimeProtector
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}
PUP.Optional.Conduit            HKCU\Software\Conduit
PUP.Optional.Conduit            HKLM\Software\Wow6432Node\Conduit
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Advanced SystemCare_is1
PUP.Optional.Torch              HKLM\SOFTWARE\Classes\.URL\OpenWithList\Torch.exe
PUP.Optional.Torch              HKLM\SOFTWARE\Classes\.bmp\OpenWithList\Torch.exe
PUP.Optional.Torch              HKLM\SOFTWARE\Classes\.dib\OpenWithList\Torch.exe
PUP.Optional.Torch              HKLM\SOFTWARE\Classes\.gif\OpenWithList\Torch.exe
PUP.Optional.Torch              HKLM\SOFTWARE\Classes\.htm\OpenWithList\Torch.exe
PUP.Optional.Torch              HKLM\SOFTWARE\Classes\.html\OpenWithList\Torch.exe
PUP.Optional.Torch              HKLM\SOFTWARE\Classes\.ico\OpenWithList\Torch.exe
PUP.Optional.Torch              HKLM\SOFTWARE\Classes\.jfif\OpenWithList\Torch.exe
PUP.Optional.Torch              HKLM\SOFTWARE\Classes\.jpe\OpenWithList\Torch.exe
PUP.Optional.Torch              HKLM\SOFTWARE\Classes\.jpg\OpenWithList\Torch.exe
PUP.Optional.Torch              HKLM\SOFTWARE\Classes\.png\OpenWithList\Torch.exe
PUP.Optional.Torch              HKLM\SOFTWARE\Classes\.shtml\OpenWithList\Torch.exe
PUP.Optional.Torch              HKLM\SOFTWARE\Classes\.webm\OpenWithList\Torch.exe
PUP.Optional.Torch              HKLM\SOFTWARE\Classes\.xht\OpenWithList\Torch.exe
PUP.Optional.Torch              HKLM\SOFTWARE\Classes\.xhtml\OpenWithList\Torch.exe
PUP.Optional.Torch              HKLM\SOFTWARE\Classes\Applications\TorchSetup-r0-n-bc (1).exe
PUP.Optional.Torch              HKLM\SOFTWARE\Classes\Applications\TorchSetup-r0-n-bc.exe
PUP.Optional.Torch              HKLM\SOFTWARE\Classes\Applications\TorchSetup-r0-n-be.exe
PUP.Optional.Torch              HKLM\SOFTWARE\Classes\Applications\TorchSetup-r20-n-bc.exe
PUP.Optional.Torch              HKLM\SOFTWARE\Classes\Applications\TorchSetup-r23-n-bc.exe
PUP.Optional.Torch              HKLM\SOFTWARE\Classes\Applications\TorchSetup-r26-n-bc (1).exe
PUP.Optional.Torch              HKLM\SOFTWARE\Classes\Applications\TorchSetup-r5-n-bf.exe
PUP.Optional.Torch              HKLM\SOFTWARE\Classes\Applications\TorchSetup-r8-n-bu.exe
PUP.Optional.Torch              HKLM\SOFTWARE\Classes\Applications\TorchSetup.exe
PUP.Optional.Torch              HKLM\SOFTWARE\Classes\Applications\TorchSetupFull-r6-n-bf.exe
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries found.
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs found.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries found.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs found.
 
***** [ Preinstalled Software ] *****
 
Preinstalled.CyberLinkShellExtension 
Preinstalled.LenovoPower2Go     
Preinstalled.LenovoPowerDVD     
Preinstalled.SamsungSAgent      
Preinstalled.SamsungSettings    
Preinstalled.SamsungSmartSwitch 
Preinstalled.SamsungUpdate      
 
 
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
 
 
 
My computer is running normally

  • 0

#4
iMacg3
Posted 26 July 2019 - 10:22 AM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Hi Lovltn848,

Do you use the program Smart Defrag 6?

================================================

Let me know if the popups are still appearing.
  • 0

#5
Lovltn848
Posted 26 July 2019 - 11:30 AM

Lovltn848

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 237 posts
Yes I do. There have been no new popups since Wednesday.
  • 0

#6
iMacg3
Posted 26 July 2019 - 03:05 PM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Hi Lovltn848,

---------------------------------------------------
AdwCleaner - Clean
  • Double-click the AdwCleaner icon to run it.
  • Press the Scan button.
  • When the scan is complete, uncheck any items you want to keep.
  • Click Clean and Repair.
  • Select Clean & Restart Now. AdwCleaner will restart the computer to complete the cleaning process.
  • After the restart, an AdwCleaner window will open. Select View Log File.
  • The scan log will open in Notepad.
  • Copy and paste its contents into your next reply.
  • Note: The log is also saved to C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt
---------------------------------------------------

In your next reply, please include:
  • AdwCleaner[Cxx].txt

  • 0

#7
Lovltn848
Posted 26 July 2019 - 10:21 PM

Lovltn848

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 237 posts
# -------------------------------
# Malwarebytes AdwCleaner 7.4.0.0
# -------------------------------
# Build:    07-23-2019
# Database: 2019-07-22.1 (Cloud)
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    07-26-2019
# Duration: 00:00:30
# OS:       Windows 10 Home
# Cleaned:  56
# Failed:   0
 
 
***** [ Services ] *****
 
No malicious services cleaned.
 
***** [ Folders ] *****
 
Deleted       C:\OSTotoFolder
Deleted       C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
Deleted       C:\Program Files (x86)\IObit\Advanced SystemCare
Deleted       C:\Program Files (x86)\OSTotoSoft
Deleted       C:\ProgramData\IObit\Advanced SystemCare
Deleted       C:\ProgramData\IObit\Advanced SystemCare V8
Deleted       C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare
Deleted       C:\Users\Lauren\AppData\LocalLow\IObit\Advanced SystemCare
Deleted       C:\Users\Lauren\AppData\Local\torch
Deleted       C:\Users\Lauren\AppData\Roaming\IOBIT\Driver Booster
Deleted       C:\Users\Lauren\AppData\Roaming\IObit\Advanced SystemCare
Deleted       C:\Users\Lauren\AppData\Roaming\IObit\Advanced SystemCare V7
Deleted       C:\Users\Lauren\AppData\Roaming\IObit\Advanced SystemCare V8
Deleted       C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
 
***** [ Files ] *****
 
No malicious files cleaned.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks cleaned.
 
***** [ Registry ] *****
 
Deleted       HKCU\Software\Conduit
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Advanced SystemCare 12
Deleted       HKLM\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted       HKLM\SOFTWARE\CLASSES\DRIVE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted       HKLM\SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted       HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Advanced SystemCare
Deleted       HKLM\SOFTWARE\Classes\.URL\OpenWithList\Torch.exe
Deleted       HKLM\SOFTWARE\Classes\.bmp\OpenWithList\Torch.exe
Deleted       HKLM\SOFTWARE\Classes\.dib\OpenWithList\Torch.exe
Deleted       HKLM\SOFTWARE\Classes\.gif\OpenWithList\Torch.exe
Deleted       HKLM\SOFTWARE\Classes\.htm\OpenWithList\Torch.exe
Deleted       HKLM\SOFTWARE\Classes\.html\OpenWithList\Torch.exe
Deleted       HKLM\SOFTWARE\Classes\.ico\OpenWithList\Torch.exe
Deleted       HKLM\SOFTWARE\Classes\.jfif\OpenWithList\Torch.exe
Deleted       HKLM\SOFTWARE\Classes\.jpe\OpenWithList\Torch.exe
Deleted       HKLM\SOFTWARE\Classes\.jpg\OpenWithList\Torch.exe
Deleted       HKLM\SOFTWARE\Classes\.png\OpenWithList\Torch.exe
Deleted       HKLM\SOFTWARE\Classes\.shtml\OpenWithList\Torch.exe
Deleted       HKLM\SOFTWARE\Classes\.webm\OpenWithList\Torch.exe
Deleted       HKLM\SOFTWARE\Classes\.xht\OpenWithList\Torch.exe
Deleted       HKLM\SOFTWARE\Classes\.xhtml\OpenWithList\Torch.exe
Deleted       HKLM\SOFTWARE\Classes\Applications\TorchSetup-r0-n-bc (1).exe
Deleted       HKLM\SOFTWARE\Classes\Applications\TorchSetup-r0-n-bc.exe
Deleted       HKLM\SOFTWARE\Classes\Applications\TorchSetup-r0-n-be.exe
Deleted       HKLM\SOFTWARE\Classes\Applications\TorchSetup-r20-n-bc.exe
Deleted       HKLM\SOFTWARE\Classes\Applications\TorchSetup-r23-n-bc.exe
Deleted       HKLM\SOFTWARE\Classes\Applications\TorchSetup-r26-n-bc (1).exe
Deleted       HKLM\SOFTWARE\Classes\Applications\TorchSetup-r5-n-bf.exe
Deleted       HKLM\SOFTWARE\Classes\Applications\TorchSetup-r8-n-bu.exe
Deleted       HKLM\SOFTWARE\Classes\Applications\TorchSetup.exe
Deleted       HKLM\SOFTWARE\Classes\Applications\TorchSetupFull-r6-n-bf.exe
Deleted       HKLM\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\Advanced SystemCare
Deleted       HKLM\Software\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}
Deleted       HKLM\Software\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}
Deleted       HKLM\Software\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}
Deleted       HKLM\Software\Wow6432Node\Conduit
Deleted       HKLM\Software\Wow6432Node\IOBIT\ASC
Deleted       HKLM\Software\Wow6432Node\IObit\Advanced SystemCare
Deleted       HKLM\Software\Wow6432Node\IObit\RealTimeProtector
Deleted       HKLM\Software\Wow6432Node\\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}
Deleted       HKLM\Software\Wow6432Node\\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Advanced SystemCare_is1
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries cleaned.
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs cleaned.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries cleaned.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs cleaned.
 
***** [ Preinstalled Software ] *****
 
No Preinstalled Software cleaned.
 
 
*************************
 
[+] Delete Tracing Keys
[+] Reset Winsock
 
*************************
 
AdwCleaner[S00].txt - [6573 octets] - [25/07/2019 22:12:11]
AdwCleaner[S01].txt - [6634 octets] - [26/07/2019 22:06:42]
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

  • 0

#8
iMacg3
Posted 27 July 2019 - 10:02 AM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts

Hi,

If all is well:

Uninstall FRST

  • Right-click on Frst.exe/Frst64.exe and select Rename
  • Rename the file to Uninstall.exe
  • Double-click on Uninstall.exe to uninstall FRST

Uninstall AdwCleaner

  • Run AdwCleaner.
  • Click the Settings button and scroll down to Remove AdwCleaner
  • Select Remove to uninstall AdwCleaner.

Delete any other tools we used in the cleanup process.
----------------------------------------------------
Reset System Restore Points

  • Press the Windows key + R
  • Type cleanmgr and press Enter.
  • Disk Cleanup will open. Click Clean up system files.
  • Click the More Options tab.
  • Under System Restore and Shadow Copies click Clean Up.
  • Confirm by clicking Delete.

----------------------------------------------------
Some tips to keep your computer safe on the Internet

Make sure to use strong passwords. There are password managers (for example, Bitwarden) that can help you use secure passwords, and keep track of them.

How to create a strong password
----------------------------------------------------
Keeping software up-to-date is important as well. Programs such as UCheck, Heimdal Free, or PatchMyPC can help keep software on your computer up-to-date.

To keep your operating system up-to-date, make sure that Windows Update is enabled on your computer.
----------------------------------------------------
Here are some articles about how to keep your computer safe on the internet -

Simple and easy ways to keep your computer safe and secure on the Internet - by Lawrence Abrams

Answers to common security questions - Best Practices - by quietman7

COMPUTER SECURITY - a short guide to staying safer online - Malware Removal

PC Safety and Security - What Do I Need? - Tech Support Forum
----------------------------------------------------

Safe surfing :)


  • 0

#9
iMacg3
Posted 30 July 2019 - 11:37 AM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP