Solved Astromenda PUP gone but not forgotten....still no internet

skibumm100 · Oct 23, 2016

Hello everyone. My wife recently informed me that our desktop computer was not working correctly and couldn’t access the internet. I checked to see if it was connected to our home network and it was. All other devices in the house work fine. I discovered that the search engine Astromenda was the default search engine. I couldn’t connect to Google or anything else. I used a different computer to google what the problem was and it was apparently infected with the PUP/BHJ Astromenda. Following the instructions on MalwareTips, I downloaded a bunch of programs on my laptop and saved them to a flash drive since I can’t access the internet on the infected desktop. I downloaded Malwarebytes, ADWcleaner, JRT and Hitman Pro. I then loaded them on the infected desktop and ran them in the order instructed in the removal guide. When I finished running the programs, the software appeared to be cleaned but the computer would still not connect to any of the normal websites, Google, Yahoo, etc. I also refreshed or reset IE, Firefox and Chrome. I then followed the instructions in the MalwareTips guide for "How to fix “No Internet After Malware Removal” (Free Guide)". I downloaded Rkill, Zemana after the first attempt at removal and restoration didn’t work. Since it won’t connect it also can’t update definitions for any of the malware removal programs or antivirus software. I currently run Avast Free antivirus. I am on the road a lot so I have limited seat time in front of the computer. Any help would be appreciated.

TwinHeadedEagle · Oct 23, 2016

Hello,

Check Disk

Press the

on your keyboard. Type cmd and right click >> Run as Administrator.
Copy/Enter the command below and press Enter:
Code:
```
chkdsk C: /r
```
You should get a message to schedule Check Disk at next system restart. Please type Y and press Enter.
All you should do now is to restart your PC and let the Check Disk process finish uninterrupted.

Check Disk report:

Press the

+ R on your keyboard at the same time. Type eventvwr and click OK.
In the left panel, expand Windows Logs and then click on Application.
Now, on the right side, click on Filter Current Log.
Under Event Sources, check only Wininit and click OK.
Now you'll be presented with one or multiple Wininit logs.
Click on an entry corresponding to the date and time of the disk check.
On the top main menu, click Action > Copy > Copy Details as Text.
Paste the contents into your next reply.

skibumm100 · Oct 23, 2016

Thanks for picking up the case TwinHeadedEagle.

Here's the check disk log:

Log Name: Application
Source: Microsoft-Windows-Wininit
Date: 10/23/2016 9:56:57 PM
Event ID: 1001
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Desktop
Description:

Checking file system on C:
The type of the file system is NTFS.
Volume label is Windows7_OS.

A disk check has been scheduled.
Windows will now check the disk.

CHKDSK is verifying files (stage 1 of 5)...
320000 file records processed.

File verification completed.
917 large file records processed.

0 bad file records processed.

2 EA records processed.

94 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 5)...
389292 index entries processed.

Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 5)...
320000 file SDs/SIDs processed.

Cleaning up 1898 unused index entries from index $SII of file 0x9.
Cleaning up 1898 unused index entries from index $SDH of file 0x9.
Cleaning up 1898 unused security descriptors.
Security descriptor verification completed.
34647 data files processed.

CHKDSK is verifying Usn Journal...
40986072 USN bytes processed.

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
319984 files processed.

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
92815538 free clusters processed.

Free space verification is complete.
Windows has checked the file system and found no problems.

472512511 KB total disk space.
100694004 KB in 149249 files.
111644 KB in 34648 indexes.
0 KB in bad sectors.
444707 KB in use by the system.
65536 KB occupied by the log file.
371262156 KB available on disk.

4096 bytes in each allocation unit.
118128127 total allocation units on disk.
92815539 allocation units available on disk.

Internal Info:
00 e2 04 00 63 ce 02 00 16 27 05 00 00 00 00 00 ....c....'......
21 08 00 00 5e 00 00 00 00 00 00 00 00 00 00 00 !...^...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

Windows has finished checking your disk.
Please wait while your computer restarts.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
<EventID Qualifiers="16384">1001</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2016-10-24T01:56:57.000000000Z" />
<EventRecordID>37281</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>Desktop</Computer>
<Security />
</System>
<EventData>
<Data>

Checking file system on C:
The type of the file system is NTFS.
Volume label is Windows7_OS.

A disk check has been scheduled.
Windows will now check the disk.

CHKDSK is verifying files (stage 1 of 5)...
320000 file records processed.

File verification completed.
917 large file records processed.

0 bad file records processed.

2 EA records processed.

94 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 5)...
389292 index entries processed.

Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 5)...
320000 file SDs/SIDs processed.

Cleaning up 1898 unused index entries from index $SII of file 0x9.
Cleaning up 1898 unused index entries from index $SDH of file 0x9.
Cleaning up 1898 unused security descriptors.
Security descriptor verification completed.
34647 data files processed.

CHKDSK is verifying Usn Journal...
40986072 USN bytes processed.

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
319984 files processed.

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
92815538 free clusters processed.

Free space verification is complete.
Windows has checked the file system and found no problems.

472512511 KB total disk space.
100694004 KB in 149249 files.
111644 KB in 34648 indexes.
0 KB in bad sectors.
444707 KB in use by the system.
65536 KB occupied by the log file.
371262156 KB available on disk.

4096 bytes in each allocation unit.
118128127 total allocation units on disk.
92815539 allocation units available on disk.

Internal Info:
00 e2 04 00 63 ce 02 00 16 27 05 00 00 00 00 00 ....c....'......
21 08 00 00 5e 00 00 00 00 00 00 00 00 00 00 00 !...^...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
</EventData>
</Event>

Hope this helps.....

TwinHeadedEagle · Oct 24, 2016

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

Right-click on

icon and select

Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Make sure that Addition.txt option is checked.
Press Scan button and wait.
The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please attach report into your next reply.

skibumm100 · Oct 24, 2016

Here ya go.....

The FRST log is a short one:

LastRegBack: 2016-10-23 11:34

==================== End of FRST.txt ============================

The Addition log:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-10-2016
Ran by Gregg (24-10-2016 04:41:10)
Running from C:\Users\Gregg\Desktop
Windows 7 Professional Service Pack 1 (X64) (2013-08-10 15:48:41)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1075821121-420814958-1993860820-500 - Administrator - Disabled)
Danny (S-1-5-21-1075821121-420814958-1993860820-1008 - Limited - Enabled) => C:\Users\Danny
Gregg (S-1-5-21-1075821121-420814958-1993860820-1000 - Administrator - Enabled) => C:\Users\Gregg
Guest (S-1-5-21-1075821121-420814958-1993860820-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1075821121-420814958-1993860820-1002 - Limited - Enabled)
Sam (S-1-5-21-1075821121-420814958-1993860820-1007 - Limited - Enabled) => C:\Users\Sam
Tracie (S-1-5-21-1075821121-420814958-1993860820-1006 - Administrator - Enabled) => C:\Users\Tracie

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acronis True Image 2014 (HKLM-x32\...\{6B38A7DF-F641-45D5-BBCA-3E676ABCF5C8}Visible) (Version: 17.0.6673 - Acronis)
Acronis True Image 2014 (x32 Version: 17.0.6673 - Acronis) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.198 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Photoshop 6.0 (HKLM-x32\...\Adobe Photoshop 6.0) (Version: 6.0 - Adobe Systems, Inc.)
Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Adobe SVG Viewer (HKLM-x32\...\Adobe SVG Viewer) (Version: 1.0 - Adobe Systems, Inc.)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 11.2.2262 - AVAST Software)
Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden
Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
EPSON NX430 Series Printer Uninstall (HKLM\...\EPSON NX430 Series) (Version: - SEIKO EPSON Corporation)
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.15 - Evernote Corp.)
Fitbit Connect (HKLM-x32\...\{6EB73D9D-645E-415B-8008-83C3CB865968}) (Version: 2.0.1.6742 - Fitbit Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.143 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.3.193 - SurfRight B.V.)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2696 - Intel Corporation)
Intel(R) Processor ID Utility (HKLM-x32\...\{A92A4DB0-CD37-42D1-BE1D-603D53C24328}) (Version: 4.70.0000 - Intel(R) Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo SimpleTap (HKLM\...\{BF601122-9F0A-41A9-BA06-3158D9FB4B80}) (Version: 3.2.0004.00 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{AB46AC6D-3E9A-4484-8061-64FF10301B41}) (Version: 3.3.002.00 - Lenovo)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.07.0022 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}) (Version: 3.1.0020.00 - Lenovo Group Limited)
Logitech Vid (HKLM-x32\...\{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}) (Version: 1.10.1009 - Logitech Inc.)
Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM\...\{3849486C-FF09-4F5D-B491-3E179D58EE15}) (Version: 3.1.0004.00 - Lenovo Group Limited)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 46.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 en-US)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla)
Nalpeiron License Management (x32 Version: 6.3.9.1 - Nalpeiron) Hidden
Nitro Pro 7 (HKLM\...\{8E0790DA-185E-4DC1-8A88-750B2A6218FD}) (Version: 7.4.1.4 - Nitro PDF Software)
Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}_is1) (Version: 3.40.0001 - Lenovo Group Limited)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 1.12.0016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6602 - Realtek Semiconductor Corp.)
SafeZone Stable 1.48.2066.101 (x32 Version: 1.48.2066.101 - Avast Software) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 7.29 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.101 - Skype Technologies S.A.)
Sure Cuts A Lot Pro 3.059 (HKLM-x32\...\Sure Cuts A Lot 3 Pro_is1) (Version: - Craft Edge)
Sure Cuts A Lot Pro 4.018 (HKLM-x32\...\Sure Cuts A Lot 4 Pro_is1) (Version: - Craft Edge)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 3.0.30.0 - Lenovo)
View Management Utility (HKLM-x32\...\InstallShield_{C6254514-DD94-45E5-87C0-B9CB90A34C89}) (Version: 3.0.12.0329 - Lenovo)
View Management Utility (Version: 3.0.12.0329 - Lenovo) Hidden
VIP Access (HKLM-x32\...\{E8D46836-CD55-453C-A107-A59EC51CB8DC}) (Version: 2.0.5.13 - VeriSign)
Windows Driver Package - Intel Corporation (igfx) Display (03/19/2012 8.15.10.2696) (HKLM\...\6AF882A8E50505CE490495746E271C3F586F9110) (Version: 03/19/2012 8.15.10.2696 - Intel Corporation)
Windows Driver Package - Intel hdc (09/10/2010 9.2.0.1011) (HKLM\...\171901D8B4D5484C362A709BF264A50F065A14FB) (Version: 09/10/2010 9.2.0.1011 - Intel)
Windows Driver Package - Intel System (08/26/2011 9.3.0.1011) (HKLM\...\D8EF6CACF49BD33CC1FACD124C8CC2B1A8E8AE35) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows Driver Package - Intel System (09/10/2010 9.2.0.1011) (HKLM\...\0CDBDD444A1F5FFEA227B4E7DCE195F11F08240A) (Version: 09/10/2010 9.2.0.1011 - Intel)
Windows Driver Package - Intel System (11/20/2010 9.2.0.1016) (HKLM\...\43B5066463CEBC83E99586A67037B6F9FC4193FE) (Version: 11/20/2010 9.2.0.1016 - Intel)
Windows Driver Package - Intel USB (12/21/2010 9.2.0.1021) (HKLM\...\0DD5528A211904214F70A66DE6ADBD378B21566D) (Version: 12/21/2010 9.2.0.1021 - Intel)
Windows Driver Package - Realtek (RTL8167) Net (11/23/2011 7.050.1123.2011) (HKLM\...\93D0B653D730EB57C01C763D1BE4E63ABC9204F0) (Version: 11/23/2011 7.050.1123.2011 - Realtek)
Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (03/27/2012 6.0.1.6602) (HKLM\...\88CB7AA478955801F99FBF6D2BCF739BEB87A7F3) (Version: 03/27/2012 6.0.1.6602 - Realtek Semiconductor Corp.)
Windows Driver Package - USCutter Printer (06/05/2013 6.10.00.00) (HKLM\...\BFB0583D91751D3AE3269361E5E5640FD085A8BD) (Version: 06/05/2013 6.10.00.00 - USCutter)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.50.133 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {018ABB0D-1399-47B9-90A5-3A2821BC415B} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-04-20] (Lenovo)
Task: {0643C391-21B5-463D-A812-7361B7AAFF96} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-05-14] (AVAST Software)
Task: {21F25E3C-3CF6-473D-AD00-668B533E23F7} - System32\Tasks\GoogleUpdateTaskMachineCore1d1e9a04ad0d8bd => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {28C17811-A1D3-4EBE-A623-4296AB34898E} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-04] (AVAST Software)
Task: {2969E9CB-3EFB-4840-9973-EBD3391A39CF} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2016-01-13] ()
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {42BCC1E4-E859-407E-A85E-3A2545A583FC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-14] (Adobe Systems Incorporated)
Task: {5C74CD5B-9CC0-4F20-9613-A9EAA16801BB} - System32\Tasks\Lenovo\SimpleTap\Start SimpleTap for Desktop.Tracie => C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe [2012-05-15] (Lenovo)
Task: {5DD8BA87-AB26-4CCF-91D7-FF0BDB63C2DD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {6B4E0CEF-F8E3-49EE-B180-013723CC5439} - System32\Tasks\GoogleUpdateTaskMachineUA1d1e9a04b0975c1 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {79AFF3E0-A380-4D61-B0AF-818373518F34} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSC.Services.UpdateStatusService.exe [2016-04-20] ()
Task: {7BE2E53B-E28D-4E6C-B477-90F782EA2EEA} - System32\Tasks\PMTask => C:\Program Files (x86)\Lenovo\PowerMgr\PwmIdTsv.exe [2015-03-13] (Lenovo Group Limited)
Task: {7F7AD088-DAEE-4B59-B976-4E0CE2F6EF94} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-08-08] (Lenovo)
Task: {7FBADBDC-DA0D-43A1-BEB3-ED34417A18C4} - System32\Tasks\Lenovo\SimpleTap\Start SimpleTap for Desktop.Gregg => C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe [2012-05-15] (Lenovo)
Task: {8938C1B5-8F71-4E02-82B1-0AAF392FCA1A} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-04-20] (Lenovo)
Task: {8E45E960-9322-4E0A-862F-C435DAC5EE12} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {96EE4EF5-9FF6-4943-A210-FAD03A96E6AF} - System32\Tasks\SafeZone scheduled Autoupdate 1461164679 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software)
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {B58D5023-57C7-4125-B0E3-31A02B41A40F} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {B7501F25-9238-4B99-8672-60AD59D5A88E} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2012-05-15] (Lenovo)
Task: {B7A8AB88-25DA-4964-A100-223C1B865CC7} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {C3D91A5E-F5BB-4AF4-BC8D-3DC2FC7D687B} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2016-04-20] (Lenovo)
Task: {C4A052DC-0560-4DEE-9745-A3FD7989F48E} - System32\Tasks\{936CADE8-B331-4107-92E2-1CAD683B5F8F} => C:\Program Files (x86)\Adobe\Photoshop 6.0\Photoshp.exe [2013-08-10] (Adobe Systems, Incorporated)
Task: {CA3BF145-5A51-47D6-AC8D-66B74AD303D5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {D5450CD3-E085-472A-9F22-9DBE53B71C07} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {DC824F79-BC91-4E40-A6E5-04361D8736DE} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2016-04-20] (Lenovo)
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1e9a04ad0d8bd.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d1e9a04b0975c1.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Gregg\Documents\WD 1TB Hard Disc Instructions\Extras\Adobe Reader Download.lnk -> hxxp://get.adobe.com/reader/

==================== Loaded Modules (Whitelisted) ==============

2013-10-01 10:26 - 2013-10-01 10:26 - 02810968 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll
2012-05-24 02:04 - 2012-05-24 02:04 - 00108040 _____ () C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NPShellExtension64.dll
2016-10-22 19:22 - 2016-10-22 19:22 - 00152944 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2013-05-13 18:21 - 2012-03-19 03:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2009-10-14 13:36 - 2009-10-14 13:36 - 02793304 _____ () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
2009-10-14 13:34 - 2009-10-14 13:34 - 00560472 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
2015-05-24 15:40 - 2015-03-13 13:59 - 00035584 _____ () C:\Program Files (x86)\Lenovo\PowerMgr\US\PWMRT64V.DLL
2016-05-14 11:16 - 2016-05-14 11:16 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-05-14 11:16 - 2016-05-14 11:16 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-10-20 10:38 - 2016-10-20 10:38 - 03121496 _____ () C:\Program Files\AVAST Software\Avast\defs\16102000\algo.dll
2016-05-14 11:16 - 2016-05-14 11:16 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
2016-05-14 11:16 - 2016-05-14 11:16 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 02140944 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\QtCore4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 07704336 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\QtGui4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 00968976 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\QtNetwork4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 00475408 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\QtOpenGL4.dll
2009-07-16 15:35 - 2009-07-16 15:35 - 00363792 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\QtXml4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 00199952 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\QtSql4.dll
2009-07-16 15:35 - 2009-07-16 15:35 - 00027408 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\SDL.dll
2009-07-16 15:35 - 2009-07-16 15:35 - 11311888 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\QtWebKit4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 00291600 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\phonon4.dll
2009-07-16 15:36 - 2009-07-16 15:36 - 00028944 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\plugins\imageformats\qgif4.dll
2009-07-16 15:36 - 2009-07-16 15:36 - 00035088 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\plugins\imageformats\qico4.dll
2009-07-16 15:36 - 2009-07-16 15:36 - 00138000 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\plugins\imageformats\qjpeg4.dll
2013-05-13 18:48 - 2012-07-12 08:59 - 00891392 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtNetwork4.dll
2013-05-13 18:48 - 2012-07-12 08:59 - 02281984 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtCore4.dll
2013-05-13 18:48 - 2012-07-12 08:59 - 00322048 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll
2013-05-13 18:48 - 2012-07-12 08:59 - 00339456 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtXml4.dll
2013-05-13 18:48 - 2012-07-12 08:59 - 00400384 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll
2013-05-13 18:48 - 2012-07-12 08:59 - 00016896 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll
2013-05-13 18:48 - 2012-07-12 08:59 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll
2013-05-13 18:48 - 2012-07-12 08:59 - 00195584 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll
2013-05-13 18:48 - 2012-07-12 08:59 - 00062464 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll
2013-05-13 18:48 - 2012-07-12 08:59 - 00446976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\deviceProfile.dll
2013-05-13 18:48 - 2012-07-12 08:59 - 00019456 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll
2013-05-13 18:48 - 2012-07-12 08:59 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManagerStarter.dll
2016-04-20 10:52 - 2016-04-20 10:52 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-02-04 18:25 - 2014-02-04 18:25 - 00036672 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\qt_icontray_ex.dll
2014-02-04 18:25 - 2014-02-04 18:25 - 00028992 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll
2014-12-11 18:40 - 2014-12-11 18:40 - 40622592 ____R () C:\Program Files (x86)\Fitbit Connect\libcef.dll
2016-05-12 03:52 - 2016-05-12 03:52 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\9494e643d25019b25b5cf70f2ffc0778\IsdiInterop.ni.dll
2013-05-13 18:35 - 2012-02-01 19:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-02-04 18:28 - 2014-02-04 18:28 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2013-05-13 18:33 - 2011-12-15 22:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences [386]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1075821121-420814958-1993860820-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Gregg\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1 - 75.75.75.75
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{CC66B248-AB88-4E33-9BA2-7982C8B00370}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{48B3AD3E-0951-4565-BB1F-E89D65BB154A}] => (Allow) LPort=2869
FirewallRules: [{2A5CC059-E2B7-4A3C-B897-49516F478909}] => (Allow) LPort=1900
FirewallRules: [{03B568EE-4C24-4134-869E-9DCE3AFF2CC2}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{B7156865-9D74-4732-9E97-706F7BC3FC24}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [TCP Query User{FBF16CEF-BE24-4798-A928-1632243FDD98}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => (Block) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe
FirewallRules: [UDP Query User{E87A58D8-8DC4-4528-8B6C-AC1CE2AB7574}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => (Block) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe
FirewallRules: [TCP Query User{B4684E96-524A-497B-8FFC-ACFCDC93393D}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => (Block) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe
FirewallRules: [UDP Query User{DC6D32BD-5FA8-4864-B0FD-2C86B808B7E7}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => (Block) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe
FirewallRules: [{F85FC0BC-677B-428C-B570-B9D7AB9F8F52}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{C8E0F64C-E97A-44D2-BD89-DF71979F2EE0}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{0C72DF24-765E-431D-8A0B-4E7F22DAB263}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{C92A1C3E-7A57-49B2-AF7A-24149AAD37C2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6893775C-A4B3-4CED-98B7-3230F2CFF8BC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{263CB1DB-5BF9-4548-B478-16768AC3D705}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{29AA7F43-0374-4050-955C-5204AAD4DA88}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{72B69494-5864-4F06-991C-474FD3D224A2}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{F5D3A7F7-9766-4022-8A03-4EC700F3F421}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{E36C4329-578C-4A7B-ACA2-78F864CBEC2C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{D19DA5F0-90E2-4B7F-9075-DBA29636F9EB}] => (Allow) C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe
FirewallRules: [{CC1895BB-1539-4022-9106-11F864684D5A}] => (Allow) C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe
FirewallRules: [{9B320C43-AA48-4D68-A7DF-656FC817EAA7}] => (Allow) C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe
FirewallRules: [{835DE8D0-C4E6-47F8-8F76-8F664B95691E}] => (Allow) C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe

==================== Restore Points =========================

16-09-2016 03:00:40 Windows Update
20-09-2016 08:38:31 Windows Update
22-09-2016 03:00:23 Windows Update
27-09-2016 10:40:37 Windows Update
30-09-2016 12:35:27 Windows Update
04-10-2016 10:39:52 Windows Update
10-10-2016 13:59:10 Windows Update
11-10-2016 20:47:19 Windows Update
16-10-2016 13:49:19 Windows Update
22-10-2016 13:31:24 JRT Pre-Junkware Removal
22-10-2016 18:52:04 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (10/24/2016 04:34:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/23/2016 09:56:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/23/2016 08:14:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/23/2016 10:43:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/22/2016 09:07:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/22/2016 06:53:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LVPrcSrv.exe, version: 12.10.1110.0, time stamp: 0x4acc50c4
Faulting module name: LVPrcSrv.exe, version: 12.10.1110.0, time stamp: 0x4acc50c4
Exception code: 0xc0000005
Fault offset: 0x0000000000007af2
Faulting process id: 0x418
Faulting application start time: 0x01d22c9d3ce4e9cc
Faulting application path: C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
Faulting module path: C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
Report Id: 56f68d37-98aa-11e6-bcf7-7427ea65c8b8

Error: (10/22/2016 03:48:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/22/2016 02:09:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/22/2016 01:33:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LVPrcSrv.exe, version: 12.10.1110.0, time stamp: 0x4acc50c4
Faulting module name: LVPrcSrv.exe, version: 12.10.1110.0, time stamp: 0x4acc50c4
Exception code: 0xc0000005
Fault offset: 0x0000000000007af2
Faulting process id: 0x4c8
Faulting application start time: 0x01d22c89e2b444ea
Faulting application path: C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
Faulting module path: C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
Report Id: b4bf65e6-987d-11e6-9f2e-7427ea65c8b8

Error: (10/22/2016 01:30:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

System errors:
=============
Error: (10/24/2016 04:35:42 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (10/23/2016 09:57:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (10/23/2016 08:14:50 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (10/23/2016 12:48:07 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.

Error: (10/23/2016 12:48:06 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.

Error: (10/23/2016 12:48:06 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.

Error: (10/23/2016 12:48:05 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.

Error: (10/23/2016 12:48:05 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.

Error: (10/23/2016 10:49:18 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (10/23/2016 10:43:53 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz
Percentage of memory in use: 52%
Total physical RAM: 3917.78 MB
Available physical RAM: 1863.73 MB
Total Virtual: 7833.75 MB
Available Virtual: 5620.48 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:450.62 GB) (Free:354.02 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (USB30FD) (Removable) (Total:58.87 GB) (Free:51.52 GB) exFAT
Drive q: (Lenovo_Recovery) (Fixed) (Total:13.67 GB) (Free:3.59 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 30385182)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 58.9 GB) (Disk ID: F355DA4B)
Partition 1: (Not Active) - (Size=58.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

TwinHeadedEagle · Oct 24, 2016

Can you attach both reports?

skibumm100 · Oct 24, 2016

Well I kinda did, but I think I made a copy/paste error and only got the tail end of the FRST report. It (or the remnants of it) are at the top of the post. If that's not the whole thing, I will need to walk someone through emailing it to me or having my son post it to the thread. I'm not in front of that computer for a bit.

skibumm100 · Oct 24, 2016

OK, I had my wife rerun the scans and here are the results. Sorry about the previous one....my bad.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-10-2016
Ran by Gregg (administrator) on DESKTOP (24-10-2016 19:12:27)
Running from C:\Users\Gregg\Desktop
Loaded Profiles: Gregg (Available Profiles: Gregg & Tracie & Sam & Danny)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe
(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
() C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
(Lenovo) C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\PowerMgr\SCHTASK.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\Setup\instup.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12459112 2012-03-27] (Realtek Semiconductor)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [289648 2012-05-24] (Lenovo Group Limited)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [518424 2013-07-18] (Acronis)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13823216 2016-10-04] (Zemana Ltd.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7408312 2016-07-13] (AVAST Software)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7805936 2014-02-04] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1102192 2013-10-10] (Acronis International GmbH)
HKLM-x32\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM-x32\...\Run: [Power Manager Startup Utility] => C:\Program Files (x86)\Lenovo\PowerMgr\DPMHost.exe [27392 2015-03-13] ()
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1075821121-420814958-1993860820-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2015-03-07] (Google Inc.)
HKU\S-1-5-21-1075821121-420814958-1993860820-1000\...\Run: [Logitech Vid] => C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe [5458704 2009-07-16] (Logitech Inc.)
HKU\S-1-5-21-1075821121-420814958-1993860820-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1075821121-420814958-1993860820-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1075821121-420814958-1993860820-1000\...\MountPoints2: {211a15c6-bc1c-11e2-9931-806e6f6e6963} - Q:\LenovoQDrive.exe
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Windows\System32\Magnify.exe [652800 2009-07-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-05-14] (AVAST Software)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk [2013-08-10]
ShortcutTarget: Adobe Gamma Loader.exe.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
GroupPolicy\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1075821121-420814958-1993860820-1008\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1075821121-420814958-1993860820-1007\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{04175B5E-002F-4C87-B1FF-8266814B0F32}: [DhcpNameServer] 192.168.1.1 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKU\S-1-5-21-1075821121-420814958-1993860820-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKU\S-1-5-21-1075821121-420814958-1993860820-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkcentre
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-04-20] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll [2012-04-19] (Symantec Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-04-20] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll [2012-04-19] (Symantec Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
Toolbar: HKU\S-1-5-21-1075821121-420814958-1993860820-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Gregg\AppData\Roaming\Mozilla\Firefox\Profiles\xtzj8u4d.default-1477166576127 [2016-10-23]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-14]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-05-14]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKLM-x32\...\Firefox\Extensions: [VIP4X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: (Symantec VIP Access Add-On) - C:\Program Files (x86)\Symantec\VIP Access Client [2013-05-13] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-14] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-14] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2011-12-01] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2011-12-01] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll [2012-05-24] ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP"
CHR Profile: C:\Users\Gregg\AppData\Local\Google\Chrome\User Data\Default [2016-10-22]
CHR Extension: (avast! Online Security) - C:\Users\Gregg\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-10-22]
CHR Extension: (Google Wallet) - C:\Users\Gregg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-19]
CHR HKU\S-1-5-21-1075821121-420814958-1993860820-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fkkcgfbgohboipdhliafmacjnhjbhmim] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-04-20]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-05-14] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [5570272 2016-05-14] (Avast Software)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5906088 2015-10-28] (Fitbit, Inc.)
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [109352 2016-10-22] (SurfRight B.V.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273232 2016-04-20] (Lenovo)
R2 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [216072 2012-05-24] (Nitro PDF Software)
R3 Power Manager DBC Service; C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.EXE [63744 2015-03-13] (Lenovo)
S3 PwmEWSvc; C:\Program Files (x86)\Lenovo\PowerMgr\PWMEWSVC.EXE [186624 2015-03-13] (Lenovo Group Limited)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [21536 2016-01-13] ()
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-19] (Symantec Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13823216 2016-10-04] (Zemana Ltd.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-05-14] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-05-14] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-05-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-05-14] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-05-14] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-05-14] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-05-14] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-05-14] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-08-05] (AVAST Software)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [161760 2016-04-20] (AVAST Software)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-06-17] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2014-06-17] (Acronis International GmbH)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [323392 2016-05-14] (Avast Software)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2014-06-17] (Acronis International GmbH)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2016-10-22] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2016-10-22] (Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-24 19:12 - 2016-10-24 19:12 - 00020250 _____ C:\Users\Gregg\Desktop\FRST.txt
2016-10-24 04:43 - 2016-10-24 04:43 - 00000102 _____ C:\Users\Gregg\Desktop\FRST2.txt
2016-10-24 04:41 - 2016-10-24 04:43 - 00039570 _____ C:\Users\Gregg\Desktop\Addition2.txt
2016-10-23 22:09 - 2016-10-23 22:09 - 00004418 _____ C:\Users\Gregg\Desktop\CheckDisk log.odt
2016-10-23 12:56 - 2016-10-23 12:56 - 00002346 _____ C:\Users\Gregg\Desktop\aswMBR.txt
2016-10-23 12:56 - 2016-10-23 12:56 - 00000512 _____ C:\Users\Gregg\Desktop\MBR.dat
2016-10-23 12:48 - 2016-10-23 12:44 - 05198336 _____ (AVAST Software) C:\Users\Gregg\Desktop\aswMBR.exe
2016-10-23 12:31 - 2016-10-24 04:41 - 00067827 _____ C:\Users\Gregg\Desktop\FRST1.txt
2016-10-23 12:31 - 2016-10-23 12:32 - 00038847 _____ C:\Users\Gregg\Desktop\Addition1.txt
2016-10-23 12:30 - 2016-10-24 19:12 - 00000000 ____D C:\FRST
2016-10-23 12:30 - 2016-10-23 12:28 - 02407424 _____ (Farbar) C:\Users\Gregg\Desktop\FRST64.exe
2016-10-22 21:03 - 2016-10-22 21:03 - 00000770 _____ C:\Users\Gregg\Desktop\MTB.txt
2016-10-22 19:23 - 2016-10-24 19:12 - 00078947 _____ C:\Windows\ZAM.krnl.trace
2016-10-22 19:23 - 2016-10-24 19:12 - 00038594 _____ C:\Windows\ZAM_Guard.krnl.trace
2016-10-22 19:22 - 2016-10-22 19:22 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2016-10-22 19:22 - 2016-10-22 19:22 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2016-10-22 19:22 - 2016-10-22 19:22 - 00001159 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2016-10-22 19:22 - 2016-10-22 19:22 - 00000000 ____D C:\Users\Gregg\AppData\Local\Zemana
2016-10-22 19:22 - 2016-10-22 19:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2016-10-22 19:22 - 2016-10-22 19:22 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2016-10-22 18:54 - 2016-10-22 18:56 - 00002050 _____ C:\Users\Gregg\Desktop\Rkill.txt
2016-10-22 18:54 - 2016-10-22 18:54 - 00002531 _____ C:\Users\Gregg\Desktop\JRT2.txt
2016-10-22 18:48 - 2016-10-22 17:05 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Gregg\Desktop\rkill.exe
2016-10-22 18:48 - 2016-10-22 17:04 - 00892416 _____ (Farbar) C:\Users\Gregg\Desktop\MiniToolBox.exe
2016-10-22 18:48 - 2016-10-22 16:50 - 05363600 _____ ( ) C:\Users\Gregg\Desktop\Zemana.AntiMalware.Setup.exe
2016-10-22 17:40 - 2016-10-22 17:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2016-10-22 15:11 - 2016-10-22 17:40 - 00000000 ____D C:\Program Files\HitmanPro
2016-10-22 15:07 - 2016-10-22 15:35 - 00000000 ____D C:\ProgramData\HitmanPro
2016-10-22 13:38 - 2016-10-22 18:59 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-10-22 13:37 - 2016-10-22 13:37 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-10-22 13:37 - 2016-10-22 13:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-10-22 13:37 - 2016-10-22 13:37 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-10-22 13:37 - 2016-10-22 13:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-10-22 13:37 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-10-22 13:37 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-10-22 13:37 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-10-22 13:35 - 2016-10-22 18:54 - 00002531 _____ C:\Users\Gregg\Desktop\JRT.txt
2016-10-22 13:23 - 2016-10-22 13:28 - 00000000 ____D C:\AdwCleaner
2016-10-22 13:22 - 2016-10-22 13:17 - 09741664 _____ (SurfRight B.V.) C:\Users\Gregg\Desktop\HitmanPro_x64.exe
2016-10-22 13:22 - 2016-10-22 13:16 - 22851472 _____ (Malwarebytes ) C:\Users\Gregg\Desktop\mbam-setup-2.2.1.1043.exe
2016-10-22 13:22 - 2016-10-22 13:14 - 01631928 _____ (Malwarebytes) C:\Users\Gregg\Desktop\JRT.exe
2016-10-22 13:22 - 2016-10-22 13:11 - 03910208 _____ C:\Users\Gregg\Desktop\adwcleaner_6.030.exe
2016-10-20 10:16 - 2016-10-20 10:16 - 00000000 ____H C:\Users\Tracie\AppData\Local\BITC84D.tmp
2016-10-20 10:15 - 2016-10-20 10:15 - 00000000 _____ C:\Users\Tracie\AppData\Local\{3783B7E6-30B8-4310-94B2-9CA51388D5F4}
2016-10-11 20:46 - 2016-09-30 11:37 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-10-11 20:46 - 2016-09-30 11:20 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-10-11 20:46 - 2016-09-30 11:20 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-10-11 20:46 - 2016-09-30 03:55 - 25765376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-10-11 20:46 - 2016-09-30 02:25 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-10-11 20:46 - 2016-09-30 02:25 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-10-11 20:46 - 2016-09-30 02:09 - 06048256 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-10-11 20:46 - 2016-09-30 01:47 - 20306944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-10-11 20:46 - 2016-09-30 01:42 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-10-11 20:46 - 2016-09-30 01:38 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-10-11 20:46 - 2016-09-30 01:32 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-10-11 20:46 - 2016-09-30 01:31 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-10-11 20:46 - 2016-09-30 01:21 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-10-11 20:46 - 2016-09-30 01:17 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-10-11 20:46 - 2016-09-30 01:12 - 04608512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-10-11 20:46 - 2016-09-30 01:05 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-10-11 20:46 - 2016-09-30 01:05 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-10-11 20:46 - 2016-09-30 01:03 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-10-11 20:46 - 2016-09-30 00:46 - 02444288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-10-11 20:46 - 2016-09-30 00:43 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-10-11 20:46 - 2016-09-15 11:30 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-10-11 20:46 - 2016-09-12 17:08 - 01465344 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-10-11 20:46 - 2016-09-12 16:37 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-10-11 20:46 - 2016-09-12 15:08 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2016-10-11 20:46 - 2016-09-12 14:43 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-10-11 20:46 - 2016-09-12 14:43 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-10-11 20:46 - 2016-09-10 12:19 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-10-11 20:46 - 2016-09-10 11:53 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-10-11 20:46 - 2016-09-08 10:55 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-10-11 20:46 - 2016-09-08 10:55 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2016-10-11 20:46 - 2016-08-16 14:47 - 00419640 _____ C:\Windows\SysWOW64\locale.nls
2016-10-11 20:46 - 2016-08-16 14:47 - 00419640 _____ C:\Windows\system32\locale.nls
2016-10-11 20:46 - 2016-08-12 13:02 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-10-11 20:46 - 2016-08-12 13:02 - 12574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-10-11 20:46 - 2016-08-12 12:47 - 12574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-10-11 20:46 - 2016-08-12 12:47 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-10-11 20:46 - 2016-08-12 12:26 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2016-10-11 20:46 - 2016-08-06 11:31 - 02023424 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2016-10-11 20:46 - 2016-08-06 11:31 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2016-10-11 20:46 - 2016-08-06 11:31 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2016-10-11 20:46 - 2016-08-06 11:31 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2016-10-11 20:46 - 2016-08-06 11:15 - 01178112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2016-10-11 20:46 - 2016-08-06 11:15 - 00249344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2016-10-11 20:46 - 2016-08-06 11:15 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2016-10-11 20:46 - 2016-08-06 11:15 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2016-10-11 20:46 - 2016-08-06 11:01 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2016-10-11 20:46 - 2016-08-06 10:53 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2016-10-11 20:46 - 2016-06-14 13:21 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2016-10-11 20:46 - 2016-06-14 13:16 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-10-11 20:46 - 2016-06-14 13:16 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-10-11 20:46 - 2016-06-14 13:16 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2016-10-11 20:46 - 2016-06-14 13:16 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2016-10-11 20:46 - 2016-06-14 13:16 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2016-10-11 20:46 - 2016-06-14 13:16 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2016-10-11 20:46 - 2016-06-14 13:16 - 00680448 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2016-10-11 20:46 - 2016-06-14 13:16 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-10-11 20:46 - 2016-06-14 13:16 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2016-10-11 20:46 - 2016-06-14 13:16 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2016-10-11 20:46 - 2016-06-14 13:16 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2016-10-11 20:46 - 2016-06-14 13:16 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-10-11 20:46 - 2016-06-14 13:16 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-10-11 20:46 - 2016-06-14 13:16 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2016-10-11 20:46 - 2016-06-14 13:16 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2016-10-11 20:46 - 2016-06-14 13:16 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-10-11 20:46 - 2016-06-14 13:16 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2016-10-11 20:46 - 2016-06-14 13:11 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2016-10-11 20:46 - 2016-06-14 11:21 - 03209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-10-11 20:46 - 2016-06-14 11:21 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-10-11 20:46 - 2016-06-14 11:21 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2016-10-11 20:46 - 2016-06-14 11:21 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2016-10-11 20:46 - 2016-06-14 11:21 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2016-10-11 20:46 - 2016-06-14 11:21 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2016-10-11 20:46 - 2016-06-14 11:21 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-10-11 20:46 - 2016-06-14 11:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-10-11 20:46 - 2016-06-14 11:21 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2016-10-11 20:46 - 2016-06-14 11:21 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2016-10-11 20:46 - 2016-06-14 11:21 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2016-10-11 20:46 - 2016-06-14 11:21 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-10-11 20:46 - 2016-06-14 11:21 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2016-10-11 20:46 - 2016-06-14 11:15 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2016-10-11 20:45 - 2016-09-30 16:13 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-10-11 20:45 - 2016-09-30 15:28 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-10-11 20:45 - 2016-09-30 02:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-10-11 20:45 - 2016-09-30 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-10-11 20:45 - 2016-09-30 02:26 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-10-11 20:45 - 2016-09-30 02:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-10-11 20:45 - 2016-09-30 02:25 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-10-11 20:45 - 2016-09-30 02:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-10-11 20:45 - 2016-09-30 02:18 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-10-11 20:45 - 2016-09-30 02:17 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-10-11 20:45 - 2016-09-30 02:14 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-10-11 20:45 - 2016-09-30 02:13 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-10-11 20:45 - 2016-09-30 02:13 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-10-11 20:45 - 2016-09-30 02:12 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-10-11 20:45 - 2016-09-30 02:12 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-10-11 20:45 - 2016-09-30 02:05 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-10-11 20:45 - 2016-09-30 02:02 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-10-11 20:45 - 2016-09-30 01:55 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-10-11 20:45 - 2016-09-30 01:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-10-11 20:45 - 2016-09-30 01:54 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-10-11 20:45 - 2016-09-30 01:51 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-10-11 20:45 - 2016-09-30 01:50 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-10-11 20:45 - 2016-09-30 01:47 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-10-11 20:45 - 2016-09-30 01:46 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-10-11 20:45 - 2016-09-30 01:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-10-11 20:45 - 2016-09-30 01:42 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-10-11 20:45 - 2016-09-30 01:42 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-10-11 20:45 - 2016-09-30 01:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-10-11 20:45 - 2016-09-30 01:36 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-10-11 20:45 - 2016-09-30 01:35 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-10-11 20:45 - 2016-09-30 01:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-10-11 20:45 - 2016-09-30 01:33 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-10-11 20:45 - 2016-09-30 01:33 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-10-11 20:45 - 2016-09-30 01:32 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-10-11 20:45 - 2016-09-30 01:32 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-10-11 20:45 - 2016-09-30 01:32 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-10-11 20:45 - 2016-09-30 01:31 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-10-11 20:45 - 2016-09-30 01:24 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-10-11 20:45 - 2016-09-30 01:19 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-10-11 20:45 - 2016-09-30 01:19 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-10-11 20:45 - 2016-09-30 01:17 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-10-11 20:45 - 2016-09-30 01:15 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-10-11 20:45 - 2016-09-30 01:14 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-10-11 20:45 - 2016-09-30 01:13 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-10-11 20:45 - 2016-09-30 01:07 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-10-11 20:45 - 2016-09-30 01:05 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-10-11 20:45 - 2016-09-30 01:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-10-11 20:45 - 2016-09-30 00:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-10-11 20:45 - 2016-09-30 00:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-10-11 20:45 - 2016-09-15 11:30 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-10-11 20:45 - 2016-09-15 11:15 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-10-11 20:45 - 2016-09-15 11:15 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-10-11 20:45 - 2016-09-12 17:13 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-10-11 20:45 - 2016-09-12 17:13 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-10-11 20:45 - 2016-09-12 17:08 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-10-11 20:45 - 2016-09-12 17:08 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-10-11 20:45 - 2016-09-12 17:08 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-10-11 20:45 - 2016-09-12 17:08 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-10-11 20:45 - 2016-09-12 17:08 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-10-11 20:45 - 2016-09-12 17:08 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-10-11 20:45 - 2016-09-12 17:08 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-10-11 20:45 - 2016-09-12 17:08 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-10-11 20:45 - 2016-09-12 17:08 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-10-11 20:45 - 2016-09-12 17:08 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-10-11 20:45 - 2016-09-12 17:08 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-10-11 20:45 - 2016-09-12 17:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2016-10-11 20:45 - 2016-09-12 17:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-10-11 20:45 - 2016-09-12 17:08 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-10-11 20:45 - 2016-09-12 17:08 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-10-11 20:45 - 2016-09-12 17:08 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-10-11 20:45 - 2016-09-12 17:08 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-10-11 20:45 - 2016-09-12 17:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-10-11 20:45 - 2016-09-12 16:49 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-10-11 20:45 - 2016-09-12 16:49 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-10-11 20:45 - 2016-09-12 16:49 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-10-11 20:45 - 2016-09-12 16:49 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-10-11 20:45 - 2016-09-12 16:49 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-10-11 20:45 - 2016-09-12 16:49 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-10-11 20:45 - 2016-09-12 16:49 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-10-11 20:45 - 2016-09-12 16:49 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-10-11 20:45 - 2016-09-12 16:49 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-10-11 20:45 - 2016-09-12 16:49 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-10-11 20:45 - 2016-09-12 16:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-10-11 20:45 - 2016-09-12 16:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll
2016-10-11 20:45 - 2016-09-12 16:49 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-10-11 20:45 - 2016-09-12 16:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-10-11 20:45 - 2016-09-12 16:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-10-11 20:45 - 2016-09-12 16:49 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-10-11 20:45 - 2016-09-12 16:39 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-10-11 20:45 - 2016-09-12 16:32 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-10-11 20:45 - 2016-09-12 16:32 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-10-11 20:45 - 2016-09-12 16:32 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-10-11 20:45 - 2016-09-12 16:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-10-11 20:45 - 2016-09-12 16:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-10-11 20:45 - 2016-09-12 16:25 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-10-11 20:45 - 2016-09-09 14:29 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-10-11 20:45 - 2016-09-09 14:26 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-10-11 20:45 - 2016-09-09 14:23 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 14:01 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-10-11 20:45 - 2016-09-09 14:00 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-10-11 20:45 - 2016-09-09 14:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-10-11 20:45 - 2016-09-09 14:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-10-11 20:45 - 2016-09-09 14:00 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-10-11 20:45 - 2016-09-09 13:59 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-10-11 20:45 - 2016-09-09 13:59 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-10-11 20:45 - 2016-09-09 13:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-10-11 20:45 - 2016-09-09 13:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 13:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 13:51 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-10-11 20:45 - 2016-09-09 13:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-10-11 20:45 - 2016-09-09 13:51 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-10-11 20:45 - 2016-09-09 13:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-10-11 20:45 - 2016-09-09 13:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-10-11 20:45 - 2016-09-09 13:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-10-11 20:45 - 2016-09-09 13:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-10-11 20:45 - 2016-09-09 13:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-10-11 20:45 - 2016-09-09 13:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-10-11 20:45 - 2016-09-09 13:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-10-11 20:45 - 2016-09-09 13:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 13:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 13:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-10-11 20:45 - 2016-09-08 16:34 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2016-10-11 20:45 - 2016-09-08 16:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2016-10-11 20:45 - 2016-09-08 16:34 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2016-10-11 20:45 - 2016-09-08 16:34 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2016-10-11 20:45 - 2016-08-12 13:02 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-10-11 20:45 - 2016-08-12 13:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-10-11 20:45 - 2016-08-12 13:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-10-11 20:45 - 2016-08-12 12:31 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2016-10-11 20:45 - 2016-08-12 12:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2016-10-11 20:45 - 2016-08-12 12:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2016-10-11 20:45 - 2016-08-06 11:31 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
2016-10-11 20:45 - 2016-08-06 11:31 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2016-10-11 20:45 - 2016-08-06 11:15 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll
2016-10-11 20:45 - 2016-08-06 11:01 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
2016-10-11 20:45 - 2016-08-06 10:53 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe
2016-10-11 20:45 - 2016-08-06 10:53 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll
2016-10-11 20:45 - 2016-06-14 13:16 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-10-11 20:45 - 2016-06-14 13:16 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2016-10-11 20:45 - 2016-06-14 13:16 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2016-10-11 20:45 - 2016-06-14 13:16 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-10-11 20:45 - 2016-06-14 13:16 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-10-11 20:45 - 2016-06-14 13:16 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-10-11 20:45 - 2016-06-14 13:16 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2016-10-11 20:45 - 2016-06-14 13:16 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2016-10-11 20:45 - 2016-06-14 13:16 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2016-10-11 20:45 - 2016-06-14 13:16 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2016-10-11 20:45 - 2016-06-14 13:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-10-11 20:45 - 2016-06-14 11:21 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-10-11 20:45 - 2016-06-14 11:21 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2016-10-11 20:45 - 2016-06-14 11:21 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2016-10-11 20:45 - 2016-06-14 11:21 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-10-11 20:45 - 2016-06-14 11:21 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-10-11 20:45 - 2016-06-14 11:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2016-10-11 20:45 - 2016-06-14 11:21 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-10-11 20:45 - 2016-06-14 11:21 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2016-10-11 20:45 - 2016-06-14 11:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-10-11 20:45 - 2016-06-14 11:15 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-10-11 20:45 - 2016-06-14 11:15 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-10-11 20:45 - 2016-06-14 11:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-10-11 20:45 - 2016-06-14 11:05 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-10-11 20:45 - 2016-06-14 11:00 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2016-10-11 20:45 - 2016-06-14 11:00 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2016-10-11 20:44 - 2016-09-12 17:17 - 00077032 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-10-11 20:44 - 2016-09-12 17:08 - 01226752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-10-11 20:44 - 2016-09-09 11:54 - 01629184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-10-11 20:44 - 2016-09-09 11:54 - 00586752 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-10-11 20:44 - 2016-09-09 11:54 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-10-11 20:44 - 2016-09-09 11:54 - 00314368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-10-11 20:44 - 2016-09-09 11:54 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-10-11 20:44 - 2016-09-09 11:54 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-10-11 20:44 - 2016-09-09 11:54 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-10-11 20:44 - 2016-08-29 11:31 - 14183424 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-10-11 20:44 - 2016-08-29 11:31 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-10-11 20:44 - 2016-08-29 11:31 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-10-11 20:44 - 2016-08-29 11:12 - 12880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-10-11 20:44 - 2016-08-29 11:12 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-10-11 20:44 - 2016-08-29 11:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-10-11 20:44 - 2016-08-29 11:04 - 03229696 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-10-11 20:44 - 2016-08-29 10:55 - 02972672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-10-11 20:44 - 2016-08-16 16:40 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2016-10-11 20:44 - 2016-08-16 16:40 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2016-10-11 20:44 - 2016-08-16 16:40 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2016-10-11 20:44 - 2016-08-16 16:40 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2016-10-11 20:44 - 2016-08-16 16:40 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2016-10-11 20:44 - 2016-08-16 16:40 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2016-10-11 20:44 - 2016-08-16 16:40 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2016-10-11 20:43 - 2016-07-22 10:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2016-10-11 20:43 - 2016-07-22 10:51 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2016-10-03 09:55 - 2016-10-03 09:55 - 00025356 _____ C:\Users\Tracie\Downloads\dancing-script-ot.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-24 19:09 - 2016-07-29 09:51 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d1e9a04b0975c1.job
2016-10-24 19:09 - 2016-07-29 09:51 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1e9a04ad0d8bd.job
2016-10-24 05:03 - 2009-07-14 00:45 - 00034432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-10-24 05:03 - 2009-07-14 00:45 - 00034432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-10-24 04:37 - 2014-06-23 11:29 - 00000000 ___RD C:\Users\Gregg\Sync
2016-10-24 04:36 - 2013-08-10 11:48 - 00000000 ____D C:\Users\Gregg
2016-10-24 04:34 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-23 13:35 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2016-10-23 12:31 - 2009-07-14 01:13 - 00782010 _____ C:\Windows\system32\PerfStringBackup.INI
2016-10-23 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-10-22 18:26 - 2013-10-29 07:49 - 00037888 ___SH C:\Users\Tracie\Thumbs.db
2016-10-22 16:02 - 2016-04-18 13:14 - 00000000 ____D C:\Users\Gregg\Desktop\Old Firefox Data
2016-10-22 14:08 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system
2016-10-22 12:30 - 2013-08-10 13:48 - 00000000 ____D C:\Users\Gregg\AppData\Local\ElevatedDiagnostics
2016-10-22 12:30 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2016-10-21 09:28 - 2013-08-11 08:34 - 00000000 ____D C:\Users\Tracie\AppData\LocalLow\VeriSign
2016-10-17 13:34 - 2016-06-18 22:12 - 00000000 ____D C:\Users\Tracie\AppData\Roaming\Skype
2016-10-17 13:25 - 2014-03-18 17:00 - 00000000 ____D C:\Users\Tracie\AppData\Local\ElevatedDiagnostics
2016-10-17 13:10 - 2016-06-18 22:11 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-10-17 13:10 - 2014-10-19 10:33 - 00000000 ____D C:\ProgramData\Skype
2016-10-17 13:06 - 2009-07-14 01:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-10-17 13:05 - 2013-09-13 08:15 - 00000000 ___RD C:\Users\Tracie\Virtual Machines
2016-10-17 13:05 - 2009-07-14 00:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-10-16 13:46 - 2013-08-18 13:54 - 00000000 ___RD C:\Users\Gregg\Virtual Machines
2016-10-16 13:46 - 2013-08-10 11:50 - 00106016 _____ C:\Users\Gregg\AppData\Local\GDIPFONTCACHEV1.DAT
2016-10-16 13:44 - 2009-07-14 00:45 - 00407440 _____ C:\Windows\system32\FNTCACHE.DAT
2016-10-16 13:42 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-10-16 13:42 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\Dism
2016-10-16 13:41 - 2014-12-11 18:08 - 00000000 ____D C:\Windows\system32\appraiser
2016-10-16 13:41 - 2014-05-02 09:12 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-10-16 13:40 - 2013-08-11 11:27 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-10-16 13:40 - 2013-08-11 11:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-10-11 20:58 - 2013-11-21 20:41 - 00000000 ____D C:\Windows\system32\MRT
2016-10-11 20:51 - 2013-11-21 20:41 - 143495576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-10-11 20:50 - 2013-08-11 11:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-10-11 20:32 - 2013-10-07 18:39 - 00000000 ____D C:\Users\Tracie\AppData\Roaming\Nitro PDF
2016-10-06 12:40 - 2013-08-11 08:32 - 00106016 _____ C:\Users\Tracie\AppData\Local\GDIPFONTCACHEV1.DAT
2016-10-04 10:57 - 2013-05-13 18:48 - 00002206 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

==================== Files in the root of some directories =======

2014-12-26 13:23 - 2016-05-26 00:26 - 0000291 _____ () C:\Users\Gregg\AppData\Roaming\WB.CFG
2015-03-21 11:23 - 2015-03-21 11:23 - 0274045 _____ () C:\Users\Gregg\AppData\Local\dsi1.dat
2015-03-21 11:23 - 2015-03-21 11:23 - 0161916 _____ () C:\Users\Gregg\AppData\Local\dsi2.dat

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-10-23 11:34

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-10-2016
Ran by Gregg (24-10-2016 19:13:20)
Running from C:\Users\Gregg\Desktop
Windows 7 Professional Service Pack 1 (X64) (2013-08-10 15:48:41)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1075821121-420814958-1993860820-500 - Administrator - Disabled)
Danny (S-1-5-21-1075821121-420814958-1993860820-1008 - Limited - Enabled) => C:\Users\Danny
Gregg (S-1-5-21-1075821121-420814958-1993860820-1000 - Administrator - Enabled) => C:\Users\Gregg
Guest (S-1-5-21-1075821121-420814958-1993860820-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1075821121-420814958-1993860820-1002 - Limited - Enabled)
Sam (S-1-5-21-1075821121-420814958-1993860820-1007 - Limited - Enabled) => C:\Users\Sam
Tracie (S-1-5-21-1075821121-420814958-1993860820-1006 - Administrator - Enabled) => C:\Users\Tracie

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acronis True Image 2014 (HKLM-x32\...\{6B38A7DF-F641-45D5-BBCA-3E676ABCF5C8}Visible) (Version: 17.0.6673 - Acronis)
Acronis True Image 2014 (x32 Version: 17.0.6673 - Acronis) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.198 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Photoshop 6.0 (HKLM-x32\...\Adobe Photoshop 6.0) (Version: 6.0 - Adobe Systems, Inc.)
Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Adobe SVG Viewer (HKLM-x32\...\Adobe SVG Viewer) (Version: 1.0 - Adobe Systems, Inc.)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 11.2.2262 - AVAST Software)
Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden
Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
EPSON NX430 Series Printer Uninstall (HKLM\...\EPSON NX430 Series) (Version: - SEIKO EPSON Corporation)
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.15 - Evernote Corp.)
Fitbit Connect (HKLM-x32\...\{6EB73D9D-645E-415B-8008-83C3CB865968}) (Version: 2.0.1.6742 - Fitbit Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.143 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.3.193 - SurfRight B.V.)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2696 - Intel Corporation)
Intel(R) Processor ID Utility (HKLM-x32\...\{A92A4DB0-CD37-42D1-BE1D-603D53C24328}) (Version: 4.70.0000 - Intel(R) Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo SimpleTap (HKLM\...\{BF601122-9F0A-41A9-BA06-3158D9FB4B80}) (Version: 3.2.0004.00 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{AB46AC6D-3E9A-4484-8061-64FF10301B41}) (Version: 3.3.002.00 - Lenovo)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.07.0022 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}) (Version: 3.1.0020.00 - Lenovo Group Limited)
Logitech Vid (HKLM-x32\...\{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}) (Version: 1.10.1009 - Logitech Inc.)
Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM\...\{3849486C-FF09-4F5D-B491-3E179D58EE15}) (Version: 3.1.0004.00 - Lenovo Group Limited)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 46.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 en-US)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla)
Nalpeiron License Management (x32 Version: 6.3.9.1 - Nalpeiron) Hidden
Nitro Pro 7 (HKLM\...\{8E0790DA-185E-4DC1-8A88-750B2A6218FD}) (Version: 7.4.1.4 - Nitro PDF Software)
Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}_is1) (Version: 3.40.0001 - Lenovo Group Limited)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 1.12.0016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6602 - Realtek Semiconductor Corp.)
SafeZone Stable 1.48.2066.101 (x32 Version: 1.48.2066.101 - Avast Software) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 7.29 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.101 - Skype Technologies S.A.)
Sure Cuts A Lot Pro 3.059 (HKLM-x32\...\Sure Cuts A Lot 3 Pro_is1) (Version: - Craft Edge)
Sure Cuts A Lot Pro 4.018 (HKLM-x32\...\Sure Cuts A Lot 4 Pro_is1) (Version: - Craft Edge)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 3.0.30.0 - Lenovo)
View Management Utility (HKLM-x32\...\InstallShield_{C6254514-DD94-45E5-87C0-B9CB90A34C89}) (Version: 3.0.12.0329 - Lenovo)
View Management Utility (Version: 3.0.12.0329 - Lenovo) Hidden
VIP Access (HKLM-x32\...\{E8D46836-CD55-453C-A107-A59EC51CB8DC}) (Version: 2.0.5.13 - VeriSign)
Windows Driver Package - Intel Corporation (igfx) Display (03/19/2012 8.15.10.2696) (HKLM\...\6AF882A8E50505CE490495746E271C3F586F9110) (Version: 03/19/2012 8.15.10.2696 - Intel Corporation)
Windows Driver Package - Intel hdc (09/10/2010 9.2.0.1011) (HKLM\...\171901D8B4D5484C362A709BF264A50F065A14FB) (Version: 09/10/2010 9.2.0.1011 - Intel)
Windows Driver Package - Intel System (08/26/2011 9.3.0.1011) (HKLM\...\D8EF6CACF49BD33CC1FACD124C8CC2B1A8E8AE35) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows Driver Package - Intel System (09/10/2010 9.2.0.1011) (HKLM\...\0CDBDD444A1F5FFEA227B4E7DCE195F11F08240A) (Version: 09/10/2010 9.2.0.1011 - Intel)
Windows Driver Package - Intel System (11/20/2010 9.2.0.1016) (HKLM\...\43B5066463CEBC83E99586A67037B6F9FC4193FE) (Version: 11/20/2010 9.2.0.1016 - Intel)
Windows Driver Package - Intel USB (12/21/2010 9.2.0.1021) (HKLM\...\0DD5528A211904214F70A66DE6ADBD378B21566D) (Version: 12/21/2010 9.2.0.1021 - Intel)
Windows Driver Package - Realtek (RTL8167) Net (11/23/2011 7.050.1123.2011) (HKLM\...\93D0B653D730EB57C01C763D1BE4E63ABC9204F0) (Version: 11/23/2011 7.050.1123.2011 - Realtek)
Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (03/27/2012 6.0.1.6602) (HKLM\...\88CB7AA478955801F99FBF6D2BCF739BEB87A7F3) (Version: 03/27/2012 6.0.1.6602 - Realtek Semiconductor Corp.)
Windows Driver Package - USCutter Printer (06/05/2013 6.10.00.00) (HKLM\...\BFB0583D91751D3AE3269361E5E5640FD085A8BD) (Version: 06/05/2013 6.10.00.00 - USCutter)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.50.133 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {018ABB0D-1399-47B9-90A5-3A2821BC415B} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-04-20] (Lenovo)
Task: {0643C391-21B5-463D-A812-7361B7AAFF96} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-05-14] (AVAST Software)
Task: {21F25E3C-3CF6-473D-AD00-668B533E23F7} - System32\Tasks\GoogleUpdateTaskMachineCore1d1e9a04ad0d8bd => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {28C17811-A1D3-4EBE-A623-4296AB34898E} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-04] (AVAST Software)
Task: {2969E9CB-3EFB-4840-9973-EBD3391A39CF} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2016-01-13] ()
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {42BCC1E4-E859-407E-A85E-3A2545A583FC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-14] (Adobe Systems Incorporated)
Task: {5C74CD5B-9CC0-4F20-9613-A9EAA16801BB} - System32\Tasks\Lenovo\SimpleTap\Start SimpleTap for Desktop.Tracie => C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe [2012-05-15] (Lenovo)
Task: {5DD8BA87-AB26-4CCF-91D7-FF0BDB63C2DD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {6B4E0CEF-F8E3-49EE-B180-013723CC5439} - System32\Tasks\GoogleUpdateTaskMachineUA1d1e9a04b0975c1 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {79AFF3E0-A380-4D61-B0AF-818373518F34} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSC.Services.UpdateStatusService.exe [2016-04-20] ()
Task: {7BE2E53B-E28D-4E6C-B477-90F782EA2EEA} - System32\Tasks\PMTask => C:\Program Files (x86)\Lenovo\PowerMgr\PwmIdTsv.exe [2015-03-13] (Lenovo Group Limited)
Task: {7F7AD088-DAEE-4B59-B976-4E0CE2F6EF94} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-08-08] (Lenovo)
Task: {7FBADBDC-DA0D-43A1-BEB3-ED34417A18C4} - System32\Tasks\Lenovo\SimpleTap\Start SimpleTap for Desktop.Gregg => C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe [2012-05-15] (Lenovo)
Task: {8938C1B5-8F71-4E02-82B1-0AAF392FCA1A} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-04-20] (Lenovo)
Task: {8E45E960-9322-4E0A-862F-C435DAC5EE12} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {96EE4EF5-9FF6-4943-A210-FAD03A96E6AF} - System32\Tasks\SafeZone scheduled Autoupdate 1461164679 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software)
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {B58D5023-57C7-4125-B0E3-31A02B41A40F} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {B7501F25-9238-4B99-8672-60AD59D5A88E} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2012-05-15] (Lenovo)
Task: {B7A8AB88-25DA-4964-A100-223C1B865CC7} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {C3D91A5E-F5BB-4AF4-BC8D-3DC2FC7D687B} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2016-04-20] (Lenovo)
Task: {C4A052DC-0560-4DEE-9745-A3FD7989F48E} - System32\Tasks\{936CADE8-B331-4107-92E2-1CAD683B5F8F} => C:\Program Files (x86)\Adobe\Photoshop 6.0\Photoshp.exe [2013-08-10] (Adobe Systems, Incorporated)
Task: {CA3BF145-5A51-47D6-AC8D-66B74AD303D5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {D5450CD3-E085-472A-9F22-9DBE53B71C07} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {DC824F79-BC91-4E40-A6E5-04361D8736DE} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2016-04-20] (Lenovo)
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1e9a04ad0d8bd.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d1e9a04b0975c1.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Gregg\Documents\WD 1TB Hard Disc Instructions\Extras\Adobe Reader Download.lnk -> hxxp://get.adobe.com/reader/

==================== Loaded Modules (Whitelisted) ==============

2013-10-01 10:26 - 2013-10-01 10:26 - 02810968 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll
2012-05-24 02:04 - 2012-05-24 02:04 - 00108040 _____ () C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NPShellExtension64.dll
2016-10-22 19:22 - 2016-10-22 19:22 - 00152944 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2013-05-13 18:21 - 2012-03-19 03:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2009-10-14 13:36 - 2009-10-14 13:36 - 02793304 _____ () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
2009-10-14 13:34 - 2009-10-14 13:34 - 00560472 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
2015-05-24 15:40 - 2015-03-13 13:59 - 00035584 _____ () C:\Program Files (x86)\Lenovo\PowerMgr\US\PWMRT64V.DLL
2016-05-14 11:16 - 2016-05-14 11:16 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-05-14 11:16 - 2016-05-14 11:16 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-10-20 10:38 - 2016-10-20 10:38 - 03121496 _____ () C:\Program Files\AVAST Software\Avast\defs\16102000\algo.dll
2016-05-14 11:16 - 2016-05-14 11:16 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
2016-05-14 11:16 - 2016-05-14 11:16 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 02140944 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\QtCore4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 07704336 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\QtGui4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 00968976 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\QtNetwork4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 00475408 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\QtOpenGL4.dll
2009-07-16 15:35 - 2009-07-16 15:35 - 00363792 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\QtXml4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 00199952 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\QtSql4.dll
2009-07-16 15:35 - 2009-07-16 15:35 - 00027408 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\SDL.dll
2009-07-16 15:35 - 2009-07-16 15:35 - 11311888 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\QtWebKit4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 00291600 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\phonon4.dll
2009-07-16 15:36 - 2009-07-16 15:36 - 00028944 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\plugins\imageformats\qgif4.dll
2009-07-16 15:36 - 2009-07-16 15:36 - 00035088 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\plugins\imageformats\qico4.dll
2009-07-16 15:36 - 2009-07-16 15:36 - 00138000 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\plugins\imageformats\qjpeg4.dll
2013-05-13 18:48 - 2012-07-12 08:59 - 00891392 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtNetwork4.dll
2013-05-13 18:48 - 2012-07-12 08:59 - 02281984 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtCore4.dll
2013-05-13 18:48 - 2012-07-12 08:59 - 00322048 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll
2013-05-13 18:48 - 2012-07-12 08:59 - 00339456 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtXml4.dll
2013-05-13 18:48 - 2012-07-12 08:59 - 00400384 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll
2013-05-13 18:48 - 2012-07-12 08:59 - 00016896 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll
2013-05-13 18:48 - 2012-07-12 08:59 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll
2013-05-13 18:48 - 2012-07-12 08:59 - 00195584 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll
2013-05-13 18:48 - 2012-07-12 08:59 - 00062464 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll
2013-05-13 18:48 - 2012-07-12 08:59 - 00446976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\deviceProfile.dll
2013-05-13 18:48 - 2012-07-12 08:59 - 00019456 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll
2013-05-13 18:48 - 2012-07-12 08:59 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManagerStarter.dll
2016-04-20 10:52 - 2016-04-20 10:52 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-02-04 18:25 - 2014-02-04 18:25 - 00036672 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\qt_icontray_ex.dll
2014-02-04 18:25 - 2014-02-04 18:25 - 00028992 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll
2014-12-11 18:40 - 2014-12-11 18:40 - 40622592 ____R () C:\Program Files (x86)\Fitbit Connect\libcef.dll
2016-05-12 03:52 - 2016-05-12 03:52 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\9494e643d25019b25b5cf70f2ffc0778\IsdiInterop.ni.dll
2013-05-13 18:35 - 2012-02-01 19:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-02-04 18:28 - 2014-02-04 18:28 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2013-05-13 18:33 - 2011-12-15 22:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences [386]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1075821121-420814958-1993860820-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Gregg\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1 - 75.75.75.75
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{CC66B248-AB88-4E33-9BA2-7982C8B00370}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{48B3AD3E-0951-4565-BB1F-E89D65BB154A}] => (Allow) LPort=2869
FirewallRules: [{2A5CC059-E2B7-4A3C-B897-49516F478909}] => (Allow) LPort=1900
FirewallRules: [{03B568EE-4C24-4134-869E-9DCE3AFF2CC2}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{B7156865-9D74-4732-9E97-706F7BC3FC24}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [TCP Query User{FBF16CEF-BE24-4798-A928-1632243FDD98}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => (Block) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe
FirewallRules: [UDP Query User{E87A58D8-8DC4-4528-8B6C-AC1CE2AB7574}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => (Block) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe
FirewallRules: [TCP Query User{B4684E96-524A-497B-8FFC-ACFCDC93393D}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => (Block) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe
FirewallRules: [UDP Query User{DC6D32BD-5FA8-4864-B0FD-2C86B808B7E7}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => (Block) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe
FirewallRules: [{F85FC0BC-677B-428C-B570-B9D7AB9F8F52}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{C8E0F64C-E97A-44D2-BD89-DF71979F2EE0}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{0C72DF24-765E-431D-8A0B-4E7F22DAB263}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{C92A1C3E-7A57-49B2-AF7A-24149AAD37C2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6893775C-A4B3-4CED-98B7-3230F2CFF8BC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{263CB1DB-5BF9-4548-B478-16768AC3D705}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{29AA7F43-0374-4050-955C-5204AAD4DA88}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{72B69494-5864-4F06-991C-474FD3D224A2}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{F5D3A7F7-9766-4022-8A03-4EC700F3F421}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{E36C4329-578C-4A7B-ACA2-78F864CBEC2C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{D19DA5F0-90E2-4B7F-9075-DBA29636F9EB}] => (Allow) C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe
FirewallRules: [{CC1895BB-1539-4022-9106-11F864684D5A}] => (Allow) C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe
FirewallRules: [{9B320C43-AA48-4D68-A7DF-656FC817EAA7}] => (Allow) C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe
FirewallRules: [{835DE8D0-C4E6-47F8-8F76-8F664B95691E}] => (Allow) C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe

==================== Restore Points =========================

16-09-2016 03:00:40 Windows Update
20-09-2016 08:38:31 Windows Update
22-09-2016 03:00:23 Windows Update
27-09-2016 10:40:37 Windows Update
30-09-2016 12:35:27 Windows Update
04-10-2016 10:39:52 Windows Update
10-10-2016 13:59:10 Windows Update
11-10-2016 20:47:19 Windows Update
16-10-2016 13:49:19 Windows Update
22-10-2016 13:31:24 JRT Pre-Junkware Removal
22-10-2016 18:52:04 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (10/24/2016 04:34:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/23/2016 09:56:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/23/2016 08:14:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/23/2016 10:43:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/22/2016 09:07:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/22/2016 06:53:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LVPrcSrv.exe, version: 12.10.1110.0, time stamp: 0x4acc50c4
Faulting module name: LVPrcSrv.exe, version: 12.10.1110.0, time stamp: 0x4acc50c4
Exception code: 0xc0000005
Fault offset: 0x0000000000007af2
Faulting process id: 0x418
Faulting application start time: 0x01d22c9d3ce4e9cc
Faulting application path: C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
Faulting module path: C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
Report Id: 56f68d37-98aa-11e6-bcf7-7427ea65c8b8

Error: (10/22/2016 03:48:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/22/2016 02:09:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/22/2016 01:33:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LVPrcSrv.exe, version: 12.10.1110.0, time stamp: 0x4acc50c4
Faulting module name: LVPrcSrv.exe, version: 12.10.1110.0, time stamp: 0x4acc50c4
Exception code: 0xc0000005
Fault offset: 0x0000000000007af2
Faulting process id: 0x4c8
Faulting application start time: 0x01d22c89e2b444ea
Faulting application path: C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
Faulting module path: C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
Report Id: b4bf65e6-987d-11e6-9f2e-7427ea65c8b8

Error: (10/22/2016 01:30:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

System errors:
=============
Error: (10/24/2016 06:16:59 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the afcdpsrv service.

Error: (10/24/2016 04:35:42 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (10/23/2016 09:57:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (10/23/2016 08:14:50 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (10/23/2016 12:48:07 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.

Error: (10/23/2016 12:48:06 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.

Error: (10/23/2016 12:48:06 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.

Error: (10/23/2016 12:48:05 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.

Error: (10/23/2016 12:48:05 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.

Error: (10/23/2016 10:49:18 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz
Percentage of memory in use: 43%
Total physical RAM: 3917.78 MB
Available physical RAM: 2210.89 MB
Total Virtual: 7833.75 MB
Available Virtual: 5809.3 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:450.62 GB) (Free:353.97 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:13.67 GB) (Free:3.59 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 30385182)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

TwinHeadedEagle · Oct 25, 2016

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

Right-click on

icon and select

Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finishes FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

skibumm100 · Oct 25, 2016

OK. Houston we have a problem. I think my son hit the Scan button and after the scan he hit the Fix button. Fixlist ran and restarted the computer. Now it has a black screen and says Missing Operating System.

TwinHeadedEagle · Oct 25, 2016

FRST couldn't do that, that must be something else. Can you check your hard drive cables or check if your hard drive is present in BIOS?

skibumm100 · Oct 25, 2016

Well, I don't know what to tell ya. I was on the phone with him when he ran the tools. I will probably have to dig deeper when I get home this weekend. I had my son restart it with the power button and hit F1 when the Lenovo screen came up to enter BIOS setup. I don't know where to look to see if the hard drive is present? I'll have to pull it apart to check the cables this weekend. Not at the computer right now.

TwinHeadedEagle · Oct 26, 2016

Okay, then let's do it over weekend.

skibumm100 · Oct 30, 2016

I'm baaaack, putting on my best Jack Nicholson crazy face. I can't explain it, and I won't try to, but I sat down at he computer, pushed the power button and it started up just like old times. It sounded a little crunchy when it first started so I may have a hard drive on it's way out. They just don't make them like they used to.

Any way, the FRST.txt and fixlog.txt files are pasted below. I'm pretty sure this is the correct FRST log based on the file date. Something odd I noticed on the desktop.....the file fixlog.txt was there but I could not find fixlist.txt. I asked my son if he dragged adropped from the flash drive to the desktop and he said he did. I gotta think it was there or it wouldn't have created fixlog.txt, correct? Should I rerun them?

EDIT: TOO MANY CHARACTERS TO POST BOTH LOGS TOGETHER. SECOND POST TO FOLLOW

FRST first:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-10-2016
Ran by Gregg (administrator) on DESKTOP (25-10-2016 17:08:34)
Running from C:\Users\Gregg\Desktop
Loaded Profiles: Gregg (Available Profiles: Gregg & Tracie & Sam & Danny)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe
(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
() C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
(Lenovo) C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\PowerMgr\SCHTASK.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Home\as_stat_report.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12459112 2012-03-27] (Realtek Semiconductor)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [289648 2012-05-24] (Lenovo Group Limited)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [518424 2013-07-18] (Acronis)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13823216 2016-10-04] (Zemana Ltd.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7408312 2016-07-13] (AVAST Software)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7805936 2014-02-04] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1102192 2013-10-10] (Acronis International GmbH)
HKLM-x32\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM-x32\...\Run: [Power Manager Startup Utility] => C:\Program Files (x86)\Lenovo\PowerMgr\DPMHost.exe [27392 2015-03-13] ()
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1075821121-420814958-1993860820-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2015-03-07] (Google Inc.)
HKU\S-1-5-21-1075821121-420814958-1993860820-1000\...\Run: [Logitech Vid] => C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe [5458704 2009-07-16] (Logitech Inc.)
HKU\S-1-5-21-1075821121-420814958-1993860820-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1075821121-420814958-1993860820-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1075821121-420814958-1993860820-1000\...\MountPoints2: {211a15c6-bc1c-11e2-9931-806e6f6e6963} - Q:\LenovoQDrive.exe
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Windows\System32\Magnify.exe [652800 2009-07-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-05-14] (AVAST Software)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk [2013-08-10]
ShortcutTarget: Adobe Gamma Loader.exe.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
GroupPolicy\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1075821121-420814958-1993860820-1008\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1075821121-420814958-1993860820-1007\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{04175B5E-002F-4C87-B1FF-8266814B0F32}: [DhcpNameServer] 192.168.1.1 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKU\S-1-5-21-1075821121-420814958-1993860820-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKU\S-1-5-21-1075821121-420814958-1993860820-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkcentre
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-04-20] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll [2012-04-19] (Symantec Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-04-20] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll [2012-04-19] (Symantec Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
Toolbar: HKU\S-1-5-21-1075821121-420814958-1993860820-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Gregg\AppData\Roaming\Mozilla\Firefox\Profiles\xtzj8u4d.default-1477166576127 [2016-10-23]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-14]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-05-14]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKLM-x32\...\Firefox\Extensions: [VIP4X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: (Symantec VIP Access Add-On) - C:\Program Files (x86)\Symantec\VIP Access Client [2013-05-13] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-14] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-14] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2011-12-01] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2011-12-01] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll [2012-05-24] ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP"
CHR Profile: C:\Users\Gregg\AppData\Local\Google\Chrome\User Data\Default [2016-10-22]
CHR Extension: (avast! Online Security) - C:\Users\Gregg\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-10-22]
CHR Extension: (Google Wallet) - C:\Users\Gregg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-19]
CHR HKU\S-1-5-21-1075821121-420814958-1993860820-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fkkcgfbgohboipdhliafmacjnhjbhmim] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-04-20]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-05-14] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [5570272 2016-05-14] (Avast Software)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5906088 2015-10-28] (Fitbit, Inc.)
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [109352 2016-10-22] (SurfRight B.V.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273232 2016-04-20] (Lenovo)
R2 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [216072 2012-05-24] (Nitro PDF Software)
R3 Power Manager DBC Service; C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.EXE [63744 2015-03-13] (Lenovo)
S3 PwmEWSvc; C:\Program Files (x86)\Lenovo\PowerMgr\PWMEWSVC.EXE [186624 2015-03-13] (Lenovo Group Limited)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [21536 2016-01-13] ()
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-19] (Symantec Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13823216 2016-10-04] (Zemana Ltd.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-05-14] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-05-14] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-05-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-05-14] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-05-14] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-05-14] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-05-14] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-05-14] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-08-05] (AVAST Software)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [161760 2016-04-20] (AVAST Software)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-06-17] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2014-06-17] (Acronis International GmbH)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [323392 2016-05-14] (Avast Software)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2014-06-17] (Acronis International GmbH)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2016-10-22] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2016-10-22] (Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-25 17:08 - 2016-10-25 17:07 - 00071677 _____ C:\Users\Gregg\Desktop\fixlist.txt
2016-10-24 19:13 - 2016-10-24 19:13 - 00039030 _____ C:\Users\Gregg\Desktop\Addition.txt
2016-10-24 19:12 - 2016-10-25 17:08 - 00020198 _____ C:\Users\Gregg\Desktop\FRST.txt
2016-10-24 04:43 - 2016-10-24 04:43 - 00000102 _____ C:\Users\Gregg\Desktop\FRST2.txt
2016-10-24 04:41 - 2016-10-24 04:43 - 00039570 _____ C:\Users\Gregg\Desktop\Addition2.txt
2016-10-23 22:09 - 2016-10-23 22:09 - 00004418 _____ C:\Users\Gregg\Desktop\CheckDisk log.odt
2016-10-23 12:56 - 2016-10-23 12:56 - 00002346 _____ C:\Users\Gregg\Desktop\aswMBR.txt
2016-10-23 12:56 - 2016-10-23 12:56 - 00000512 _____ C:\Users\Gregg\Desktop\MBR.dat
2016-10-23 12:48 - 2016-10-23 12:44 - 05198336 _____ (AVAST Software) C:\Users\Gregg\Desktop\aswMBR.exe
2016-10-23 12:31 - 2016-10-24 04:41 - 00067827 _____ C:\Users\Gregg\Desktop\FRST1.txt
2016-10-23 12:31 - 2016-10-23 12:32 - 00038847 _____ C:\Users\Gregg\Desktop\Addition1.txt
2016-10-23 12:30 - 2016-10-25 17:08 - 00000000 ____D C:\FRST
2016-10-23 12:30 - 2016-10-23 12:28 - 02407424 _____ (Farbar) C:\Users\Gregg\Desktop\FRST64.exe
2016-10-22 21:03 - 2016-10-22 21:03 - 00000770 _____ C:\Users\Gregg\Desktop\MTB.txt
2016-10-22 19:23 - 2016-10-25 17:08 - 00137709 _____ C:\Windows\ZAM.krnl.trace
2016-10-22 19:23 - 2016-10-25 17:08 - 00097154 _____ C:\Windows\ZAM_Guard.krnl.trace
2016-10-22 19:22 - 2016-10-22 19:22 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2016-10-22 19:22 - 2016-10-22 19:22 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2016-10-22 19:22 - 2016-10-22 19:22 - 00001159 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2016-10-22 19:22 - 2016-10-22 19:22 - 00000000 ____D C:\Users\Gregg\AppData\Local\Zemana
2016-10-22 19:22 - 2016-10-22 19:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2016-10-22 19:22 - 2016-10-22 19:22 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2016-10-22 18:54 - 2016-10-22 18:56 - 00002050 _____ C:\Users\Gregg\Desktop\Rkill.txt
2016-10-22 18:54 - 2016-10-22 18:54 - 00002531 _____ C:\Users\Gregg\Desktop\JRT2.txt
2016-10-22 18:48 - 2016-10-22 17:05 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Gregg\Desktop\rkill.exe
2016-10-22 18:48 - 2016-10-22 17:04 - 00892416 _____ (Farbar) C:\Users\Gregg\Desktop\MiniToolBox.exe
2016-10-22 18:48 - 2016-10-22 16:50 - 05363600 _____ ( ) C:\Users\Gregg\Desktop\Zemana.AntiMalware.Setup.exe
2016-10-22 17:40 - 2016-10-22 17:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2016-10-22 15:11 - 2016-10-22 17:40 - 00000000 ____D C:\Program Files\HitmanPro
2016-10-22 15:07 - 2016-10-22 15:35 - 00000000 ____D C:\ProgramData\HitmanPro
2016-10-22 13:38 - 2016-10-22 18:59 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-10-22 13:37 - 2016-10-22 13:37 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-10-22 13:37 - 2016-10-22 13:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-10-22 13:37 - 2016-10-22 13:37 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-10-22 13:37 - 2016-10-22 13:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-10-22 13:37 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-10-22 13:37 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-10-22 13:37 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-10-22 13:35 - 2016-10-22 18:54 - 00002531 _____ C:\Users\Gregg\Desktop\JRT.txt
2016-10-22 13:23 - 2016-10-22 13:28 - 00000000 ____D C:\AdwCleaner
2016-10-22 13:22 - 2016-10-22 13:17 - 09741664 _____ (SurfRight B.V.) C:\Users\Gregg\Desktop\HitmanPro_x64.exe
2016-10-22 13:22 - 2016-10-22 13:16 - 22851472 _____ (Malwarebytes ) C:\Users\Gregg\Desktop\mbam-setup-2.2.1.1043.exe
2016-10-22 13:22 - 2016-10-22 13:14 - 01631928 _____ (Malwarebytes) C:\Users\Gregg\Desktop\JRT.exe
2016-10-22 13:22 - 2016-10-22 13:11 - 03910208 _____ C:\Users\Gregg\Desktop\adwcleaner_6.030.exe
2016-10-20 10:16 - 2016-10-20 10:16 - 00000000 ____H C:\Users\Tracie\AppData\Local\BITC84D.tmp
2016-10-20 10:15 - 2016-10-20 10:15 - 00000000 _____ C:\Users\Tracie\AppData\Local\{3783B7E6-30B8-4310-94B2-9CA51388D5F4}
2016-10-11 20:46 - 2016-09-30 11:37 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-10-11 20:46 - 2016-09-30 11:20 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-10-11 20:46 - 2016-09-30 11:20 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-10-11 20:46 - 2016-09-30 03:55 - 25765376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-10-11 20:46 - 2016-09-30 02:25 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-10-11 20:46 - 2016-09-30 02:25 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-10-11 20:46 - 2016-09-30 02:09 - 06048256 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-10-11 20:46 - 2016-09-30 01:47 - 20306944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-10-11 20:46 - 2016-09-30 01:42 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-10-11 20:46 - 2016-09-30 01:38 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-10-11 20:46 - 2016-09-30 01:32 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-10-11 20:46 - 2016-09-30 01:31 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-10-11 20:46 - 2016-09-30 01:21 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-10-11 20:46 - 2016-09-30 01:17 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-10-11 20:46 - 2016-09-30 01:12 - 04608512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-10-11 20:46 - 2016-09-30 01:05 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-10-11 20:46 - 2016-09-30 01:05 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-10-11 20:46 - 2016-09-30 01:03 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-10-11 20:46 - 2016-09-30 00:46 - 02444288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-10-11 20:46 - 2016-09-30 00:43 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-10-11 20:46 - 2016-09-15 11:30 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-10-11 20:46 - 2016-09-12 17:08 - 01465344 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-10-11 20:46 - 2016-09-12 16:37 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-10-11 20:46 - 2016-09-12 15:08 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2016-10-11 20:46 - 2016-09-12 14:43 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-10-11 20:46 - 2016-09-12 14:43 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-10-11 20:46 - 2016-09-10 12:19 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-10-11 20:46 - 2016-09-10 11:53 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-10-11 20:46 - 2016-09-08 10:55 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-10-11 20:46 - 2016-09-08 10:55 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2016-10-11 20:46 - 2016-08-16 14:47 - 00419640 _____ C:\Windows\SysWOW64\locale.nls
2016-10-11 20:46 - 2016-08-16 14:47 - 00419640 _____ C:\Windows\system32\locale.nls
2016-10-11 20:46 - 2016-08-12 13:02 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-10-11 20:46 - 2016-08-12 13:02 - 12574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-10-11 20:46 - 2016-08-12 12:47 - 12574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-10-11 20:46 - 2016-08-12 12:47 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-10-11 20:46 - 2016-08-12 12:26 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2016-10-11 20:46 - 2016-08-06 11:31 - 02023424 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2016-10-11 20:46 - 2016-08-06 11:31 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2016-10-11 20:46 - 2016-08-06 11:31 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2016-10-11 20:46 - 2016-08-06 11:31 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2016-10-11 20:46 - 2016-08-06 11:15 - 01178112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2016-10-11 20:46 - 2016-08-06 11:15 - 00249344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2016-10-11 20:46 - 2016-08-06 11:15 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2016-10-11 20:46 - 2016-08-06 11:15 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2016-10-11 20:46 - 2016-08-06 11:01 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2016-10-11 20:46 - 2016-08-06 10:53 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2016-10-11 20:46 - 2016-06-14 13:21 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2016-10-11 20:46 - 2016-06-14 13:16 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-10-11 20:46 - 2016-06-14 13:16 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-10-11 20:46 - 2016-06-14 13:16 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2016-10-11 20:46 - 2016-06-14 13:16 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2016-10-11 20:46 - 2016-06-14 13:16 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2016-10-11 20:46 - 2016-06-14 13:16 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2016-10-11 20:46 - 2016-06-14 13:16 - 00680448 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2016-10-11 20:46 - 2016-06-14 13:16 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-10-11 20:46 - 2016-06-14 13:16 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2016-10-11 20:46 - 2016-06-14 13:16 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2016-10-11 20:46 - 2016-06-14 13:16 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2016-10-11 20:46 - 2016-06-14 13:16 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-10-11 20:46 - 2016-06-14 13:16 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-10-11 20:46 - 2016-06-14 13:16 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2016-10-11 20:46 - 2016-06-14 13:16 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2016-10-11 20:46 - 2016-06-14 13:16 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-10-11 20:46 - 2016-06-14 13:16 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2016-10-11 20:46 - 2016-06-14 13:11 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2016-10-11 20:46 - 2016-06-14 11:21 - 03209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-10-11 20:46 - 2016-06-14 11:21 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-10-11 20:46 - 2016-06-14 11:21 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2016-10-11 20:46 - 2016-06-14 11:21 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2016-10-11 20:46 - 2016-06-14 11:21 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2016-10-11 20:46 - 2016-06-14 11:21 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2016-10-11 20:46 - 2016-06-14 11:21 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-10-11 20:46 - 2016-06-14 11:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-10-11 20:46 - 2016-06-14 11:21 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2016-10-11 20:46 - 2016-06-14 11:21 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2016-10-11 20:46 - 2016-06-14 11:21 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2016-10-11 20:46 - 2016-06-14 11:21 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-10-11 20:46 - 2016-06-14 11:21 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2016-10-11 20:46 - 2016-06-14 11:15 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2016-10-11 20:45 - 2016-09-30 16:13 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-10-11 20:45 - 2016-09-30 15:28 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-10-11 20:45 - 2016-09-30 02:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-10-11 20:45 - 2016-09-30 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-10-11 20:45 - 2016-09-30 02:26 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-10-11 20:45 - 2016-09-30 02:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-10-11 20:45 - 2016-09-30 02:25 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-10-11 20:45 - 2016-09-30 02:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-10-11 20:45 - 2016-09-30 02:18 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-10-11 20:45 - 2016-09-30 02:17 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-10-11 20:45 - 2016-09-30 02:14 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-10-11 20:45 - 2016-09-30 02:13 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-10-11 20:45 - 2016-09-30 02:13 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-10-11 20:45 - 2016-09-30 02:12 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-10-11 20:45 - 2016-09-30 02:12 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-10-11 20:45 - 2016-09-30 02:05 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-10-11 20:45 - 2016-09-30 02:02 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-10-11 20:45 - 2016-09-30 01:55 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-10-11 20:45 - 2016-09-30 01:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-10-11 20:45 - 2016-09-30 01:54 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-10-11 20:45 - 2016-09-30 01:51 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-10-11 20:45 - 2016-09-30 01:50 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-10-11 20:45 - 2016-09-30 01:47 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-10-11 20:45 - 2016-09-30 01:46 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-10-11 20:45 - 2016-09-30 01:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-10-11 20:45 - 2016-09-30 01:42 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-10-11 20:45 - 2016-09-30 01:42 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-10-11 20:45 - 2016-09-30 01:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-10-11 20:45 - 2016-09-30 01:36 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-10-11 20:45 - 2016-09-30 01:35 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-10-11 20:45 - 2016-09-30 01:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-10-11 20:45 - 2016-09-30 01:33 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-10-11 20:45 - 2016-09-30 01:33 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-10-11 20:45 - 2016-09-30 01:32 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-10-11 20:45 - 2016-09-30 01:32 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-10-11 20:45 - 2016-09-30 01:32 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-10-11 20:45 - 2016-09-30 01:31 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-10-11 20:45 - 2016-09-30 01:24 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-10-11 20:45 - 2016-09-30 01:19 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-10-11 20:45 - 2016-09-30 01:19 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-10-11 20:45 - 2016-09-30 01:17 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-10-11 20:45 - 2016-09-30 01:15 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-10-11 20:45 - 2016-09-30 01:14 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-10-11 20:45 - 2016-09-30 01:13 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-10-11 20:45 - 2016-09-30 01:07 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-10-11 20:45 - 2016-09-30 01:05 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-10-11 20:45 - 2016-09-30 01:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-10-11 20:45 - 2016-09-30 00:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-10-11 20:45 - 2016-09-30 00:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-10-11 20:45 - 2016-09-15 11:30 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-10-11 20:45 - 2016-09-15 11:15 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-10-11 20:45 - 2016-09-15 11:15 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-10-11 20:45 - 2016-09-12 17:13 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-10-11 20:45 - 2016-09-12 17:13 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-10-11 20:45 - 2016-09-12 17:08 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-10-11 20:45 - 2016-09-12 17:08 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-10-11 20:45 - 2016-09-12 17:08 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-10-11 20:45 - 2016-09-12 17:08 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-10-11 20:45 - 2016-09-12 17:08 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-10-11 20:45 - 2016-09-12 17:08 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-10-11 20:45 - 2016-09-12 17:08 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-10-11 20:45 - 2016-09-12 17:08 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-10-11 20:45 - 2016-09-12 17:08 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-10-11 20:45 - 2016-09-12 17:08 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-10-11 20:45 - 2016-09-12 17:08 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-10-11 20:45 - 2016-09-12 17:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2016-10-11 20:45 - 2016-09-12 17:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-10-11 20:45 - 2016-09-12 17:08 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-10-11 20:45 - 2016-09-12 17:08 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-10-11 20:45 - 2016-09-12 17:08 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-10-11 20:45 - 2016-09-12 17:08 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-10-11 20:45 - 2016-09-12 17:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-10-11 20:45 - 2016-09-12 16:49 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-10-11 20:45 - 2016-09-12 16:49 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-10-11 20:45 - 2016-09-12 16:49 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-10-11 20:45 - 2016-09-12 16:49 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-10-11 20:45 - 2016-09-12 16:49 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-10-11 20:45 - 2016-09-12 16:49 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-10-11 20:45 - 2016-09-12 16:49 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-10-11 20:45 - 2016-09-12 16:49 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-10-11 20:45 - 2016-09-12 16:49 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-10-11 20:45 - 2016-09-12 16:49 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-10-11 20:45 - 2016-09-12 16:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-10-11 20:45 - 2016-09-12 16:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll
2016-10-11 20:45 - 2016-09-12 16:49 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-10-11 20:45 - 2016-09-12 16:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-10-11 20:45 - 2016-09-12 16:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-10-11 20:45 - 2016-09-12 16:49 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-10-11 20:45 - 2016-09-12 16:39 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-10-11 20:45 - 2016-09-12 16:32 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-10-11 20:45 - 2016-09-12 16:32 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-10-11 20:45 - 2016-09-12 16:32 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-10-11 20:45 - 2016-09-12 16:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-10-11 20:45 - 2016-09-12 16:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-10-11 20:45 - 2016-09-12 16:25 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-10-11 20:45 - 2016-09-09 14:29 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-10-11 20:45 - 2016-09-09 14:26 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-10-11 20:45 - 2016-09-09 14:23 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 14:01 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-10-11 20:45 - 2016-09-09 14:00 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-10-11 20:45 - 2016-09-09 14:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-10-11 20:45 - 2016-09-09 14:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-10-11 20:45 - 2016-09-09 14:00 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-10-11 20:45 - 2016-09-09 13:59 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-10-11 20:45 - 2016-09-09 13:59 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-10-11 20:45 - 2016-09-09 13:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-10-11 20:45 - 2016-09-09 13:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 13:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 13:51 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-10-11 20:45 - 2016-09-09 13:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-10-11 20:45 - 2016-09-09 13:51 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-10-11 20:45 - 2016-09-09 13:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-10-11 20:45 - 2016-09-09 13:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-10-11 20:45 - 2016-09-09 13:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-10-11 20:45 - 2016-09-09 13:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-10-11 20:45 - 2016-09-09 13:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-10-11 20:45 - 2016-09-09 13:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-10-11 20:45 - 2016-09-09 13:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-10-11 20:45 - 2016-09-09 13:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 13:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 13:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-10-11 20:45 - 2016-09-09 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-10-11 20:45 - 2016-09-08 16:34 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2016-10-11 20:45 - 2016-09-08 16:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2016-10-11 20:45 - 2016-09-08 16:34 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2016-10-11 20:45 - 2016-09-08 16:34 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2016-10-11 20:45 - 2016-08-12 13:02 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-10-11 20:45 - 2016-08-12 13:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-10-11 20:45 - 2016-08-12 13:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-10-11 20:45 - 2016-08-12 12:31 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2016-10-11 20:45 - 2016-08-12 12:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2016-10-11 20:45 - 2016-08-12 12:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2016-10-11 20:45 - 2016-08-06 11:31 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
2016-10-11 20:45 - 2016-08-06 11:31 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2016-10-11 20:45 - 2016-08-06 11:15 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll
2016-10-11 20:45 - 2016-08-06 11:01 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
2016-10-11 20:45 - 2016-08-06 10:53 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe
2016-10-11 20:45 - 2016-08-06 10:53 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll
2016-10-11 20:45 - 2016-06-14 13:16 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-10-11 20:45 - 2016-06-14 13:16 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2016-10-11 20:45 - 2016-06-14 13:16 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2016-10-11 20:45 - 2016-06-14 13:16 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-10-11 20:45 - 2016-06-14 13:16 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-10-11 20:45 - 2016-06-14 13:16 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-10-11 20:45 - 2016-06-14 13:16 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2016-10-11 20:45 - 2016-06-14 13:16 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2016-10-11 20:45 - 2016-06-14 13:16 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2016-10-11 20:45 - 2016-06-14 13:16 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2016-10-11 20:45 - 2016-06-14 13:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-10-11 20:45 - 2016-06-14 11:21 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-10-11 20:45 - 2016-06-14 11:21 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2016-10-11 20:45 - 2016-06-14 11:21 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2016-10-11 20:45 - 2016-06-14 11:21 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-10-11 20:45 - 2016-06-14 11:21 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-10-11 20:45 - 2016-06-14 11:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2016-10-11 20:45 - 2016-06-14 11:21 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-10-11 20:45 - 2016-06-14 11:21 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2016-10-11 20:45 - 2016-06-14 11:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-10-11 20:45 - 2016-06-14 11:15 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-10-11 20:45 - 2016-06-14 11:15 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-10-11 20:45 - 2016-06-14 11:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-10-11 20:45 - 2016-06-14 11:05 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-10-11 20:45 - 2016-06-14 11:00 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2016-10-11 20:45 - 2016-06-14 11:00 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2016-10-11 20:44 - 2016-09-12 17:17 - 00077032 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-10-11 20:44 - 2016-09-12 17:08 - 01226752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-10-11 20:44 - 2016-09-09 11:54 - 01629184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-10-11 20:44 - 2016-09-09 11:54 - 00586752 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-10-11 20:44 - 2016-09-09 11:54 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-10-11 20:44 - 2016-09-09 11:54 - 00314368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-10-11 20:44 - 2016-09-09 11:54 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-10-11 20:44 - 2016-09-09 11:54 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-10-11 20:44 - 2016-09-09 11:54 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-10-11 20:44 - 2016-08-29 11:31 - 14183424 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-10-11 20:44 - 2016-08-29 11:31 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-10-11 20:44 - 2016-08-29 11:31 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-10-11 20:44 - 2016-08-29 11:12 - 12880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-10-11 20:44 - 2016-08-29 11:12 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-10-11 20:44 - 2016-08-29 11:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-10-11 20:44 - 2016-08-29 11:04 - 03229696 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-10-11 20:44 - 2016-08-29 10:55 - 02972672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-10-11 20:44 - 2016-08-16 16:40 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2016-10-11 20:44 - 2016-08-16 16:40 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2016-10-11 20:44 - 2016-08-16 16:40 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2016-10-11 20:44 - 2016-08-16 16:40 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2016-10-11 20:44 - 2016-08-16 16:40 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2016-10-11 20:44 - 2016-08-16 16:40 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2016-10-11 20:44 - 2016-08-16 16:40 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2016-10-11 20:43 - 2016-07-22 10:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2016-10-11 20:43 - 2016-07-22 10:51 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2016-10-03 09:55 - 2016-10-03 09:55 - 00025356 _____ C:\Users\Tracie\Downloads\dancing-script-ot.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-25 16:56 - 2016-07-29 09:51 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d1e9a04b0975c1.job
2016-10-25 15:56 - 2016-07-29 09:51 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1e9a04ad0d8bd.job
2016-10-24 19:18 - 2009-07-14 01:13 - 00782010 _____ C:\Windows\system32\PerfStringBackup.INI
2016-10-24 19:18 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-10-24 05:03 - 2009-07-14 00:45 - 00034432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-10-24 05:03 - 2009-07-14 00:45 - 00034432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-10-24 04:37 - 2014-06-23 11:29 - 00000000 ___RD C:\Users\Gregg\Sync
2016-10-24 04:36 - 2013-08-10 11:48 - 00000000 ____D C:\Users\Gregg
2016-10-24 04:34 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-23 13:35 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2016-10-22 18:26 - 2013-10-29 07:49 - 00037888 ___SH C:\Users\Tracie\Thumbs.db
2016-10-22 16:02 - 2016-04-18 13:14 - 00000000 ____D C:\Users\Gregg\Desktop\Old Firefox Data
2016-10-22 14:08 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system
2016-10-22 12:30 - 2013-08-10 13:48 - 00000000 ____D C:\Users\Gregg\AppData\Local\ElevatedDiagnostics
2016-10-22 12:30 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2016-10-21 09:28 - 2013-08-11 08:34 - 00000000 ____D C:\Users\Tracie\AppData\LocalLow\VeriSign
2016-10-17 13:34 - 2016-06-18 22:12 - 00000000 ____D C:\Users\Tracie\AppData\Roaming\Skype
2016-10-17 13:25 - 2014-03-18 17:00 - 00000000 ____D C:\Users\Tracie\AppData\Local\ElevatedDiagnostics
2016-10-17 13:10 - 2016-06-18 22:11 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-10-17 13:10 - 2014-10-19 10:33 - 00000000 ____D C:\ProgramData\Skype
2016-10-17 13:06 - 2009-07-14 01:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-10-17 13:05 - 2013-09-13 08:15 - 00000000 ___RD C:\Users\Tracie\Virtual Machines
2016-10-17 13:05 - 2009-07-14 00:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-10-16 13:46 - 2013-08-18 13:54 - 00000000 ___RD C:\Users\Gregg\Virtual Machines
2016-10-16 13:46 - 2013-08-10 11:50 - 00106016 _____ C:\Users\Gregg\AppData\Local\GDIPFONTCACHEV1.DAT
2016-10-16 13:44 - 2009-07-14 00:45 - 00407440 _____ C:\Windows\system32\FNTCACHE.DAT
2016-10-16 13:42 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-10-16 13:42 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\Dism
2016-10-16 13:41 - 2014-12-11 18:08 - 00000000 ____D C:\Windows\system32\appraiser
2016-10-16 13:41 - 2014-05-02 09:12 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-10-16 13:40 - 2013-08-11 11:27 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-10-16 13:40 - 2013-08-11 11:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-10-11 20:58 - 2013-11-21 20:41 - 00000000 ____D C:\Windows\system32\MRT
2016-10-11 20:51 - 2013-11-21 20:41 - 143495576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-10-11 20:50 - 2013-08-11 11:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-10-11 20:32 - 2013-10-07 18:39 - 00000000 ____D C:\Users\Tracie\AppData\Roaming\Nitro PDF
2016-10-06 12:40 - 2013-08-11 08:32 - 00106016 _____ C:\Users\Tracie\AppData\Local\GDIPFONTCACHEV1.DAT
2016-10-04 10:57 - 2013-05-13 18:48 - 00002206 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

==================== Files in the root of some directories =======

2014-12-26 13:23 - 2016-05-26 00:26 - 0000291 _____ () C:\Users\Gregg\AppData\Roaming\WB.CFG
2015-03-21 11:23 - 2015-03-21 11:23 - 0274045 _____ () C:\Users\Gregg\AppData\Local\dsi1.dat
2015-03-21 11:23 - 2015-03-21 11:23 - 0161916 _____ () C:\Users\Gregg\AppData\Local\dsi2.dat

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-10-25 10:29

==================== End of FRST.txt ============================

***************************************************************************************************************************************************************************

FIXLOG.TXT TO FOLLOW IN NEXT POST

skibumm100 · Oct 30, 2016

FIXLOG.TXT file:

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-10-2016
Ran by Gregg (25-10-2016 17:10:02) Run:1
Running from C:\Users\Gregg\Desktop
Loaded Profiles: Gregg (Available Profiles: Gregg & Tracie & Sam & Danny)
Boot Mode: Normal
==============================================

fixlist content:
*****************
createrestorepoint:
closeprocesses:
emptytemp:
cmd: ipconfig /flushdns
HKU\S-1-5-21-1075821121-420814958-1993860820-1000\...\MountPoints2: {211a15c6-bc1c-11e2-9931-806e6f6e6963} - Q:\LenovoQDrive.exe
GroupPolicy\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1075821121-420814958-1993860820-1008\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1075821121-420814958-1993860820-1007\User: Restriction <======= ATTENTION
HKU\S-1-5-21-1075821121-420814958-1993860820-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKU\S-1-5-21-1075821121-420814958-1993860820-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkcentre
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR StartupUrls: Default -> "hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP"
CHR HKU\S-1-5-21-1075821121-420814958-1993860820-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fkkcgfbgohboipdhliafmacjnhjbhmim] - hxxps://clients2.google.com/service/update2/crx
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {B58D5023-57C7-4125-B0E3-31A02B41A40F} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {B7A8AB88-25DA-4964-A100-223C1B865CC7} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
AlternateDataStreams: C:\Windows:nlsPreferences [386]
cmd: ipconfig /flushdns
cmd: netsh winsock reset
cmd: netsh int ip reset
StartRegedit:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters]
"NameSpace_Callout"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,66,00,77,00,70,00,75,00,63,00,6c,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\
00,00,00
"WinSock_Registry_Version"="2.0"
"AutodialDLL"="rasadhlp.dll"
"Current_NameSpace_Catalog"="NameSpace_Catalog5"
"Current_Protocol_Catalog"="Protocol_Catalog9"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\06EBDCB1]
"AppFullPath"="C:\\Windows\\system32\\wininit.exe"
"PermittedLspCategories"=dword:80000040

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\2C69D9F1-0F0A6651]
"AppFullPath"="C:\\Windows\\system32\\svchost.exe"
"AppArgs"="-k NetworkService"
"PermittedLspCategories"=dword:80000044

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\2C69D9F1-1F4968A0]
"AppFullPath"="C:\\Windows\\system32\\svchost.exe"
"AppArgs"="-k LocalServiceNetworkRestricted"
"PermittedLspCategories"=dword:80000040

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\2C69D9F1-215FDCCA]
"AppFullPath"="C:\\Windows\\system32\\svchost.exe"
"AppArgs"="-k LocalServiceAndNoImpersonation"
"PermittedLspCategories"=dword:80000044

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\2C69D9F1-34FFF7C0]
"AppFullPath"="C:\\Windows\\system32\\svchost.exe"
"AppArgs"="-k LocalService"
"PermittedLspCategories"=dword:80000044

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\343305C9]
"AppFullPath"="C:\\Windows\\system32\\lsass.exe"
"PermittedLspCategories"=dword:80000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5]
"Num_Catalog_Entries"=dword:00000006
"Serial_Access_Num"=dword:00000030
"Num_Catalog_Entries64"=dword:00000006

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001]
"LibraryPath"="%SystemRoot%\\system32\\NLAapi.dll"
"DisplayString"="@%SystemRoot%\\system32\\nlasvc.dll,-1000"
"ProviderId"=hex:3a,24,42,66,a8,3b,a6,4a,ba,a5,2e,0b,d7,1f,dd,83
"SupportedNameSpace"=dword:0000000f
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002]
"LibraryPath"="%SystemRoot%\\system32\\napinsp.dll"
"DisplayString"="@%SystemRoot%\\system32\\napinsp.dll,-1000"
"ProviderId"=hex:a2,cb,4a,96,bc,b2,eb,40,8c,6a,a6,db,40,16,1c,ae
"SupportedNameSpace"=dword:00000025
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003]
"LibraryPath"="%SystemRoot%\\system32\\pnrpnsp.dll"
"DisplayString"="@%SystemRoot%\\system32\\pnrpnsp.dll,-1000"
"ProviderId"=hex:ce,89,fe,03,6d,76,76,49,b9,c1,bb,9b,c4,2c,7b,4d
"SupportedNameSpace"=dword:00000027
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004]
"LibraryPath"="%SystemRoot%\\system32\\pnrpnsp.dll"
"DisplayString"="@%SystemRoot%\\system32\\pnrpnsp.dll,-1001"
"ProviderId"=hex:cd,89,fe,03,6d,76,76,49,b9,c1,bb,9b,c4,2c,7b,4d
"SupportedNameSpace"=dword:00000026
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005]
"LibraryPath"="%SystemRoot%\\System32\\mswsock.dll"
"DisplayString"="@%SystemRoot%\\system32\\wshtcpip.dll,-60103"
"ProviderId"=hex:40,9d,05,22,9e,7e,cf,11,ae,5a,00,aa,00,a7,11,2b
"SupportedNameSpace"=dword:0000000c
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000000
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000006]
"LibraryPath"="%SystemRoot%\\System32\\winrnr.dll"
"DisplayString"="NTDS"
"ProviderId"=hex:ee,37,26,3b,80,e5,cf,11,a5,55,00,c0,4f,d8,d4,ac
"SupportedNameSpace"=dword:00000020
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001]
"LibraryPath"="%SystemRoot%\\system32\\NLAapi.dll"
"DisplayString"="@%SystemRoot%\\system32\\nlasvc.dll,-1000"
"ProviderId"=hex:3a,24,42,66,a8,3b,a6,4a,ba,a5,2e,0b,d7,1f,dd,83
"SupportedNameSpace"=dword:0000000f
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002]
"LibraryPath"="%SystemRoot%\\system32\\napinsp.dll"
"DisplayString"="@%SystemRoot%\\system32\\napinsp.dll,-1000"
"ProviderId"=hex:a2,cb,4a,96,bc,b2,eb,40,8c,6a,a6,db,40,16,1c,ae
"SupportedNameSpace"=dword:00000025
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003]
"LibraryPath"="%SystemRoot%\\system32\\pnrpnsp.dll"
"DisplayString"="@%SystemRoot%\\system32\\pnrpnsp.dll,-1000"
"ProviderId"=hex:ce,89,fe,03,6d,76,76,49,b9,c1,bb,9b,c4,2c,7b,4d
"SupportedNameSpace"=dword:00000027
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004]
"LibraryPath"="%SystemRoot%\\system32\\pnrpnsp.dll"
"DisplayString"="@%SystemRoot%\\system32\\pnrpnsp.dll,-1001"
"ProviderId"=hex:cd,89,fe,03,6d,76,76,49,b9,c1,bb,9b,c4,2c,7b,4d
"SupportedNameSpace"=dword:00000026
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005]
"LibraryPath"="%SystemRoot%\\System32\\mswsock.dll"
"DisplayString"="@%SystemRoot%\\system32\\wshtcpip.dll,-60103"
"ProviderId"=hex:40,9d,05,22,9e,7e,cf,11,ae,5a,00,aa,00,a7,11,2b
"SupportedNameSpace"=dword:0000000c
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006]
"LibraryPath"="%SystemRoot%\\System32\\winrnr.dll"
"DisplayString"="NTDS"
"ProviderId"=hex:ee,37,26,3b,80,e5,cf,11,a5,55,00,c0,4f,d8,d4,ac
"SupportedNameSpace"=dword:00000020
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9]
"Next_Catalog_Entry_ID"=dword:000003f3
"Num_Catalog_Entries"=dword:0000000a
"Serial_Access_Num"=dword:00000004
"Num_Catalog_Entries64"=dword:0000000a

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,66,00,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,08,00,00,00,c0,b0,ea,f9,d4,26,d0,11,bb,bf,00,aa,00,\
6c,34,e4,e9,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,17,00,00,00,1c,00,00,\
00,1c,00,00,00,01,00,00,00,06,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,\
00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,\
32,00,5c,00,77,00,73,00,68,00,69,00,70,00,36,00,2e,00,64,00,6c,00,6c,00,2c,\
00,2d,00,36,00,30,00,31,00,30,00,30,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ProtocolName"="@%SystemRoot%\\System32\\wship6.dll,-60100"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,09,06,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,08,00,00,00,c0,b0,ea,f9,d4,26,d0,11,bb,bf,00,aa,00,\
6c,34,e4,ea,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,17,00,00,00,1c,00,00,\
00,1c,00,00,00,02,00,00,00,11,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
f7,ff,00,00,00,00,00,00,40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,\
00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,\
32,00,5c,00,77,00,73,00,68,00,69,00,70,00,36,00,2e,00,64,00,6c,00,6c,00,2c,\
00,2d,00,36,00,30,00,31,00,30,00,31,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ProtocolName"="@%SystemRoot%\\System32\\wship6.dll,-60101"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,09,06,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,0c,00,00,00,c0,b0,ea,f9,d4,26,d0,11,bb,bf,00,aa,00,\
6c,34,e4,eb,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,17,00,00,00,1c,00,00,\
00,1c,00,00,00,03,00,00,00,00,00,00,00,ff,00,00,00,00,00,00,00,00,00,00,00,\
00,80,00,00,00,00,00,00,40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,\
00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,\
32,00,5c,00,77,00,73,00,68,00,69,00,70,00,36,00,2e,00,64,00,6c,00,6c,00,2c,\
00,2d,00,36,00,30,00,31,00,30,00,32,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ProtocolName"="@%SystemRoot%\\System32\\wship6.dll,-60102"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,66,00,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,08,00,00,00,a0,1a,0f,e7,8b,ab,cf,11,8c,a3,00,80,5f,\
48,a1,92,ec,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,02,00,00,00,10,00,00,\
00,10,00,00,00,01,00,00,00,06,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,\
00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,\
32,00,5c,00,77,00,73,00,68,00,74,00,63,00,70,00,69,00,70,00,2e,00,64,00,6c,\
00,6c,00,2c,00,2d,00,36,00,30,00,31,00,30,00,30,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ProtocolName"="@%SystemRoot%\\System32\\wshtcpip.dll,-60100"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,09,06,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,08,00,00,00,a0,1a,0f,e7,8b,ab,cf,11,8c,a3,00,80,5f,\
48,a1,92,ed,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,02,00,00,00,10,00,00,\
00,10,00,00,00,02,00,00,00,11,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
f7,ff,00,00,00,00,00,00,40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,\
00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,\
32,00,5c,00,77,00,73,00,68,00,74,00,63,00,70,00,69,00,70,00,2e,00,64,00,6c,\
00,6c,00,2c,00,2d,00,36,00,30,00,31,00,30,00,31,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ProtocolName"="@%SystemRoot%\\System32\\wshtcpip.dll,-60101"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,09,06,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,0c,00,00,00,a0,1a,0f,e7,8b,ab,cf,11,8c,a3,00,80,5f,\
48,a1,92,ee,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,02,00,00,00,10,00,00,\
00,10,00,00,00,03,00,00,00,00,00,00,00,ff,00,00,00,00,00,00,00,00,00,00,00,\
00,80,00,00,00,00,00,00,40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,\
00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,\
32,00,5c,00,77,00,73,00,68,00,74,00,63,00,70,00,69,00,70,00,2e,00,64,00,6c,\
00,6c,00,2c,00,2d,00,36,00,30,00,31,00,30,00,32,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ProtocolName"="@%SystemRoot%\\System32\\wshtcpip.dll,-60102"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,66,20,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,08,00,00,00,e0,a9,60,9d,7a,33,d0,11,bd,88,00,00,c0,\
82,e6,9a,ef,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,17,00,00,00,1c,00,00,\
00,1c,00,00,00,01,00,00,00,06,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,\
00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,\
32,00,5c,00,77,00,73,00,68,00,71,00,6f,00,73,00,2e,00,64,00,6c,00,6c,00,2c,\
00,2d,00,31,00,30,00,30,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ProtocolName"="@%SystemRoot%\\System32\\wshqos.dll,-100"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,66,20,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,08,00,00,00,e0,a9,60,9d,7a,33,d0,11,bd,88,00,00,c0,\
82,e6,9a,f0,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,02,00,00,00,10,00,00,\
00,10,00,00,00,01,00,00,00,06,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,\
00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,\
32,00,5c,00,77,00,73,00,68,00,71,00,6f,00,73,00,2e,00,64,00,6c,00,6c,00,2c,\
00,2d,00,31,00,30,00,31,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ProtocolName"="@%SystemRoot%\\System32\\wshqos.dll,-101"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,09,26,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,08,00,00,00,e0,a9,60,9d,7a,33,d0,11,bd,88,00,00,c0,\
82,e6,9a,f1,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,17,00,00,00,1c,00,00,\
00,1c,00,00,00,02,00,00,00,11,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
f7,ff,00,00,00,00,00,00,40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,\
00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,\
32,00,5c,00,77,00,73,00,68,00,71,00,6f,00,73,00,2e,00,64,00,6c,00,6c,00,2c,\
00,2d,00,31,00,30,00,32,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ProtocolName"="@%SystemRoot%\\System32\\wshqos.dll,-102"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,09,26,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,08,00,00,00,e0,a9,60,9d,7a,33,d0,11,bd,88,00,00,c0,\
82,e6,9a,f2,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,02,00,00,00,10,00,00,\
00,10,00,00,00,02,00,00,00,11,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
f7,ff,00,00,00,00,00,00,40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,\
00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,\
32,00,5c,00,77,00,73,00,68,00,71,00,6f,00,73,00,2e,00,64,00,6c,00,6c,00,2c,\
00,2d,00,31,00,30,00,33,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ProtocolName"="@%SystemRoot%\\System32\\wshqos.dll,-103"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,66,00,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,08,00,00,00,c0,b0,ea,f9,d4,26,d0,11,bb,bf,00,aa,00,\
6c,34,e4,e9,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,17,00,00,00,1c,00,00,\
00,1c,00,00,00,01,00,00,00,06,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,\
00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,\
32,00,5c,00,77,00,73,00,68,00,69,00,70,00,36,00,2e,00,64,00,6c,00,6c,00,2c,\
00,2d,00,36,00,30,00,31,00,30,00,30,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ProtocolName"="@%SystemRoot%\\System32\\wship6.dll,-60100"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,09,06,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,08,00,00,00,c0,b0,ea,f9,d4,26,d0,11,bb,bf,00,aa,00,\
6c,34,e4,ea,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,17,00,00,00,1c,00,00,\
00,1c,00,00,00,02,00,00,00,11,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
f7,ff,00,00,00,00,00,00,40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,\
00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,\
32,00,5c,00,77,00,73,00,68,00,69,00,70,00,36,00,2e,00,64,00,6c,00,6c,00,2c,\
00,2d,00,36,00,30,00,31,00,30,00,31,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ProtocolName"="@%SystemRoot%\\System32\\wship6.dll,-60101"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,09,06,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,0c,00,00,00,c0,b0,ea,f9,d4,26,d0,11,bb,bf,00,aa,00,\
6c,34,e4,eb,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,17,00,00,00,1c,00,00,\
00,1c,00,00,00,03,00,00,00,00,00,00,00,ff,00,00,00,00,00,00,00,00,00,00,00,\
00,80,00,00,00,00,00,00,40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,\
00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,\
32,00,5c,00,77,00,73,00,68,00,69,00,70,00,36,00,2e,00,64,00,6c,00,6c,00,2c,\
00,2d,00,36,00,30,00,31,00,30,00,32,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ProtocolName"="@%SystemRoot%\\System32\\wship6.dll,-60102"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,66,00,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,08,00,00,00,a0,1a,0f,e7,8b,ab,cf,11,8c,a3,00,80,5f,\
48,a1,92,ec,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,02,00,00,00,10,00,00,\
00,10,00,00,00,01,00,00,00,06,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,\
00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,\
32,00,5c,00,77,00,73,00,68,00,74,00,63,00,70,00,69,00,70,00,2e,00,64,00,6c,\
00,6c,00,2c,00,2d,00,36,00,30,00,31,00,30,00,30,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ProtocolName"="@%SystemRoot%\\System32\\wshtcpip.dll,-60100"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,09,06,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,08,00,00,00,a0,1a,0f,e7,8b,ab,cf,11,8c,a3,00,80,5f,\
48,a1,92,ed,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,02,00,00,00,10,00,00,\
00,10,00,00,00,02,00,00,00,11,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
f7,ff,00,00,00,00,00,00,40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,\
00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,\
32,00,5c,00,77,00,73,00,68,00,74,00,63,00,70,00,69,00,70,00,2e,00,64,00,6c,\
00,6c,00,2c,00,2d,00,36,00,30,00,31,00,30,00,31,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ProtocolName"="@%SystemRoot%\\System32\\wshtcpip.dll,-60101"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,09,06,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,0c,00,00,00,a0,1a,0f,e7,8b,ab,cf,11,8c,a3,00,80,5f,\
48,a1,92,ee,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,02,00,00,00,10,00,00,\
00,10,00,00,00,03,00,00,00,00,00,00,00,ff,00,00,00,00,00,00,00,00,00,00,00,\
00,80,00,00,00,00,00,00,40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,\
00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,\
32,00,5c,00,77,00,73,00,68,00,74,00,63,00,70,00,69,00,70,00,2e,00,64,00,6c,\
00,6c,00,2c,00,2d,00,36,00,30,00,31,00,30,00,32,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ProtocolName"="@%SystemRoot%\\System32\\wshtcpip.dll,-60102"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,66,20,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,08,00,00,00,e0,a9,60,9d,7a,33,d0,11,bd,88,00,00,c0,\
82,e6,9a,ef,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,17,00,00,00,1c,00,00,\
00,1c,00,00,00,01,00,00,00,06,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,\
00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,\
32,00,5c,00,77,00,73,00,68,00,71,00,6f,00,73,00,2e,00,64,00,6c,00,6c,00,2c,\
00,2d,00,31,00,30,00,30,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ProtocolName"="@%SystemRoot%\\System32\\wshqos.dll,-100"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,66,20,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,08,00,00,00,e0,a9,60,9d,7a,33,d0,11,bd,88,00,00,c0,\
82,e6,9a,f0,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,02,00,00,00,10,00,00,\
00,10,00,00,00,01,00,00,00,06,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,\
00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,\
32,00,5c,00,77,00,73,00,68,00,71,00,6f,00,73,00,2e,00,64,00,6c,00,6c,00,2c,\
00,2d,00,31,00,30,00,31,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ProtocolName"="@%SystemRoot%\\System32\\wshqos.dll,-101"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,09,26,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,08,00,00,00,e0,a9,60,9d,7a,33,d0,11,bd,88,00,00,c0,\
82,e6,9a,f1,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,17,00,00,00,1c,00,00,\
00,1c,00,00,00,02,00,00,00,11,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
f7,ff,00,00,00,00,00,00,40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,\
00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,\
32,00,5c,00,77,00,73,00,68,00,71,00,6f,00,73,00,2e,00,64,00,6c,00,6c,00,2c,\
00,2d,00,31,00,30,00,32,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ProtocolName"="@%SystemRoot%\\System32\\wshqos.dll,-102"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,09,26,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,08,00,00,00,e0,a9,60,9d,7a,33,d0,11,bd,88,00,00,c0,\
82,e6,9a,f2,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,02,00,00,00,10,00,00,\
00,10,00,00,00,02,00,00,00,11,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
f7,ff,00,00,00,00,00,00,40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,\
00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,\
32,00,5c,00,77,00,73,00,68,00,71,00,6f,00,73,00,2e,00,64,00,6c,00,6c,00,2c,\
00,2d,00,31,00,30,00,33,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ProtocolName"="@%SystemRoot%\\System32\\wshqos.dll,-103"
EndRegedit:
*****************

Restore point was successfully created.
Processes closed successfully.

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

"HKU\S-1-5-21-1075821121-420814958-1993860820-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{211a15c6-bc1c-11e2-9931-806e6f6e6963}" => key removed successfully
HKCR\CLSID\{211a15c6-bc1c-11e2-9931-806e6f6e6963} => key not found.
C:\Windows\system32\GroupPolicy\User => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-1075821121-420814958-1993860820-1008\User => moved successfully
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-1075821121-420814958-1993860820-1007\User => moved successfully
HKU\S-1-5-21-1075821121-420814958-1993860820-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-1075821121-420814958-1993860820-1000\Software\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL => value removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value removed successfully
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value removed successfully
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
Chrome StartupUrls => removed successfully
"HKU\S-1-5-21-1075821121-420814958-1993860820-1000\SOFTWARE\Google\Chrome\Extensions\fkkcgfbgohboipdhliafmacjnhjbhmim" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsBackup\ConfigNotification" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC4E5ACF-89F7-4220-BA21-81EE183975E2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC4E5ACF-89F7-4220-BA21-81EE183975E2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B58D5023-57C7-4125-B0E3-31A02B41A40F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B58D5023-57C7-4125-B0E3-31A02B41A40F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTask" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B7A8AB88-25DA-4964-A100-223C1B865CC7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B7A8AB88-25DA-4964-A100-223C1B865CC7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector" => key removed successfully
C:\Windows => ":nlsPreferences" ADS removed successfully.

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

========= netsh winsock reset =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

========= netsh int ip reset =========

Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.

========= End of CMD: =========

====> Registry

=========== EmptyTemp: ==========

BITS transfer queue => 12582912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 7974239 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 2765090053 B
Edge => 0 B
Chrome => 2553508 B
Firefox => 2771233 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 42322157 B
systemprofile32 => 72744 B
LocalService => 0 B
NetworkService => 1054778 B
Gregg => 14685308 B
Tracie => 2811382671 B
Sam => 16441144 B
Danny => 157126568 B

RecycleBin => 1183806 B
EmptyTemp: => 5.4 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 17:11:15 ====

TwinHeadedEagle · Oct 30, 2016

How is the situation now?

skibumm100 · Oct 30, 2016

Sorry THE, I didn't get a notification that you had replied. I just checked the thread and saw your reply from this morning. Still can't get to the internet. This computer is connected via Cat 5 right to the router, not WiFi. Looking at the network icon in the tray and it says "Internet Access" but I can't get to Google or anything else without it timing out. Running the windows troubleshooter but it doesn't find anything. I tried resetting IE but that didn't help either.

TwinHeadedEagle · Oct 31, 2016

Scan with Farbar Service Scanner

Download Farbar Service Scanner by Farbar and save it to your desktop.

Right-click on

icon and select

Run as Administrator to start the tool.
Make sure all of the options are checked!
Press Scan.
It will create a log (FSS.txt) in the same directory the tool is run.

Please include that log in your next reply.

skibumm100 · Oct 31, 2016

I restarted the computer and reset IE again. I also ran the Windows internet connection troubleshooter again, just for giggles. It can't find a problem. Still can't get to any websites. The system tray still says I'm connected to the internet. I checked the device manager and looked at the network adapter settings and the only thing that wasn't enabled or look quite right is that the network adapter didn't have an address and Auto Disable Gigabit and Jumbo Frame were disabled. Here's the log from the Farbar Service Scanner:

Farbar Service Scanner Version: 27-01-2016
Ran by Gregg (administrator) on 31-10-2016 at 07:46:00
Running from "C:\Users\Gregg\Desktop"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

TwinHeadedEagle · Oct 31, 2016

Everything seems to be in order here. Can you check your network adapters in Control Panel?

Press the

+ R on your keyboard at the same time. Type ncpa.cpl and click OK.
Right click on your network connection >> internet protocol version 4
Make sure everything is set to obtain automatically there.

Solved Astromenda PUP gone but not forgotten....still no internet

Level 1

Attachments

Level 41

Level 1

Level 41

Level 1

Level 41

Level 1

Level 1

Level 41

Attachments

Level 1

Level 41

Level 1

Level 41

Level 1

Level 1

Level 41

Level 1

Level 41

Level 1

Level 41

Similar threads