[Inactive] Possible virus? - Page 2
Page 2 of 3 FirstFirst 123 LastLast
Results 16 to 30 of 31

Thread: [Inactive] Possible virus?

  1. #16
    Join Date
    Sep 2005
    Location
    Limerick, Ireland
    Posts
    138
    2016-11-09 01:19 - 2016-11-02 11:20 - 00378720 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
    2016-11-09 01:19 - 2016-11-02 11:12 - 00376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
    2016-11-09 01:19 - 2016-11-02 11:04 - 02678056 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
    2016-11-09 01:19 - 2016-11-02 11:03 - 02750936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2016-11-09 01:19 - 2016-11-02 11:02 - 00682816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
    2016-11-09 01:19 - 2016-11-02 11:02 - 00238056 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
    2016-11-09 01:19 - 2016-11-02 11:00 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
    2016-11-09 01:19 - 2016-11-02 10:59 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
    2016-11-09 01:19 - 2016-11-02 10:56 - 01609920 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
    2016-11-09 01:19 - 2016-11-02 10:56 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
    2016-11-09 01:19 - 2016-11-02 10:56 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
    2016-11-09 01:19 - 2016-11-02 10:55 - 00048992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\iorate.sys
    2016-11-09 01:19 - 2016-11-02 10:38 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2016-11-09 01:19 - 2016-11-02 10:32 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
    2016-11-09 01:19 - 2016-11-02 10:32 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\efsext.dll
    2016-11-09 01:19 - 2016-11-02 10:31 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
    2016-11-09 01:19 - 2016-11-02 10:31 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
    2016-11-09 01:19 - 2016-11-02 10:30 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
    2016-11-09 01:19 - 2016-11-02 10:30 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
    2016-11-09 01:19 - 2016-11-02 10:30 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
    2016-11-09 01:19 - 2016-11-02 10:29 - 00276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
    2016-11-09 01:19 - 2016-11-02 10:29 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
    2016-11-09 01:19 - 2016-11-02 10:28 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
    2016-11-09 01:19 - 2016-11-02 10:28 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenterCPL.dll
    2016-11-09 01:19 - 2016-11-02 10:28 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
    2016-11-09 01:19 - 2016-11-02 10:28 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCenter.dll
    2016-11-09 01:19 - 2016-11-02 10:28 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll
    2016-11-09 01:19 - 2016-11-02 10:28 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
    2016-11-09 01:19 - 2016-11-02 10:28 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
    2016-11-09 01:19 - 2016-11-02 10:28 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
    2016-11-09 01:19 - 2016-11-02 10:27 - 23677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2016-11-09 01:19 - 2016-11-02 10:27 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
    2016-11-09 01:19 - 2016-11-02 10:26 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddraw.dll
    2016-11-09 01:19 - 2016-11-02 10:24 - 00940032 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontext.dll
    2016-11-09 01:19 - 2016-11-02 10:22 - 13081600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2016-11-09 01:19 - 2016-11-02 10:21 - 05111296 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
    2016-11-09 01:19 - 2016-11-02 10:19 - 01586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
    2016-11-09 01:19 - 2016-11-02 10:19 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\chartv.dll
    2016-11-09 01:19 - 2016-11-02 10:18 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
    2016-11-09 01:19 - 2016-11-02 10:18 - 00836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
    2016-11-09 01:19 - 2016-11-02 10:16 - 02669056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2016-11-09 01:19 - 2016-11-02 10:16 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2016-11-09 01:19 - 2016-11-02 10:16 - 01637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
    2016-11-09 01:19 - 2016-11-02 10:16 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
    2016-11-09 01:19 - 2016-11-02 10:16 - 00308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
    2016-11-09 01:19 - 2016-11-02 10:15 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
    2016-11-09 01:19 - 2016-11-02 10:15 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
    2016-11-09 01:19 - 2016-11-02 10:13 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
    2016-11-09 01:18 - 2016-11-02 11:20 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
    2016-11-09 01:18 - 2016-11-02 11:15 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
    2016-11-09 01:18 - 2016-11-02 11:15 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
    2016-11-09 01:18 - 2016-11-02 11:13 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2016-11-09 01:18 - 2016-11-02 11:13 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
    2016-11-09 01:18 - 2016-11-02 11:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
    2016-11-09 01:18 - 2016-11-02 10:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
    2016-11-09 01:18 - 2016-11-02 10:31 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
    2016-11-09 01:18 - 2016-11-02 10:31 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
    2016-11-09 01:18 - 2016-11-02 10:31 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
    2016-11-09 01:18 - 2016-11-02 10:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
    2016-11-09 01:18 - 2016-11-02 10:27 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
    2016-11-09 01:18 - 2016-11-02 10:25 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
    2016-11-09 01:18 - 2016-11-02 10:23 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
    2016-11-09 01:18 - 2016-11-02 10:23 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetailsUpdate.dll
    2016-11-09 01:18 - 2016-11-02 10:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
    2016-11-09 01:18 - 2016-11-02 10:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2016-11-09 01:18 - 2016-11-02 10:20 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
    2016-11-09 01:18 - 2016-11-02 10:20 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
    2016-11-09 01:18 - 2016-11-02 10:18 - 01690112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
    2016-11-09 01:18 - 2016-11-02 10:17 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
    2016-11-09 01:18 - 2016-11-02 10:16 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
    2016-11-09 01:18 - 2016-11-02 10:16 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
    2016-11-09 01:17 - 2016-11-02 11:03 - 00714592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
    2016-11-08 14:50 - 2016-11-08 14:51 - 00413396 _____ C:\WINDOWS\Minidump\110816-96812-01.dmp
    2016-11-07 13:56 - 2016-11-07 13:58 - 00413412 _____ C:\WINDOWS\Minidump\110716-47562-01.dmp
    2016-11-06 23:45 - 2016-11-06 23:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
    2016-11-06 15:19 - 2016-11-06 15:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings
    2016-11-06 15:19 - 2016-11-06 15:19 - 00000000 ____D C:\Program Files\ATI Technologies
    2016-11-05 22:36 - 2016-10-15 04:48 - 00498952 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
    2016-11-05 22:36 - 2016-10-15 04:26 - 01990648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
    2016-11-05 22:36 - 2016-10-15 04:26 - 01472536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
    2016-11-05 22:36 - 2016-10-15 04:26 - 00811416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
    2016-11-05 22:36 - 2016-10-15 04:26 - 00691080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
    2016-11-05 22:36 - 2016-10-15 04:22 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
    2016-11-05 22:36 - 2016-10-15 04:18 - 00749920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvstore.dll
    2016-11-05 22:36 - 2016-10-15 04:15 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
    2016-11-05 22:36 - 2016-10-15 04:01 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
    2016-11-05 22:36 - 2016-10-15 03:57 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
    2016-11-05 22:36 - 2016-10-15 03:56 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
    2016-11-05 22:36 - 2016-10-15 03:54 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
    2016-11-05 22:36 - 2016-10-15 03:53 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
    2016-11-05 22:36 - 2016-10-15 03:52 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
    2016-11-05 22:36 - 2016-10-15 03:50 - 00509440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
    2016-11-05 22:36 - 2016-10-15 03:46 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
    2016-11-05 22:36 - 2016-10-15 03:44 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
    2016-11-05 22:36 - 2016-10-15 03:44 - 00470016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
    2016-11-05 22:36 - 2016-10-15 03:43 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\energy.dll
    2016-11-05 22:36 - 2016-10-15 03:42 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
    2016-11-05 22:36 - 2016-10-15 03:42 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
    2016-11-05 22:36 - 2016-10-15 03:41 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iscsiwmi.dll
    2016-11-05 22:36 - 2016-10-15 03:38 - 00913920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
    2016-11-05 22:36 - 2016-10-15 03:36 - 02290176 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
    2016-11-05 22:36 - 2016-10-15 03:31 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
    2016-11-05 22:36 - 2016-08-27 05:12 - 00244816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
    2016-11-05 22:35 - 2016-10-15 04:51 - 02186896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
    2016-11-05 22:35 - 2016-10-15 04:51 - 01637728 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
    2016-11-05 22:35 - 2016-10-15 04:51 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
    2016-11-05 22:35 - 2016-10-15 04:51 - 00595296 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
    2016-11-05 22:35 - 2016-10-15 04:51 - 00584032 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
    2016-11-05 22:35 - 2016-10-15 04:51 - 00322912 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
    2016-11-05 22:35 - 2016-10-15 04:51 - 00232800 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
    2016-11-05 22:35 - 2016-10-15 04:51 - 00137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
    2016-11-05 22:35 - 2016-10-15 04:51 - 00078688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
    2016-11-05 22:35 - 2016-10-15 04:43 - 01356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
    2016-11-05 22:35 - 2016-10-15 04:41 - 05622088 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
    2016-11-05 22:35 - 2016-10-15 04:38 - 00500064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
    2016-11-05 22:35 - 2016-10-15 04:37 - 00063328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
    2016-11-05 22:35 - 2016-10-15 04:33 - 00455040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
    2016-11-05 22:35 - 2016-10-15 04:30 - 00509280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
    2016-11-05 22:35 - 2016-10-15 04:30 - 00341936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
    2016-11-05 22:35 - 2016-10-15 04:29 - 01267504 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
    2016-11-05 22:35 - 2016-10-15 04:29 - 00908640 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvstore.dll
    2016-11-05 22:35 - 2016-10-15 04:29 - 00079200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crashdmp.sys
    2016-11-05 22:35 - 2016-10-15 04:26 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
    2016-11-05 22:35 - 2016-10-15 04:25 - 00882680 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
    2016-11-05 22:35 - 2016-10-15 04:25 - 00742704 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
    2016-11-05 22:35 - 2016-10-15 04:21 - 00292872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpeffects.dll
    2016-11-05 22:35 - 2016-10-15 04:10 - 00254656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpeffects.dll
    2016-11-05 22:35 - 2016-10-15 04:06 - 05685760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
    2016-11-05 22:35 - 2016-10-15 04:05 - 07216640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
    2016-11-05 22:35 - 2016-10-15 04:00 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
    2016-11-05 22:35 - 2016-10-15 04:00 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
    2016-11-05 22:35 - 2016-10-15 04:00 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stdole2.tlb
    2016-11-05 22:35 - 2016-10-15 03:59 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfksproxy.dll
    2016-11-05 22:35 - 2016-10-15 03:59 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfksproxy.dll
    2016-11-05 22:35 - 2016-10-15 03:59 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
    2016-11-05 22:35 - 2016-10-15 03:58 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
    2016-11-05 22:35 - 2016-10-15 03:57 - 00217600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpdxm.dll
    2016-11-05 22:35 - 2016-10-15 03:57 - 00175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpdxm.dll
    2016-11-05 22:35 - 2016-10-15 03:56 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\esentutl.exe
    2016-11-05 22:35 - 2016-10-15 03:56 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esentutl.exe
    2016-11-05 22:35 - 2016-10-15 03:56 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
    2016-11-05 22:35 - 2016-10-15 03:56 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
    2016-11-05 22:35 - 2016-10-15 03:55 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
    2016-11-05 22:35 - 2016-10-15 03:55 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpshell.dll
    2016-11-05 22:35 - 2016-10-15 03:54 - 00717312 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskbarcpl.dll
    2016-11-05 22:35 - 2016-10-15 03:54 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairingFolder.dll
    2016-11-05 22:35 - 2016-10-15 03:54 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpshell.dll
    2016-11-05 22:35 - 2016-10-15 03:52 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoplay.dll
    2016-11-05 22:35 - 2016-10-15 03:51 - 13868544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
    2016-11-05 22:35 - 2016-10-15 03:51 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
    2016-11-05 22:35 - 2016-10-15 03:50 - 17188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2016-11-05 22:35 - 2016-10-15 03:50 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
    2016-11-05 22:35 - 2016-10-15 03:50 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
    2016-11-05 22:35 - 2016-10-15 03:50 - 00967168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
    2016-11-05 22:35 - 2016-10-15 03:50 - 00310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
    2016-11-05 22:35 - 2016-10-15 03:50 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
    2016-11-05 22:35 - 2016-10-15 03:50 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
    2016-11-05 22:35 - 2016-10-15 03:49 - 01913344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
    2016-11-05 22:35 - 2016-10-15 03:49 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
    2016-11-05 22:35 - 2016-10-15 03:49 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
    2016-11-05 22:35 - 2016-10-15 03:49 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe
    2016-11-05 22:35 - 2016-10-15 03:49 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
    2016-11-05 22:35 - 2016-10-15 03:48 - 01554944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
    2016-11-05 22:35 - 2016-10-15 03:48 - 01323008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
    2016-11-05 22:35 - 2016-10-15 03:48 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
    2016-11-05 22:35 - 2016-10-15 03:47 - 01113600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
    2016-11-05 22:35 - 2016-10-15 03:47 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
    2016-11-05 22:35 - 2016-10-15 03:46 - 03287552 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
    2016-11-05 22:35 - 2016-10-15 03:45 - 00406016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
    2016-11-05 22:35 - 2016-10-15 03:44 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\powercfg.exe
    2016-11-05 22:35 - 2016-10-15 03:43 - 02748928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
    2016-11-05 22:35 - 2016-10-15 03:43 - 01365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
    2016-11-05 22:35 - 2016-10-15 03:43 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsiwmi.dll
    2016-11-05 22:35 - 2016-10-15 03:42 - 06108672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
    2016-11-05 22:35 - 2016-10-15 03:41 - 07654912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
    2016-11-05 22:35 - 2016-10-15 03:41 - 05376000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
    2016-11-05 22:35 - 2016-10-15 03:39 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
    2016-11-05 22:35 - 2016-10-15 03:39 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
    2016-11-05 22:35 - 2016-10-15 03:39 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Geolocation.dll
    2016-11-05 22:35 - 2016-10-15 03:38 - 01993216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
    2016-11-05 22:35 - 2016-10-15 03:38 - 00675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
    2016-11-05 22:35 - 2016-10-15 03:37 - 01980416 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
    2016-11-05 22:35 - 2016-10-15 03:37 - 01643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
    2016-11-05 22:35 - 2016-10-15 03:37 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
    2016-11-05 22:35 - 2016-10-15 03:37 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmifw.dll
    2016-11-05 22:35 - 2016-10-15 03:36 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
    2016-11-05 22:35 - 2016-10-15 03:36 - 00542208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
    2016-11-05 22:35 - 2016-10-15 03:36 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
    2016-11-05 22:35 - 2016-10-15 03:36 - 00338944 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcpl.dll
    2016-11-05 22:35 - 2016-10-15 03:36 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmifw.dll
    2016-11-05 22:35 - 2016-10-15 03:35 - 03054080 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
    2016-11-05 22:35 - 2016-10-15 03:35 - 02708992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
    2016-11-05 22:35 - 2016-10-15 03:35 - 02315264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2016-11-05 22:35 - 2016-10-15 03:35 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
    2016-11-05 22:35 - 2016-10-15 03:35 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
    2016-11-05 22:35 - 2016-10-15 03:35 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
    2016-11-05 22:35 - 2016-10-15 03:34 - 01840640 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
    2016-11-05 22:35 - 2016-10-15 03:32 - 00886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
    2016-11-05 22:35 - 2016-09-10 13:21 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\capimg.sys
    2016-11-05 22:35 - 2016-08-06 04:17 - 00619368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2016-11-05 22:34 - 2016-10-15 04:51 - 00283488 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
    2016-11-05 22:34 - 2016-10-15 04:38 - 00409952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
    2016-11-05 22:34 - 2016-10-15 04:34 - 01969912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
    2016-11-05 22:34 - 2016-10-15 04:31 - 02827864 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
    2016-11-05 22:34 - 2016-10-15 04:31 - 02190688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2016-11-05 22:34 - 2016-10-15 04:31 - 00658272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
    2016-11-05 22:34 - 2016-10-15 04:31 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
    2016-11-05 22:34 - 2016-10-15 04:30 - 01851696 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
    2016-11-05 22:34 - 2016-10-15 04:30 - 00557408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
    2016-11-05 22:34 - 2016-10-15 04:29 - 02913104 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
    2016-11-05 22:34 - 2016-10-15 04:29 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
    2016-11-05 22:34 - 2016-10-15 04:26 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
    2016-11-05 22:34 - 2016-10-15 04:26 - 00160096 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
    2016-11-05 22:34 - 2016-10-15 04:21 - 02537824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
    2016-11-05 22:34 - 2016-10-15 04:21 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
    2016-11-05 22:34 - 2016-10-15 04:21 - 00584032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
    2016-11-05 22:34 - 2016-10-15 04:20 - 02276736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
    2016-11-05 22:34 - 2016-10-15 04:19 - 00272720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
    2016-11-05 22:34 - 2016-10-15 04:18 - 02166232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
    2016-11-05 22:34 - 2016-10-15 04:18 - 01556712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
    2016-11-05 22:34 - 2016-10-15 04:18 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
    2016-11-05 22:34 - 2016-10-15 04:15 - 01853776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
    2016-11-05 22:34 - 2016-10-15 04:15 - 01123368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
    2016-11-05 22:34 - 2016-10-15 04:15 - 00687936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
    2016-11-05 22:34 - 2016-10-15 04:11 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
    2016-11-05 22:34 - 2016-10-15 04:00 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
    2016-11-05 22:34 - 2016-10-15 03:59 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\stdole2.tlb
    2016-11-05 22:34 - 2016-10-15 03:57 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
    2016-11-05 22:34 - 2016-10-15 03:56 - 00327680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
    2016-11-05 22:34 - 2016-10-15 03:56 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
    2016-11-05 22:34 - 2016-10-15 03:56 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSrvPolicyManager.dll
    2016-11-05 22:34 - 2016-10-15 03:56 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFi.dll
    2016-11-05 22:34 - 2016-10-15 03:56 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
    2016-11-05 22:34 - 2016-10-15 03:56 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
    2016-11-05 22:34 - 2016-10-15 03:55 - 00329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
    2016-11-05 22:34 - 2016-10-15 03:55 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
    2016-11-05 22:34 - 2016-10-15 03:55 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
    2016-11-05 22:34 - 2016-10-15 03:55 - 00142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFi.dll
    2016-11-05 22:34 - 2016-10-15 03:54 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
    2016-11-05 22:34 - 2016-10-15 03:54 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
    2016-11-05 22:34 - 2016-10-15 03:54 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
    2016-11-05 22:34 - 2016-10-15 03:54 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoplay.dll
    2016-11-05 22:34 - 2016-10-15 03:53 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
    2016-11-05 22:34 - 2016-10-15 03:52 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
    2016-11-05 22:34 - 2016-10-15 03:52 - 00410624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
    2016-11-05 22:34 - 2016-10-15 03:52 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
    2016-11-05 22:34 - 2016-10-15 03:52 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\systemcpl.dll
    2016-11-05 22:34 - 2016-10-15 03:51 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
    2016-11-05 22:34 - 2016-10-15 03:50 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll
    2016-11-05 22:34 - 2016-10-15 03:49 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
    2016-11-05 22:34 - 2016-10-15 03:47 - 07792640 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
    2016-11-05 22:34 - 2016-10-15 03:47 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
    2016-11-05 22:34 - 2016-10-15 03:47 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
    2016-11-05 22:34 - 2016-10-15 03:46 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
    2016-11-05 22:34 - 2016-10-15 03:45 - 01790464 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
    2016-11-05 22:34 - 2016-10-15 03:45 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
    2016-11-05 22:34 - 2016-10-15 03:44 - 00636928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
    2016-11-05 22:34 - 2016-10-15 03:42 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Geolocation.dll
    2016-11-05 22:34 - 2016-10-15 03:42 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\powercfg.exe
    2016-11-05 22:34 - 2016-10-15 03:41 - 00945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
    2016-11-05 22:34 - 2016-10-15 03:41 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
    2016-11-05 22:34 - 2016-10-15 03:39 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
    2016-11-05 22:34 - 2016-10-15 03:39 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
    2016-11-05 22:34 - 2016-10-15 03:39 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
    2016-11-05 22:34 - 2016-10-15 03:39 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
    2016-11-05 22:34 - 2016-10-15 03:39 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
    2016-11-05 22:34 - 2016-10-15 03:37 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
    2016-11-05 22:34 - 2016-10-15 03:37 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
    2016-11-05 22:34 - 2016-10-15 03:37 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
    2016-11-05 22:34 - 2016-10-15 03:36 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
    2016-11-05 22:34 - 2016-10-15 03:36 - 00983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
    2016-11-05 22:34 - 2016-10-15 03:36 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
    2016-11-05 22:34 - 2016-10-15 03:35 - 02005504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
    2016-11-05 22:34 - 2016-10-15 03:35 - 00905216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
    2016-11-05 22:34 - 2016-10-15 03:34 - 02476544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
    2016-11-05 22:34 - 2016-10-15 03:34 - 00936448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
    2016-11-03 22:47 - 2016-11-03 22:47 - 00000000 ____D C:\WINDOWS\system32\da591b824a9ede442b081..bin
    2016-11-03 18:41 - 2016-11-07 18:32 - 00000000 ____D C:\Users\molli\AppData\LocalLow\uTorrent
    2016-11-03 07:32 - 2016-11-03 07:32 - 00595624 _____ (COMODO) C:\WINDOWS\system32\CcavGuard64.dll
    2016-11-03 07:32 - 2016-11-03 07:32 - 00463016 _____ (COMODO) C:\WINDOWS\SysWOW64\CcavGuard32.dll
    2016-11-03 07:32 - 2016-11-03 07:32 - 00154208 _____ (COMODO) C:\WINDOWS\system32\Drivers\CmdCCAV.sys
    2016-11-03 06:07 - 2016-11-03 06:07 - 00000000 ____D C:\WINDOWS\system32\ÿÿÿÿÿÿÿÿ
    2016-11-02 20:46 - 2016-11-02 20:46 - 00000943 _____ C:\Users\Public\Desktop\AVG.lnk
    2016-10-28 19:21 - 2016-10-28 19:21 - 00000000 ____D C:\Users\molli\AppData\LocalLow\AMD
    2016-10-28 05:38 - 2016-10-28 05:38 - 00000000 ____D C:\WINDOWS\system32\4d87ab824a9ede442b081..bin
    2016-10-27 22:54 - 2016-10-27 22:54 - 00000000 ____D C:\WINDOWS\system32\ÿÿÿÿÿÿÿÿerStore
    2016-10-26 01:04 - 2016-10-26 01:04 - 09405464 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdvlk64.dll
    2016-10-26 01:04 - 2016-10-26 01:04 - 07589400 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdvlk32.dll
    2016-10-26 01:04 - 2016-10-26 01:04 - 02463248 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amfrt64.dll
    2016-10-26 01:04 - 2016-10-26 01:04 - 02150928 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amfrt32.dll
    2016-10-26 01:04 - 2016-10-26 01:04 - 00909328 _____ (AMD) C:\WINDOWS\system32\coinst_16.40.dll
    2016-10-26 01:04 - 2016-10-26 01:04 - 00768016 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdlvr64.dll
    2016-10-26 01:04 - 2016-10-26 01:04 - 00643096 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdlvr32.dll
    2016-10-26 01:04 - 2016-10-26 01:04 - 00310808 _____ C:\WINDOWS\system32\dgtrayicon.exe
    2016-10-26 01:04 - 2016-10-26 01:04 - 00293400 _____ C:\WINDOWS\system32\GameManager64.dll
    2016-10-26 01:04 - 2016-10-26 01:04 - 00258064 _____ C:\WINDOWS\SysWOW64\GameManager32.dll
    2016-10-26 01:04 - 2016-10-26 01:04 - 00100888 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmcl64.dll
    2016-10-26 01:04 - 2016-10-26 01:04 - 00084496 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmcl32.dll
    2016-10-26 01:04 - 2016-10-26 01:04 - 00077840 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ati2erec.dll
    2016-10-24 13:06 - 2016-10-24 13:06 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
    2016-10-24 13:06 - 2016-10-24 13:06 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
    2016-10-24 13:06 - 2016-10-24 13:06 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
    2016-10-24 13:06 - 2016-10-24 13:06 - 00041576 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
    2016-10-20 09:13 - 2016-10-20 09:13 - 02365296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WudfUpdate_01011.dll
    2016-10-17 08:57 - 2016-10-17 08:57 - 00115902 _____ C:\Users\molli\Downloads\D441.tmp
    2016-10-17 08:56 - 2016-10-17 08:56 - 00034854 _____ C:\Users\molli\Downloads\D955.tmp
    2016-10-17 08:53 - 2016-10-17 08:54 - 00000000 ____D C:\Users\molli\Desktop\Lana at Pumkin patch in UK 16 Oct 2016
    2016-10-15 21:12 - 2016-10-15 21:12 - 00000000 ____D C:\ProgramData\WEBREG
    2016-10-15 21:07 - 2016-10-15 21:12 - 00000000 ____D C:\Users\molli\AppData\Roaming\HP
    2016-10-15 21:07 - 2016-10-15 21:07 - 00000000 ____D C:\Users\molli\AppData\Local\HP
    2016-10-15 21:00 - 2016-10-15 21:00 - 00018462 _____ C:\Users\molli\Downloads\[kickass.cd]Marvels Jessica Jones - Season 1 - 720p WEBRiP - x265 HEVC- SNG.torrent
    2016-10-15 20:57 - 2016-04-14 20:47 - 00194187 ____N C:\WINDOWS\hpoins21.dat.temp
    2016-10-15 20:57 - 2012-10-14 13:47 - 00006174 ____N C:\WINDOWS\hpomdl21.dat.temp
    2016-10-15 20:57 - 2012-08-21 06:55 - 01421312 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\hpotiop5.dll
    2016-10-15 20:57 - 2009-07-08 10:51 - 00938496 _____ (Hewlett-Packard) C:\WINDOWS\system32\hpowiax5.dll
    2016-10-15 20:57 - 2009-07-08 10:51 - 00540672 _____ (Hewlett-Packard) C:\WINDOWS\system32\hppldcoi.dll
    2016-10-15 20:57 - 2009-07-08 10:51 - 00505344 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\hpovst12.dll
    2016-10-15 20:50 - 2016-10-15 20:51 - 00005625 _____ C:\Users\molli\Downloads\[kickass.cd]Westworld.S01E02.WEBRip.x264-FUM[ettv].torrent
    2016-10-15 20:50 - 2016-10-15 20:50 - 00005833 _____ C:\Users\molli\Downloads\[kickass.cd]Westworld.S01E01.HDTV.x264-FUM[ettv].torrent
    2016-10-15 20:49 - 2016-10-15 20:49 - 00005384 _____ C:\Users\molli\Downloads\[kickass.cd]MacGyver.2016.S01E01.HDTV.x264-LOL[ettv].torrent
    2016-10-15 04:57 - 2016-10-15 04:59 - 00325644 _____ C:\WINDOWS\Minidump\101516-38125-01.dmp

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-11-14 09:41 - 2016-09-28 08:23 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
    2016-11-14 02:31 - 2016-09-28 08:27 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
    2016-11-14 02:31 - 2016-09-28 08:27 - 00065536 _____ C:\WINDOWS\psp_storage.bin
    2016-11-14 02:30 - 2016-09-28 08:56 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2016-11-14 02:30 - 2015-11-28 19:40 - 02862334 _____ C:\WINDOWS\SysWOW64\rootpa.e2e
    2016-11-14 02:01 - 2016-07-16 06:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
    2016-11-13 22:25 - 2015-07-10 11:04 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
    2016-11-12 21:30 - 2016-09-28 08:32 - 00000000 ____D C:\Users\molli
    2016-11-12 20:54 - 2016-04-30 07:18 - 00000000 ____D C:\Users\molli\AppData\Local\AvgSetupLog
    2016-11-12 20:51 - 2016-04-30 07:25 - 00000000 ____D C:\ProgramData\MFAData
    2016-11-12 20:01 - 2016-10-06 19:03 - 00000000 ____D C:\Users\molli\AppData\Local\ElevatedDiagnostics
    2016-11-11 02:23 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\AppReadiness
    2016-11-11 02:23 - 2016-02-13 13:20 - 00000000 __RHD C:\Users\Public\AccountPictures
    2016-11-11 02:19 - 2016-09-28 08:22 - 00343656 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2016-11-11 02:19 - 2016-07-16 11:45 - 00000000 ____D C:\WINDOWS\INF
    2016-11-11 02:17 - 2016-07-16 11:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2016-11-11 02:17 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
    2016-11-11 02:17 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\oobe
    2016-11-11 02:17 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\migwiz
    2016-11-11 02:17 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
    2016-11-11 02:17 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\bcastdvr
    2016-11-11 01:10 - 2016-07-16 11:36 - 00000000 ____D C:\WINDOWS\CbsTemp
    2016-11-11 00:50 - 2016-09-28 08:56 - 00003658 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task
    2016-11-11 00:47 - 2016-04-11 01:11 - 00000000 ____D C:\WINDOWS\system32\MRT
    2016-11-11 00:43 - 2016-04-11 01:11 - 141011376 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2016-11-10 22:12 - 2016-07-16 06:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
    2016-11-09 08:23 - 2016-07-16 11:47 - 00000000 ___SD C:\WINDOWS\system32\Nui
    2016-11-09 08:23 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\L2Schemas
    2016-11-09 08:22 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\SysWOW64\icsxml
    2016-11-09 08:22 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\icsxml
    2016-11-09 08:22 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
    2016-11-09 08:20 - 2016-07-16 11:47 - 00000000 ___HD C:\Program Files\WindowsApps
    2016-11-09 08:16 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\registration
    2016-11-08 19:05 - 2015-11-28 19:30 - 00000000 ____D C:\ProgramData\AMD
    2016-11-08 14:50 - 2016-09-29 03:03 - 00000000 ____D C:\WINDOWS\Minidump
    2016-11-08 14:50 - 2016-09-29 03:02 - 839943746 _____ C:\WINDOWS\MEMORY.DMP
    2016-11-08 14:48 - 2016-04-09 20:17 - 00000000 ____D C:\Users\molli\AppData\Roaming\uTorrent
    2016-11-08 14:46 - 2016-08-22 22:49 - 00000000 ____D C:\Users\molli\AppData\Roaming\Skype
    2016-11-08 12:48 - 2016-05-02 21:45 - 00000000 ____D C:\Users\molli\Desktop\excel spread sheets
    2016-11-08 12:48 - 2016-03-30 14:50 - 00000000 ____D C:\Users\molli\AppData\Local\Packages
    2016-11-08 10:46 - 2016-04-01 21:42 - 00000000 ____D C:\Users\molli\Desktop\Watch Me
    2016-11-07 19:12 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\rescache
    2016-11-07 13:56 - 2016-04-18 22:33 - 00000938 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
    2016-11-07 13:56 - 2016-04-18 22:33 - 00000934 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
    2016-11-07 02:57 - 2016-05-02 21:46 - 00000000 ____D C:\Users\molli\Desktop\Word docs
    2016-11-06 23:45 - 2016-04-18 22:33 - 00000000 ____D C:\Program Files (x86)\Dropbox
    2016-11-06 23:38 - 2016-09-28 08:56 - 00003998 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
    2016-11-06 23:38 - 2016-09-28 08:56 - 00003766 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
    2016-11-06 16:57 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
    2016-11-06 16:56 - 2016-07-16 11:47 - 00015425 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
    2016-11-06 15:17 - 2016-09-28 08:28 - 00000000 ____D C:\Program Files (x86)\AMD
    2016-11-06 15:17 - 2016-09-28 08:27 - 00000000 ____D C:\AMD
    2016-11-05 20:36 - 2016-04-21 17:05 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2016-11-05 13:59 - 2016-09-28 08:56 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
    2016-11-05 13:59 - 2016-07-16 11:47 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
    2016-11-05 13:59 - 2016-07-16 11:47 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
    2016-11-05 13:59 - 2016-07-16 11:47 - 00000000 ___SD C:\WINDOWS\system32\F12
    2016-11-05 13:59 - 2016-07-16 11:47 - 00000000 ___SD C:\WINDOWS\system32\dsc
    2016-11-05 13:59 - 2016-07-16 11:47 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
    2016-11-05 13:59 - 2016-07-16 11:47 - 00000000 ___RD C:\Program Files\Windows Defender
    2016-11-05 13:59 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
    2016-11-05 13:59 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\setup
    2016-11-05 13:59 - 2016-07-16 11:47 - 00000000 ____D C:\Program Files\Windows Photo Viewer
    2016-11-05 13:59 - 2016-07-16 11:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
    2016-11-05 13:59 - 2016-07-16 11:47 - 00000000 ____D C:\Program Files (x86)\Windows Defender
    2016-11-05 13:59 - 2016-07-16 06:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
    2016-11-05 13:59 - 2016-07-16 06:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
    2016-11-05 13:59 - 2016-07-16 06:04 - 00000000 ____D C:\WINDOWS\system32\Dism
    2016-11-05 13:59 - 2016-07-16 06:04 - 00000000 ____D C:\WINDOWS\servicing
    2016-11-05 13:58 - 2016-10-09 02:15 - 00000000 ____D C:\Users\molli\Desktop\Desktop mary
    2016-11-05 13:58 - 2016-09-28 08:26 - 00000000 ____D C:\Program Files\AMD
    2016-11-05 13:58 - 2016-08-31 17:13 - 00000000 ___RD C:\Program Files (x86)\Skype
    2016-11-05 13:58 - 2016-07-16 11:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
    2016-11-05 13:48 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
    2016-11-05 13:46 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
    2016-11-05 13:41 - 2016-08-31 17:13 - 00000000 ____D C:\ProgramData\Skype
    2016-11-05 13:40 - 2015-11-28 18:09 - 00000000 ____D C:\ProgramData\Lenovo
    2016-11-03 21:48 - 2016-04-21 17:03 - 00000000 ____D C:\Users\molli\AppData\Local\Adobe
    2016-11-03 05:29 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\System
    2016-11-03 05:11 - 2016-03-31 10:14 - 00000000 ____D C:\Users\molli\AppData\Local\Google
    2016-11-02 21:29 - 2015-07-16 15:54 - 01056428 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2016-11-02 20:46 - 2016-04-30 07:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
    2016-11-02 13:19 - 2016-04-30 07:47 - 00053008 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\TURegOpt.exe
    2016-10-28 23:56 - 2016-07-16 11:49 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2016-10-28 23:56 - 2016-07-16 11:49 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2016-10-26 01:04 - 2016-04-13 00:40 - 00541200 _____ (AMD) C:\WINDOWS\system32\SETD1F3.tmp
    2016-10-26 01:04 - 2016-04-13 00:40 - 00305168 _____ (AMD) C:\WINDOWS\system32\SETD155.tmp
    2016-10-26 01:04 - 2016-03-30 15:02 - 01351184 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\SETCDF3.tmp
    2016-10-26 01:04 - 2016-03-30 15:02 - 01015824 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\SETE205.tmp
    2016-10-24 23:31 - 2016-03-31 10:15 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-10-19 11:29 - 2016-07-16 11:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2016-10-19 11:25 - 2016-04-13 23:12 - 00000000 ____D C:\Program Files\Microsoft Office 15
    2016-10-18 16:44 - 2016-04-30 07:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    2016-10-15 21:11 - 2016-04-14 20:01 - 00194333 _____ C:\WINDOWS\hpoins21.dat
    2016-10-15 21:08 - 2016-04-14 20:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
    2016-10-15 21:08 - 2016-04-14 20:01 - 00000000 ____D C:\ProgramData\HP
    2016-10-15 21:05 - 2016-04-14 20:28 - 00000000 ____D C:\Program Files (x86)\HP
    2016-10-15 20:42 - 2015-07-10 11:04 - 00000127 _____ C:\WINDOWS\win.ini

    ==================== Files in the root of some directories =======

    2016-03-30 14:50 - 2016-11-14 01:55 - 0591753 _____ () C:\Users\molli\AppData\Local\BTServer.log
    2016-09-28 08:25 - 2016-09-28 08:25 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
    2016-10-15 20:58 - 2016-10-15 21:11 - 0001901 _____ () C:\ProgramData\hpzinstall.log
    2016-09-28 08:26 - 2016-09-28 08:26 - 0000102 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc

    Files to move or delete:
    ====================
    C:\Users\molli\AppData\Local\Temp\DeleteOnReboot.bat


    Some files in TEMP:
    ====================
    C:\Users\molli\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\molli\AppData\Local\Temp\libeay32.dll
    C:\Users\molli\AppData\Local\Temp\msvcr120.dll
    C:\Users\molli\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-11-11 00:48

    ==================== End of FRST.txt ============================

  2. #17
    Join Date
    Sep 2005
    Location
    Limerick, Ireland
    Posts
    138
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-11-2016
    Ran by molli (14-11-2016 09:49:38)
    Running from C:\Users\molli\Desktop
    Windows 10 Home Version 1607 (X64) (2016-09-28 09:01:23)
    Boot Mode: Safe Mode (with Networking)
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3805500227-4192919812-1505005631-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-3805500227-4192919812-1505005631-503 - Limited - Disabled)
    Guest (S-1-5-21-3805500227-4192919812-1505005631-501 - Limited - Disabled)
    molli (S-1-5-21-3805500227-4192919812-1505005631-1002 - Administrator - Enabled) => C:\Users\molli

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: COMODO Cloud Antivirus (Disabled - Up to date) {D0CC7563-ABD2-DEBE-138E-FDD553335AF2}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
    AS: COMODO Sandbox (Disabled - Up to date) {6BAD9487-8DE8-D130-293E-C6A728B4104F}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKU\S-1-5-21-3805500227-4192919812-1505005631-1002\...\uTorrent) (Version: 3.4.9.42606 - BitTorrent Inc.)
    64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
    AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
    AMD Catalyst Install Manager (HKLM\...\{48EE9260-CB2A-8D6A-8C5D-4715C37E40D4}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
    AMD Radeon Settings (HKLM\...\WUCCCApp) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.)
    AVG (HKLM\...\AvgZen) (Version: 1.111.2.45832 - AVG Technologies)
    AVG (Version: 16.121.7859 - AVG Technologies) Hidden
    AVG 2016 (Version: 16.0.4664 - AVG Technologies) Hidden
    AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 16.62.2.46691 - AVG Technologies)
    AVG PC TuneUp (x32 Version: 16.62.4 - AVG Technologies) Hidden
    AVG Protection (HKLM\...\AVG) (Version: 2016.121.7859 - AVG Technologies)
    AVG Zen (Version: 1.111.9 - AVG Technologies) Hidden
    BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
    C5200 (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
    Cardo Updater (HKLM-x32\...\Cardo Updater_is1) (Version: - Cardo Systems, Inc.)
    Catalyst Control Center Next Localization BR (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization BR (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization BR (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization CHS (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization CHS (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization CHS (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization CHT (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization CHT (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization CHT (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization CS (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization CS (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization CS (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization DA (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization DA (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization DA (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization DE (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization DE (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization DE (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization EL (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization EL (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization EL (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization ES (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization ES (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization ES (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization FI (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization FI (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization FI (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization FR (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization FR (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization FR (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization HU (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization HU (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization HU (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization IT (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization IT (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization IT (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization JA (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization JA (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization JA (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization KO (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization KO (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization KO (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization NL (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization NL (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization NL (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization NO (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization NO (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization NO (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization PL (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization PL (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization PL (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization RU (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization RU (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization RU (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization SV (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization SV (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization SV (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization TH (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization TH (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization TH (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization TR (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization TR (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization TR (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
    Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
    COMODO Cloud Antivirus (HKLM-x32\...\COMODO Cloud Antivirus_list_uninstall) (Version: 1.7.402730.374 - COMODO)
    COMODO Cloud Antivirus (x32 Version: 1.7.374.0 - COMODO) Hidden
    Components (x32 Version: 1.0.023.00 - Lenovo) Hidden
    Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
    CutePDF Writer 3.1 (HKLM\...\CutePDF Writer Installation) (Version: 3.1 - Acro Software Inc.)
    CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.5521 - CyberLink Corp.)
    Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
    DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
    DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
    Dolby Audio X2 Windows API SDK (HKLM\...\{6A478BF2-F67F-4ABC-A7F1-B6B5BA862371}) (Version: 0.5.2.32 - Dolby Laboratories, Inc.)
    Dolby Audio X2 Windows APP (HKLM\...\{7DA57EF8-9D20-4126-AF15-D0CC97D0C017}) (Version: 0.4.0.22 - Dolby Laboratories, Inc.)
    Dropbox (HKLM-x32\...\Dropbox) (Version: 13.4.21 - Dropbox, Inc.)
    Dropbox Update Helper (x32 Version: 1.3.51.1 - Dropbox, Inc.) Hidden
    Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
    FMW 1 (Version: 1.132.1 - AVG Technologies) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.71 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
    GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
    HiSuite (HKLM-x32\...\Hi Suite) (Version: 1.0 - Huawei Technologies Co.,Ltd)
    HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
    HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
    HP Photosmart All-In-One Driver Software (HKLM\...\{A96C5DB7-40F9-46DD-B36F-9E657D1D9E04}) (Version: 14.0 - HP)
    HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
    HP Support Assistant (HKLM-x32\...\{78E2C850-ADA6-420D-BA35-2F4A9BE733CC}) (Version: 8.3.34.7 - HP)
    HP Support Solutions Framework (HKLM-x32\...\{CE7447C2-EF12-4EF3-BE51-BFC3B049C0F6}) (Version: 12.5.32.37 - HP)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
    HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
    HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
    Internet Security Essentials (HKLM-x32\...\ComodoIse) (Version: 1.1.400604.29 - Comodo)
    Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11105 - Realtek Semiconductor Corp.)
    Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 2.0.9.0 - Lenovo)
    Lenovo FusionEngine (HKLM-x32\...\Lenovo FusionEngine) (Version: 1.0.13.0 - Lenovo, Inc.)
    Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.4706 - CyberLink Corp.)
    Lenovo OneKey Recovery (Version: 8.1.0.4706 - CyberLink Corp.) Hidden
    Lenovo Photo Master (HKLM-x32\...\{BC94C56A-3649-420C-8756-2ADEBE399D33}) (Version: 2.1.5222.01 - CyberLink Corp.)
    Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.71.2 - ELAN Microelectronic Corp.)
    Lenovo PowerDVD12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5604.55 - CyberLink Corp.)
    Lenovo PowerDVD12 (x32 Version: 12.0.5604.55 - CyberLink Corp.) Hidden
    Lenovo QuickOptimizer (HKLM\...\{8D2C871B-1B9F-45AC-9C43-2BB18089CDFA}) (Version: 1.0.022.00 - Lenovo)
    Lenovo Solution Center (HKLM\...\{C1FC707B-AE6B-4DC4-89A5-6628A01F8103}) (Version: 3.3.003.00 - Lenovo)
    Lenovo System Interface Foundation (HKLM\...\{C2E5CA37-C862-4A69-AC6D-24F450A20C16}) (Version: 1.0.067.00 - Lenovo)
    LenovoUtility (HKLM-x32\...\InstallShield_{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 3.0.0.4 - Lenovo)
    LenovoUtility (x32 Version: 3.0.0.4 - Lenovo) Hidden
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    MarketResearch (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
    Metric Collection SDK (x32 Version: 1.1.0012.00 - Lenovo Group Limited) Hidden
    Metric Collection SDK 35 (x32 Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
    Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4867.1003 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Mozilla Firefox 45.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 en-US)) (Version: 45.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.1 - Mozilla)
    Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
    OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
    OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4867.1003 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4867.1003 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4867.1003 - Microsoft Corporation) Hidden
    PS_AIO_02_ProductContext (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
    PS_AIO_02_Software (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
    PS_AIO_02_Software_Min (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
    REACHit (HKLM-x32\...\{4532E4C5-C84D-4040-A044-ECFCC5C6995B}) (Version: 2.5.005.12 - Lenovo)
    REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.868.867.071015 - REALTEK Semiconductor Corp.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7624 - Realtek Semiconductor Corp.)
    REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0276 - REALTEK Semiconductor Corp.)
    RogueKiller version 12.8.0.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.8.0.0 - Adlice Software)
    Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
    SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 3.2.0.543 - Lenovo)
    Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
    Skype™ 7.28 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.28.101 - Skype Technologies S.A.)
    SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
    Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
    Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
    TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
    User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 4.0.0.1 - Lenovo)
    User Manuals (x32 Version: 4.0.0.1 - Lenovo) Hidden
    Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
    Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-3805500227-4192919812-1505005631-1002_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3805500227-4192919812-1505005631-1002_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\molli\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileCoAuth.exe (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3805500227-4192919812-1505005631-1002_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A}\InprocServer32 -> C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0F2FD7D9-E92E-4945-9BFA-BA1E723D92E8} - System32\Tasks\0216pizUpdateInfo => C:\ProgramData\Avg_Update_0216piz\0216piz_AVG-Secure-Search-Update.exe [2016-02-16] ()
    Task: {0F60B371-696D-415B-9A1A-8978010FB4C8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-05-06] (Microsoft Corporation)
    Task: {10DE4B3A-E667-434E-B5EA-228698F17C98} - System32\Tasks\Lenovo\REACHit Agent Startup => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe [2016-05-18] (Lenovo)
    Task: {22F70DE8-F69F-484F-AE63-E602B0146EFF} - System32\Tasks\Lenovo\Experience Improvement => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [2016-03-30] (Lenovo)
    Task: {25DA836F-A59B-485B-8C27-89742751A4C0} - System32\Tasks\UMonitor Task => C:\WINDOWS\SysWOW64\UMonit64.exe [2015-08-29] ()
    Task: {2985110D-D1C2-4435-AAD9-9E63C6530BDC} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-08-18] (HP Inc.)
    Task: {2DB85D67-D8D7-4643-B165-85E54A9A413F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-10-03] (Microsoft Corporation)
    Task: {32914283-B6C7-4535-8188-8D00D6708152} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => Sc.exe START ImControllerService
    Task: {543E4E37-84FB-4B80-AF58-4B8D55D643D8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
    Task: {57B6E8DE-C30C-4E36-A649-36A8154983BD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-05-06] (Microsoft Corporation)
    Task: {6DB73BB3-2A8E-4827-91F4-A28523AB288A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
    Task: {701B9749-3974-4F68-A006-AE597F3C72C3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
    Task: {71280683-330D-4B63-9359-2F27C6EE4813} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
    Task: {73EF4189-26C6-4149-809A-5660C9F963BC} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-04-18] (Dropbox, Inc.)
    Task: {8C2A3648-2F5F-468F-B210-A6AA6726F929} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-31] (Google Inc.)
    Task: {8D237260-DFE1-4AEB-9F42-B28066B3AA2E} - \AVGPCTuneUp_Task_BkGndMaintenance -> No File <==== ATTENTION
    Task: {916C24D9-8D4C-4D5B-A8D9-C6204A5DAA0C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-10-03] (Microsoft Corporation)
    Task: {96233069-34F9-4F33-98B7-6F87E6DB712E} - System32\Tasks\Lenovo\REACHit Agent Update => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe [2016-05-18] (Lenovo)
    Task: {9A4F5C1C-787F-472D-9A54-99C7F495264C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-10-12] (HP Inc.)
    Task: {9D520ADD-330E-403F-9988-942F97CC9872} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2016-06-02] (Lenovo)
    Task: {B36B7D14-0AAF-40B3-882E-EC96A429844C} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
    Task: {C6F2710D-E818-496B-8338-97AB3BF229CF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-31] (Google Inc.)
    Task: {CD4FF16A-723C-48EE-BBBC-B9BAF6276A2C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)
    Task: {CE64F059-0402-4941-846D-085CC3309FAB} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-08] (Lenovo)
    Task: {DA2B9286-BBF1-4F1F-8093-BFF79841E8E6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
    Task: {E8C80844-8C86-4CD1-A122-C43C07AC5C73} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSC.Services.UpdateStatusService.exe [2016-06-02] ()
    Task: {E95775B7-2569-4D78-96D5-EBBE1963FC6E} - System32\Tasks\CyberLink\Photo Master Gadget startup => C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoMasterWorker.exe [2016-04-22] (CyberLink Corp.)
    Task: {EA3DF744-CD07-42B8-9A1D-C9CA26CD96E6} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_TVSUUpdateTask => add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
    Task: {F056B9E3-8802-41E7-83C2-27AE79F98F85} - System32\Tasks\PDVDServ12 Task => C:\Program Files (x86)\Lenovo\PowerDVD12\PDVD12Serv.exe [2015-08-05] (CyberLink Corp.)
    Task: {F6722126-3039-4BE0-A61C-35002D6B7530} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-04-18] (Dropbox, Inc.)
    Task: {FABEB7FD-365A-4F41-8804-25A91DC67F5C} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2016-07-16 11:42 - 2016-07-16 11:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
    2016-09-30 09:30 - 2016-09-15 17:25 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
    2016-09-30 09:30 - 2016-09-15 17:25 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
    2016-09-28 17:15 - 2016-09-28 17:15 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
    2016-11-09 01:20 - 2016-11-02 10:30 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
    2016-11-09 01:19 - 2016-11-02 10:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2016-11-09 01:19 - 2016-11-02 10:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2016-11-09 01:19 - 2016-11-02 10:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
    2016-11-09 01:19 - 2016-11-02 10:15 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
    2016-11-09 01:19 - 2016-11-02 10:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2016-11-09 01:19 - 2016-11-02 10:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2016-11-12 20:06 - 2016-09-06 11:00 - 05197312 _____ () C:\Users\molli\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libglesv2.dll
    2016-11-12 20:06 - 2016-09-06 11:00 - 00147456 _____ () C:\Users\molli\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libegl.dll
    2016-11-12 20:06 - 2016-11-12 20:06 - 17772736 _____ () C:\Users\molli\AppData\Local\Google\Chrome\User Data\PepperFlash\23.0.0.207\pepflashplayer.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2015-07-10 11:04 - 2015-07-10 11:02 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3805500227-4192919812-1505005631-1002\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
    DNS Servers: 192.168.192.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    HKLM\...\StartupApproved\Run32: => "HP Software Update"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [{249DCE75-8FF1-4058-BE14-9B8E475456B6}] => (Allow) C:\Program Files (x86)\Lenovo\Lenovo Photo Master\subsys\AdvPhotoEditor\PhotoDirector5.exe
    FirewallRules: [{168F5C22-F55D-4A58-94D1-F0E3A62BB92B}] => (Allow) C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoPlus.exe
    FirewallRules: [{A68638B0-8717-4262-9EB3-5DF4E4FFA1F0}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{0153588C-5FB3-4D90-8EFF-896EA03A5163}] => (Allow) C:\Program Files (x86)\Cardo Updater\CardoUpdater.exe
    FirewallRules: [{833CA06F-2383-4DE5-BCFE-5A188FE9C97B}] => (Allow) C:\Program Files (x86)\Cardo Updater\CardoUpdater.exe
    FirewallRules: [{8AD2B94D-FBF8-47B3-955B-7C3E086FBB08}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
    FirewallRules: [{E481928A-6DF8-43E7-A73F-8AB1C55A55D4}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
    FirewallRules: [{E4269B6A-2AF4-4433-A796-DD3974B85812}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
    FirewallRules: [{481B048F-007A-42AD-961D-28BCEC41E8AE}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
    FirewallRules: [{8889801F-7EB4-432C-8768-C490E27197F7}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
    FirewallRules: [{575CE42D-CB61-42FB-A3F9-18744F78845F}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
    FirewallRules: [{1CDE9368-64B5-4D45-9B5D-2AA54BC0D6A9}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
    FirewallRules: [{94730DE6-53B6-46EA-BCDA-41F5D74CC353}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
    FirewallRules: [{819D00F5-A1E6-4C58-B35F-E4C807B36E9F}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
    FirewallRules: [{F2140B2B-F580-4E87-9161-671669890C72}] => (Allow) C:\Users\molli\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{E55B8E25-78E6-4B2F-A90C-17F0E934666F}] => (Allow) C:\Users\molli\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{06892A88-06A5-4BF4-9F47-AFBC50AAA457}] => (Allow) C:\Users\molli\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{59C3339F-516B-4E70-8E88-76BCE2D043C1}] => (Allow) C:\Users\molli\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{B8AED7C4-57CF-4BDD-BF0A-6C95BB4DDD9D}] => (Allow) C:\Users\molli\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{07A9E33B-637E-44C4-92F6-EA1B6593A40A}] => (Allow) C:\Users\molli\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{136EA3A9-FCF2-498C-A2D1-3C64CF935121}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{F9540F37-57E8-4440-ADA4-586276A2894C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{A00A74F3-7F75-4658-8241-C2A62B52A4E0}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
    FirewallRules: [{7C11E1D0-001D-40B3-8239-B4A851C674FF}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
    FirewallRules: [{D35F49DC-8A11-49AD-ADC4-E786156CEA02}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    FirewallRules: [{85C72577-23C7-4ADC-A6AF-A4769E09CF0F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
    FirewallRules: [{D5D81A35-A848-4BBE-BC40-163CFB49E067}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
    FirewallRules: [{ECBAF2CC-E2CC-42DA-89A5-6A2B10F9FBEC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
    FirewallRules: [{21454B6C-61C2-426A-A63C-2AF316F2136D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
    FirewallRules: [{AFBDFC6D-17BC-4E03-8CBC-83BB1321047A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
    FirewallRules: [{6283E653-DEE2-4E9D-8C74-B703E4567583}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
    FirewallRules: [{9472BDAA-662C-4F29-98B0-F714B153823B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
    FirewallRules: [{3B78500B-C9E9-4833-9B29-1C46AA276348}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
    FirewallRules: [{8ADED271-20FF-4CDB-96C1-0E7D9F007AEE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
    FirewallRules: [{6864749C-43B2-47C4-9E3B-763CA1593B3C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
    FirewallRules: [{CA1583A6-95A2-4EF1-B998-1E7D28852466}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
    FirewallRules: [{8D8BCE91-46A0-4AA7-9DDA-0C711CDFB03F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
    FirewallRules: [{DF6DC4B7-3E77-4BDB-843F-C58306E2AD4D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
    FirewallRules: [{BD44DEAD-03E8-4C67-A61E-526547D9837A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
    FirewallRules: [{251D6BEC-47FD-4DBB-91BB-701F9A5308C0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    FirewallRules: [{311A8BD1-BF43-4133-848C-85E82D700222}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
    FirewallRules: [{A63FB4BF-0BCA-40BE-BCB9-500EA0672707}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
    FirewallRules: [{3F940AA2-3D16-4E16-8EFA-86CECCA919A4}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
    FirewallRules: [{52166BF9-0F9A-4E5D-AECD-DE1891C690BF}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
    FirewallRules: [{9075C3E2-1C35-4E00-A903-70DA441A9695}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
    FirewallRules: [{F8471373-7EBC-4765-BA54-9DEA00BE2D59}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
    FirewallRules: [{C68F0323-BF3C-4B18-93E6-5C71B4E0004B}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
    FirewallRules: [{DD30546A-D375-4720-8515-6728528D2AFD}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
    FirewallRules: [{A9869D95-B240-4418-B277-9A1910EBC351}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
    FirewallRules: [{3B00B3BB-D7B1-4959-B94E-F2C3C4197294}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
    FirewallRules: [{5F4B4C58-67ED-4C3E-BF28-8A222859F44D}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
    FirewallRules: [{56ED56A4-CC62-433C-A5CB-A2B75C195EE9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{ECAE697E-E824-4946-AB0B-2CCC3F5D7926}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

    ==================== Restore Points =========================

    08-11-2016 18:14:54 Restore Operation

    ==================== Faulty Device Manager Devices =============

    Name: System Interface Foundation Device
    Description: System Interface Foundation Device
    Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
    Manufacturer: Lenovo
    Service: WUDFRd
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (11/14/2016 02:44:49 AM) (Source: System Restore) (EventID: 8193) (User: )
    Description: Failed to create restore point (Process = C:\Users\molli\AppData\Local\Temp\jrt\CreateRestorePoint.exe "JRT Pre-Junkware Removal"; Description = JRT Pre-Junkware Removal; Error = 0x8007043c).

    Error: (11/14/2016 02:44:27 AM) (Source: System Restore) (EventID: 8193) (User: )
    Description: Failed to create restore point (Process = C:\Users\molli\AppData\Local\Temp\jrt\CreateRestorePoint.exe "JRT Pre-Junkware Removal"; Description = JRT Pre-Junkware Removal; Error = 0x8007043c).

    Error: (11/14/2016 02:23:20 AM) (Source: DbxSvc) (EventID: 320) (User: )
    Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

    Error: (11/14/2016 02:19:28 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: svchost.exe, version: 10.0.14393.0, time stamp: 0x57899b1c
    Faulting module name: ntdll.dll, version: 10.0.14393.447, time stamp: 0x5819bc32
    Exception code: 0xc0000008
    Fault offset: 0x00000000000a8aba
    Faulting process id: 0xcb0
    Faulting application start time: 0x01d23e1d56c97010
    Faulting application path: C:\WINDOWS\system32\svchost.exe
    Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
    Report Id: ea90589a-3392-4ef7-85ff-af43d46953af
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (11/14/2016 02:18:07 AM) (Source: DbxSvc) (EventID: 320) (User: )
    Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

    Error: (11/14/2016 02:15:46 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: svchost.exe, version: 10.0.14393.0, time stamp: 0x57899b1c
    Faulting module name: ntdll.dll, version: 10.0.14393.447, time stamp: 0x5819bc32
    Exception code: 0xc0000008
    Fault offset: 0x00000000000a8aba
    Faulting process id: 0xcb0
    Faulting application start time: 0x01d23e1cd23aafb4
    Faulting application path: C:\WINDOWS\system32\svchost.exe
    Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
    Report Id: 4041302a-1a69-49af-a6f9-a5289bb8dfe7
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (11/14/2016 02:14:25 AM) (Source: DbxSvc) (EventID: 320) (User: )
    Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

    Error: (11/14/2016 02:11:57 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: svchost.exe, version: 10.0.14393.0, time stamp: 0x57899b1c
    Faulting module name: ntdll.dll, version: 10.0.14393.447, time stamp: 0x5819bc32
    Exception code: 0xc0000008
    Fault offset: 0x00000000000a8aba
    Faulting process id: 0xd14
    Faulting application start time: 0x01d23e1c4a4718a2
    Faulting application path: C:\WINDOWS\system32\svchost.exe
    Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
    Report Id: c7cd2dca-d98e-4df6-8d95-97ebe176027c
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (11/14/2016 02:10:37 AM) (Source: DbxSvc) (EventID: 320) (User: )
    Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

    Error: (11/14/2016 02:02:32 AM) (Source: DbxSvc) (EventID: 320) (User: )
    Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.


    System errors:
    =============
    Error: (11/14/2016 09:51:00 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
    Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "Unavailable" in order to run the server:
    {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error: (11/14/2016 09:50:43 AM) (Source: DCOM) (EventID: 10005) (User: LAPTOP-3VS60BL9)
    Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
    {DD522ACC-F821-461A-A407-50B198B896DC}

    Error: (11/14/2016 09:49:39 AM) (Source: DCOM) (EventID: 10005) (User: LAPTOP-3VS60BL9)
    Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
    {B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

    Error: (11/14/2016 09:49:39 AM) (Source: DCOM) (EventID: 10005) (User: LAPTOP-3VS60BL9)
    Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
    {B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

    Error: (11/14/2016 09:49:39 AM) (Source: DCOM) (EventID: 10005) (User: LAPTOP-3VS60BL9)
    Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
    {DD522ACC-F821-461A-A407-50B198B896DC}

    Error: (11/14/2016 09:49:29 AM) (Source: DCOM) (EventID: 10005) (User: LAPTOP-3VS60BL9)
    Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
    {B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

    Error: (11/14/2016 09:49:29 AM) (Source: DCOM) (EventID: 10005) (User: LAPTOP-3VS60BL9)
    Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
    {B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

    Error: (11/14/2016 09:49:29 AM) (Source: DCOM) (EventID: 10005) (User: LAPTOP-3VS60BL9)
    Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
    {DD522ACC-F821-461A-A407-50B198B896DC}

    Error: (11/14/2016 09:46:57 AM) (Source: DCOM) (EventID: 10005) (User: LAPTOP-3VS60BL9)
    Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
    {DD522ACC-F821-461A-A407-50B198B896DC}

    Error: (11/14/2016 09:46:50 AM) (Source: DCOM) (EventID: 10005) (User: LAPTOP-3VS60BL9)
    Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
    {B52D54BB-4818-4EB9-AA80-F9EACD371DF8}


    CodeIntegrity:
    ===================================
    Date: 2016-11-14 02:33:51.593
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\CcavGuard64.dll that did not meet the Windows signing level requirements.

    Date: 2016-11-14 02:33:49.538
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\wininit.exe) attempted to load \Device\HarddiskVolume3\Windows\SysWOW64\CcavGuard32.dll that did not meet the Windows signing level requirements.

    Date: 2016-11-14 02:23:33.676
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\iseguard64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-11-14 02:23:23.453
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\CcavGuard64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-11-14 02:22:42.148
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\iseguard64.dll that did not meet the Windows signing level requirements.

    Date: 2016-11-14 02:22:41.947
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\CcavGuard64.dll that did not meet the Windows signing level requirements.

    Date: 2016-11-14 02:22:40.110
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\wininit.exe) attempted to load \Device\HarddiskVolume3\Windows\SysWOW64\iseguard32.dll that did not meet the Windows signing level requirements.

    Date: 2016-11-14 02:22:39.705
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\wininit.exe) attempted to load \Device\HarddiskVolume3\Windows\SysWOW64\CcavGuard32.dll that did not meet the Windows signing level requirements.

    Date: 2016-11-14 02:18:07.786
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\iseguard64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-11-14 02:18:07.656
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\CcavGuard64.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    ==================== Memory info ===========================

    Processor: AMD FX-8800P Radeon R7, 12 Compute Cores 4C+8G
    Percentage of memory in use: 20%
    Total physical RAM: 7127.18 MB
    Available physical RAM: 5676.16 MB
    Total Virtual: 8279.18 MB
    Available Virtual: 6965.46 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:885.92 GB) (Free:606.75 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:23.14 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: C57589EA)

    Partition: GPT.

    ==================== End of Addition.txt ============================

  3. #18
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
    Attached Files Attached Files

  4. #19
    Join Date
    Sep 2005
    Location
    Limerick, Ireland
    Posts
    138
    Fix result of Farbar Recovery Scan Tool (x64) Version: 12-11-2016
    Ran by molli (15-11-2016 05:31:35) Run:1
    Running from C:\Users\molli\Desktop
    Loaded Profiles: molli (Available Profiles: molli)
    Boot Mode: Safe Mode (with Networking)
    ==============================================

    fixlist content:
    *****************
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\RunOnce: [DeleteOnReboot] => C:\Users\molli\AppData\Local\Temp\DeleteOnReboot.bat [138 2016-11-14] () <===== ATTENTION
    C:\Users\molli\AppData\Local\Temp\DeleteOnReboot.bat
    HKU\S-1-5-21-3805500227-4192919812-1505005631-1002\...\MountPoints2: {42fc18cb-8fed-11e6-9c04-48e244826f96} - "E:\HiSuiteDownLoader.exe"
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
    U0 aswVmm; no ImagePath
    S3 dbx; system32\DRIVERS\dbx.sys [X]
    2016-03-30 14:50 - 2016-11-14 01:55 - 0591753 _____ () C:\Users\molli\AppData\Local\BTServer.log
    2016-09-28 08:25 - 2016-09-28 08:25 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
    2016-10-15 20:58 - 2016-10-15 21:11 - 0001901 _____ () C:\ProgramData\hpzinstall.log
    2016-09-28 08:26 - 2016-09-28 08:26 - 0000102 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc
    C:\Users\molli\AppData\Local\Temp\DeleteOnReboot.bat
    C:\Users\molli\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\molli\AppData\Local\Temp\libeay32.dll
    C:\Users\molli\AppData\Local\Temp\msvcr120.dll
    C:\Users\molli\AppData\Local\Temp\sqlite3.dll
    Task: {8D237260-DFE1-4AEB-9F42-B28066B3AA2E} - \AVGPCTuneUp_Task_BkGndMaintenance -> No File <==== ATTENTION

    *****************

    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\DeleteOnReboot => value removed successfully
    C:\Users\molli\AppData\Local\Temp\DeleteOnReboot.bat => moved successfully
    "HKU\S-1-5-21-3805500227-4192919812-1505005631-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{42fc18cb-8fed-11e6-9c04-48e244826f96}" => key removed successfully
    HKCR\CLSID\{42fc18cb-8fed-11e6-9c04-48e244826f96} => key not found.
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
    HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
    aswVmm => service removed successfully
    dbx => service removed successfully
    C:\Users\molli\AppData\Local\BTServer.log => moved successfully
    C:\ProgramData\DP45977C.lfl => moved successfully
    C:\ProgramData\hpzinstall.log => moved successfully
    C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc => moved successfully
    "C:\Users\molli\AppData\Local\Temp\DeleteOnReboot.bat" => not found.
    C:\Users\molli\AppData\Local\Temp\dllnt_dump.dll => moved successfully
    C:\Users\molli\AppData\Local\Temp\libeay32.dll => moved successfully
    C:\Users\molli\AppData\Local\Temp\msvcr120.dll => moved successfully
    C:\Users\molli\AppData\Local\Temp\sqlite3.dll => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8D237260-DFE1-4AEB-9F42-B28066B3AA2E}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8D237260-DFE1-4AEB-9F42-B28066B3AA2E}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVGPCTuneUp_Task_BkGndMaintenance" => key removed successfully

    ==== End of Fixlog 05:31:35 ====

  5. #20
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Last scans...

    Download Security Check from here or here and save it to your Desktop.

    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services



    Press "Scan".
    It will create a log (FSS.txt) in the same directory the tool is run.
    Please copy and paste the log to your reply.


    Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.




    Download Sophos Free Virus Removal Tool and save it to your desktop.

    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program

  6. #21
    Join Date
    Sep 2005
    Location
    Limerick, Ireland
    Posts
    138
    Ok will do those now.

  7. #22
    Join Date
    Sep 2005
    Location
    Limerick, Ireland
    Posts
    138
    Fix result of Farbar Recovery Scan Tool (x64) Version: 12-11-2016
    Ran by molli (15-11-2016 05:31:35) Run:1
    Running from C:\Users\molli\Desktop
    Loaded Profiles: molli (Available Profiles: molli)
    Boot Mode: Safe Mode (with Networking)
    ==============================================

    fixlist content:
    *****************
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\RunOnce: [DeleteOnReboot] => C:\Users\molli\AppData\Local\Temp\DeleteOnReboot.bat [138 2016-11-14] () <===== ATTENTION
    C:\Users\molli\AppData\Local\Temp\DeleteOnReboot.bat
    HKU\S-1-5-21-3805500227-4192919812-1505005631-1002\...\MountPoints2: {42fc18cb-8fed-11e6-9c04-48e244826f96} - "E:\HiSuiteDownLoader.exe"
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
    U0 aswVmm; no ImagePath
    S3 dbx; system32\DRIVERS\dbx.sys [X]
    2016-03-30 14:50 - 2016-11-14 01:55 - 0591753 _____ () C:\Users\molli\AppData\Local\BTServer.log
    2016-09-28 08:25 - 2016-09-28 08:25 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
    2016-10-15 20:58 - 2016-10-15 21:11 - 0001901 _____ () C:\ProgramData\hpzinstall.log
    2016-09-28 08:26 - 2016-09-28 08:26 - 0000102 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc
    C:\Users\molli\AppData\Local\Temp\DeleteOnReboot.bat
    C:\Users\molli\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\molli\AppData\Local\Temp\libeay32.dll
    C:\Users\molli\AppData\Local\Temp\msvcr120.dll
    C:\Users\molli\AppData\Local\Temp\sqlite3.dll
    Task: {8D237260-DFE1-4AEB-9F42-B28066B3AA2E} - \AVGPCTuneUp_Task_BkGndMaintenance -> No File <==== ATTENTION

    *****************

    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\DeleteOnReboot => value removed successfully
    C:\Users\molli\AppData\Local\Temp\DeleteOnReboot.bat => moved successfully
    "HKU\S-1-5-21-3805500227-4192919812-1505005631-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{42fc18cb-8fed-11e6-9c04-48e244826f96}" => key removed successfully
    HKCR\CLSID\{42fc18cb-8fed-11e6-9c04-48e244826f96} => key not found.
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
    HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
    aswVmm => service removed successfully
    dbx => service removed successfully
    C:\Users\molli\AppData\Local\BTServer.log => moved successfully
    C:\ProgramData\DP45977C.lfl => moved successfully
    C:\ProgramData\hpzinstall.log => moved successfully
    C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc => moved successfully
    "C:\Users\molli\AppData\Local\Temp\DeleteOnReboot.bat" => not found.
    C:\Users\molli\AppData\Local\Temp\dllnt_dump.dll => moved successfully
    C:\Users\molli\AppData\Local\Temp\libeay32.dll => moved successfully
    C:\Users\molli\AppData\Local\Temp\msvcr120.dll => moved successfully
    C:\Users\molli\AppData\Local\Temp\sqlite3.dll => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8D237260-DFE1-4AEB-9F42-B28066B3AA2E}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8D237260-DFE1-4AEB-9F42-B28066B3AA2E}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVGPCTuneUp_Task_BkGndMaintenance" => key removed successfully

    ==== End of Fixlog 05:31:35 ====

  8. #23
    Join Date
    Sep 2005
    Location
    Limerick, Ireland
    Posts
    138
    Farbar Service Scanner Version: 27-01-2016
    Ran by molli (administrator) on 16-11-2016 at 21:05:48
    Running from "C:\Users\molli\Downloads"
    Microsoft Windows 10 Home (X64)
    Boot Mode: Network
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============
    SDRSVC Service is not running. Checking service configuration:
    The start type of SDRSVC service is OK.
    The ImagePath of SDRSVC service is OK.
    The ServiceDll of SDRSVC service is OK.

    VSS Service is not running. Checking service configuration:
    The start type of VSS service is OK.
    The ImagePath of VSS service is OK.


    System Restore Policy:
    ========================


    Security Center:
    ============

    wscsvc Service is not running. Checking service configuration:
    The start type of wscsvc service is OK.
    The ImagePath of wscsvc service is OK.
    The ServiceDll of wscsvc service is OK.


    Windows Update:
    ============
    wuauserv Service is not running. Checking service configuration:
    The start type of wuauserv service is set to Demand. The default start type is Auto.
    The ImagePath of wuauserv service is OK.
    The ServiceDll of wuauserv service is OK.

    BITS Service is not running. Checking service configuration:
    The start type of BITS service is set to Demand. The default start type is Auto.
    The ImagePath of BITS service is OK.
    The ServiceDll of BITS service is OK.

    EventSystem Service is not running. Checking service configuration:
    The start type of EventSystem service is OK.
    The ImagePath of EventSystem service is OK.
    The ServiceDll of EventSystem service is OK.


    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => File is digitally signed
    C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\System32\drivers\afd.sys => File is digitally signed
    C:\Windows\System32\drivers\tdx.sys => File is digitally signed
    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\System32\dnsrslvr.dll => File is digitally signed
    C:\Windows\System32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\System32\mpssvc.dll => File is digitally signed
    C:\Windows\System32\bfe.dll => File is digitally signed
    C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\System32\SDRSVC.dll => File is digitally signed
    C:\Windows\System32\vssvc.exe => File is digitally signed
    C:\Windows\System32\wscsvc.dll => File is digitally signed
    C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\System32\wuaueng.dll => File is digitally signed
    C:\Windows\System32\qmgr.dll => File is digitally signed
    C:\Windows\System32\es.dll => File is digitally signed
    C:\Windows\System32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Windows\System32\ipnathlp.dll => File is digitally signed
    C:\Windows\System32\iphlpsvc.dll => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed


    **** End of log ****

  9. #24
    Join Date
    Sep 2005
    Location
    Limerick, Ireland
    Posts
    138
    Tried to run Sophos Free Virus Removal Tool but safe mode will not allow it. I tried to log in normal mode and the issue is still happening.

  10. #25
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    OK, we didn't find much in our scans so infection is not the issue.
    However I just noticed that you're running two AV programs, Comodo and AVG.
    You can't be running two AV programs.

    To eliminate all possibilities I want you to uninstall BOTH programs.
    In case of AVG make sure you use AVG Remover: http://www.avg.com/us-en/utilities
    Comodo you can uninstall normally through Control Panel.

    When done try to start your computer normally.

  11. #26
    Join Date
    Sep 2005
    Location
    Limerick, Ireland
    Posts
    138
    I tried deleting them I was in safe mode trying to delete AVG using the program you mentioned. I caused multiple restarts and now I can not get into Safe mode. The computer now will not allow me into safe mode. I can now get to the menu that says to restart to access the safe mode menu but all it does is restart computer. Tried to restart in normal mode and still have the same issue.

  12. #27
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    I'm assuming you're using some other computer to post here?

    NOTE 1. Use another working computer to download Farbar Recovery Scan Tool and save it to USB flash drive.
    NOTE 2. Install Panda USB Vaccine, or BitDefender’s USB Immunizer on GOOD computer to protect it from any infected USB device.

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    If you are using Windows 10 If you're having problems accessing System Recovery Options create Windows 10 USB or DVD as described here: http://betanews.com/2015/07/29/how-t...-drive-or-dvd/ and boot from it.

    If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt. To access Advanced Boot Options start and shut down computer TWICE. On third start you should see Advanced Boot Options.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:

    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.



    To enter System Recovery Options by using Windows installation disc:

    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.



    On the System Recovery Options menu you will get the following options:


    • Startup Repair
    • System Restore
    • Windows Complete PC Restore
    • Windows Memory Diagnostic Tool
    • Command Prompt



    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

  13. #28
    Join Date
    Sep 2005
    Location
    Limerick, Ireland
    Posts
    138
    Sorry for taking so long. Most of my comments I can post from my phone. Will take computer to work tomorrow and try to download the files from a work PC.

  14. #29
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550

  15. #30
    Join Date
    Sep 2005
    Location
    Limerick, Ireland
    Posts
    138
    Sorry it took so long. Could not get it to work from work. So ended up calling Lenovo who then connected me to Microsoft. It turns out that the issues was the latest update was not compatible with my graphics card. Microsoft ended up having to install an older copy of Windows 10 and will have an fix in the next update. It only took them three 10 hour days of remote access to fix my computer. So you can close this request and a huge THANK YOU for all you did.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •