Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware after ending Avast license

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Malware after ending Avast license

Unread postby humanerror » January 9th, 2016, 5:45 am

Hi!

I have windows 10 in my laptop. I have used my pc without (virus or malware) problems for years until last days, when ads have started popping up whatever pages I use in Chrome (with Edge too). I had Avast Preium package for years and discontinued the subscription a while ago. I bought it back today. Thanks for your help in advance.

Best Regards
You do not have the required permissions to view the files attached to this post.
humanerror
Regular Member
 
Posts: 54
Joined: October 14th, 2008, 8:36 am
Advertisement
Register to Remove

Re: Malware after ending Avast license

Unread postby Firefly » January 9th, 2016, 10:18 am

Hi Humanerror. My name is Firefly and I will help you with your computer. I ask you to follow a few ground rules while we are taking care of your computer:

I'm an Undergraduate trainee at MalwareRemovalUniversity (MRU), and as such my posts to you have to first be checked by a Teacher, because of this my replies to your posts may be slightly delayed. Please be patient and I'm sure we'll be able to resolve your problems.

Before we begin...please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT make any changes to your system, or run any tools other than those I provided. Do not delete, fix, uninstall, or install anything unless I tell you to.
  4. Only- post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  5. Print each set of instructions...if possible...your Internet connection will not be available during some fix processes.
  6. Only- reply to this thread, do not start another ... Please, continue responding, until I give you the "All Clean". If you are in progress at another forum, please simply let me know so I can dedicate my time to others who need help.
  7. Failure to respond for 3 days, will result in your topic being closed.

Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.

Warning!
The steps presented in these posts are for this person and machine ONLY. Do not apply these steps to your own system, without the guidance of a trained malware removal helper. Doing so, may possibly damage your system, preventing it from starting.


Malware removal:
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


File Backup

For your safety and protection, I would advise backing up all your important documents, personal data files and photos as some infections may render your computer unbootable during or before the disinfection process. The safest practice is not to backup any files with the following file extensions:
exe, .scr, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.

All of the Windows systems we support have backup capabilities. These existing programs will allow you to back up your files to an external hard drive, USB drive or CD drive.

Do not back up your files to the hard drive of the computer we will be fixing. If the computer becomes unusable, your files will still be gone forever. Every photo, every document… gone. Seriously. Do this now.

Here are links to using the backup program in Windows 10: Windows 10


Finally, there will be several items to handle in each post (usually) so I will try to break them into easier to digest sections which will be demarked with Green Bold Lettering


Restore Point

First, before we do anything, we want to make sure we have made a backup of your computer's key information so that we can be sure to not make anything worse. Since you are running Windows 10, we will both make a restore point and a system backup.

To create a restore point (Win 10):
1. Search for Create a restore point from the taskbar and select it from the list of search results.
2. On the left side menu, click System Protection.
3. In the Protection Settings section, click the C: (system) drive.
4. Click the Create button.
5. Type a name for the System Restore file (The Date and Time will be added automatically). Please call it “before malware fix”

Please also do the following:

Please download tweaking.com_registry_backup_setup.exe
Choose a download site for the installer... download and save it to your desktop. Do not click on the big green button at the top - this is an advertisement. Click on one of the yellow links under the word "installer" further down on the page
Double click on the "...setup.exe" program and install the program. Let the install use the default installation. How to tutorial here.

Once the program is installed...
  1. Double click the Tweaking.com Registry Backup icon ... on your Desktop to open the program.
  2. It should open with the Backup Registry tab selected and all file options checked. Check any that are not already checked.
  3. Click on Backup Now to create a backup of your Registry.
    You'll see "Waiting for Volume Shadow Copy snapshot..." this may take a few moments, just be patient.
  4. When completed you should see a message saying something like ... Successful ??/?? Registry Files Backed Up ... ?? is total number of files, both numbers should match.
  5. Close and exit the program.

Once these are done, we can move forward with repairing the issues you are having.
User avatar
Firefly
Regular Member
 
Posts: 949
Joined: March 5th, 2014, 4:33 pm

Re: Malware after ending Avast license

Unread postby Firefly » January 9th, 2016, 10:20 am

FRST LOGS For VIEWING:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-01-2015
Ran by Vesa (administrator) on VESKUNKONE (09-01-2016 11:10:26)
Running from C:\Users\Vesa\Desktop
Loaded Profiles: Vesa (Available Profiles: UpdatusUser & Vesa)
Platform: Windows 10 Home Version 1511 (X64) Language: suomi (Suomi)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation) C:\Windows\syswow64\IntelCpHeciSvc.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Space Sciences Laboratory) C:\Program Files\BOINC\boinctray.exe
(Space Sciences Laboratory) C:\Program Files\BOINC\boincmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Flux Software LLC) C:\Users\Vesa\AppData\Local\FluxSoftware\Flux\flux.exe
() C:\Users\Vesa\AppData\Roaming\ACEStream\updater\ace_update.exe
(Spotify Ltd) C:\Users\Vesa\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(MyHeritage) C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe
() C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
(Space Sciences Laboratory) C:\Program Files\BOINC\boinc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\ProgramData\BOINC\projects\milkyway.cs.rpi.edu_milkyway\milkyway_nbody_1.54_windows_x86_64__mt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3350760 2015-07-14] (ELAN Microelectronics Corp.)
HKLM\...\Run: [boinctray] => C:\Program Files\BOINC\boinctray.exe [68928 2015-08-27] (Space Sciences Laboratory)
HKLM\...\Run: [boincmgr] => C:\Program Files\BOINC\boincmgr.exe [9016128 2015-08-27] (Space Sciences Laboratory)
HKLM-x32\...\Run: [Family Tree Builder Update] => C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe [2477056 2015-03-02] (MyHeritage)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [73216 2015-12-23] ()
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2016-01-08] (AVAST Software)
HKLM-x32\...\RunOnce: [20150107] => C:\Program Files\AVAST Software\Avast\setup\emupdate\fb3949a9-c72b-4747-9dcd-23380a5c531c.exe [168336 2016-01-09] (AVAST Software)
HKU\S-1-5-21-3322993352-708763500-3136390609-1002\...\Run: [f.lux] => C:\Users\Vesa\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-3322993352-708763500-3136390609-1002\...\Run: [AceUpdater] => C:\Users\Vesa\AppData\Roaming\ACEStream\updater\ace_update.exe [27000 2015-12-18] ()
HKU\S-1-5-21-3322993352-708763500-3136390609-1002\...\Run: [Spotify Web Helper] => C:\Users\Vesa\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2346096 2015-12-31] (Spotify Ltd)
HKU\S-1-5-21-3322993352-708763500-3136390609-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\boinc.scr [1156928 2015-08-27] (Space Sciences Laboratory)
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [177088 2015-07-13] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [155280 2015-07-13] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-01-08] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{a5f37099-a8ef-4dc0-86b3-fafeed5c193d}: [DhcpNameServer] 192.168.8.1 192.168.8.1

Internet Explorer:
==================

FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-22] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-22] (Google Inc.)
FF Plugin HKU\S-1-5-21-3322993352-708763500-3136390609-1002: @acestream.net/acestreamplugin,version=3.0.12 -> C:\Users\Vesa\AppData\Roaming\ACEStream\player\npace_plugin.dll [2015-09-24] (Innovative Digital Technologies)
FF HKU\S-1-5-21-3322993352-708763500-3136390609-1002\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\Vesa\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi
FF Extension: Ace Stream Web Extension - C:\Users\Vesa\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi [2015-12-18]

Chrome:
=======
CHR HomePage: Default -> hxxps://easywallet.org/w/U9S4G2iotEMLG4XQhAT6ny
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR NewTab: Default -> "chrome-extension://nbfhhpdigbbhgijjhhnmionhamjpggio/newtab/newtab-hp.html"
CHR Profile: C:\Users\Vesa\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google-presentaatiot) - C:\Users\Vesa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-22]
CHR Extension: (Google-dokumentit) - C:\Users\Vesa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-22]
CHR Extension: (Google Drive) - C:\Users\Vesa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-22]
CHR Extension: (YouTube) - C:\Users\Vesa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-22]
CHR Extension: (Google-haku) - C:\Users\Vesa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-22]
CHR Extension: (Google-taulukot) - C:\Users\Vesa\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-22]
CHR Extension: (Google Docsin offline-tila) - C:\Users\Vesa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-22]
CHR Extension: (Padlet Mini) - C:\Users\Vesa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcljbbiddpoeaknnjaminoceoojdbikp [2015-12-22]
CHR Extension: (My Weather) - C:\Users\Vesa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbfhhpdigbbhgijjhhnmionhamjpggio [2016-01-07]
CHR Extension: (Chrome Web Storen maksut) - C:\Users\Vesa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-22]
CHR Extension: (Instagram for Chrome) - C:\Users\Vesa\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb [2016-01-02]
CHR Extension: (Gmail) - C:\Users\Vesa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-22]
CHR HKU\S-1-5-21-3322993352-708763500-3136390609-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2016-01-08] (AVAST Software)
S2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109520 2016-01-09] (AVAST Software)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [147688 2015-07-14] (ELAN Microelectronics Corp.)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2015-12-23] (Freemake) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-10-14] (Intel Corporation)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [36504 2015-06-22] (VIA Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2016-01-08] (AVAST Software)
S1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2016-01-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2016-01-08] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [466400 2016-01-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2016-01-08] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2016-01-08] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1055560 2016-01-08] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [451040 2016-01-08] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2016-01-08] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2016-01-08] (AVAST Software)
S3 ATP; C:\Windows\System32\drivers\AsusTP.sys [62848 2012-11-20] (ASUS Corporation)
R3 ETDSMBus; C:\Windows\System32\drivers\ETDSMBus.sys [31320 2015-07-14] (ELAN Microelectronic Corp.)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 netr28x; C:\Windows\system32\DRIVERS\netr28x.sys [2554528 2015-06-12] (MediaTek Inc.)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1219200 2015-06-03] (Ralink Technology, Corp.)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [115488 2014-05-16] (Oracle Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-09 11:10 - 2016-01-09 11:10 - 00012665 _____ C:\Users\Vesa\Desktop\FRST.txt
2016-01-09 11:09 - 2016-01-09 11:10 - 00000000 ____D C:\FRST
2016-01-09 11:09 - 2016-01-09 11:09 - 02370560 _____ (Farbar) C:\Users\Vesa\Desktop\FRST64.exe
2016-01-09 11:07 - 2016-01-09 11:07 - 00003182 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1452330455
2016-01-09 11:07 - 2016-01-09 11:07 - 00001981 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Premier.lnk
2016-01-09 11:07 - 2016-01-09 11:07 - 00001969 _____ C:\Users\Public\Desktop\Avast Premier.lnk
2016-01-09 11:07 - 2016-01-09 11:07 - 00001084 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-01-09 11:07 - 2016-01-09 11:07 - 00001084 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-01-09 11:06 - 2016-01-09 11:06 - 00466400 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNdisFlt.sys
2016-01-09 11:06 - 2016-01-09 11:06 - 00028144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2016-01-09 11:06 - 2016-01-08 20:58 - 00451040 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswA9EA.tmp
2016-01-09 11:06 - 2016-01-08 20:58 - 00097648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswA9E8.tmp
2016-01-09 11:06 - 2016-01-08 20:57 - 01055560 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswA9D5.tmp
2016-01-09 11:06 - 2016-01-08 20:57 - 00386096 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2016-01-09 11:06 - 2016-01-08 20:57 - 00273784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswA9EB.tmp
2016-01-09 11:06 - 2016-01-08 20:57 - 00155304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswA9EC.tmp
2016-01-09 11:06 - 2016-01-08 20:57 - 00093528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswA9D6.tmp
2016-01-09 11:06 - 2016-01-08 20:57 - 00065224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswA9E9.tmp
2016-01-09 11:06 - 2016-01-08 20:57 - 00028656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswA9D7.tmp
2016-01-09 09:08 - 2016-01-09 09:08 - 00000000 ___HD C:\OneDriveTemp
2016-01-08 21:08 - 2016-01-09 01:33 - 00000000 ____D C:\Users\Vesa\AppData\Local\Popcorn-Time
2016-01-08 21:06 - 2016-01-08 21:06 - 00000000 ____D C:\Users\Vesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time
2016-01-08 21:05 - 2016-01-08 21:06 - 00000000 ____D C:\Users\Vesa\AppData\Local\Popcorn Time
2016-01-08 21:00 - 2016-01-08 20:58 - 00451040 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswF71C.tmp
2016-01-08 21:00 - 2016-01-08 20:58 - 00097648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswF6EB.tmp
2016-01-08 21:00 - 2016-01-08 20:57 - 01055560 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswF6C9.tmp
2016-01-08 21:00 - 2016-01-08 20:57 - 00273784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswF71D.tmp
2016-01-08 21:00 - 2016-01-08 20:57 - 00155304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswF71E.tmp
2016-01-08 21:00 - 2016-01-08 20:57 - 00093528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswF6E9.tmp
2016-01-08 21:00 - 2016-01-08 20:57 - 00065224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswF71B.tmp
2016-01-08 21:00 - 2016-01-08 20:57 - 00028656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswF6EA.tmp
2016-01-08 20:58 - 2016-01-09 11:06 - 00004006 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-01-08 20:58 - 2016-01-08 20:58 - 00451040 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2016-01-08 20:58 - 2016-01-08 20:58 - 00097648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2016-01-08 20:58 - 2016-01-08 20:58 - 00000000 ____D C:\Users\Vesa\AppData\Roaming\AVAST Software
2016-01-08 20:58 - 2016-01-08 20:57 - 01055560 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2016-01-08 20:58 - 2016-01-08 20:57 - 00450504 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys.1452279516093
2016-01-08 20:58 - 2016-01-08 20:57 - 00273784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2016-01-08 20:58 - 2016-01-08 20:57 - 00155304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2016-01-08 20:58 - 2016-01-08 20:57 - 00097648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys.1452279516093
2016-01-08 20:58 - 2016-01-08 20:57 - 00093528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2016-01-08 20:58 - 2016-01-08 20:57 - 00065224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2016-01-08 20:58 - 2016-01-08 20:57 - 00028656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2016-01-08 20:57 - 2016-01-08 20:57 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2016-01-08 20:56 - 2016-01-09 11:06 - 00000000 ____D C:\ProgramData\AVAST Software
2016-01-08 20:56 - 2016-01-09 11:06 - 00000000 ____D C:\Program Files\AVAST Software
2016-01-08 20:56 - 2016-01-08 20:56 - 05066096 _____ (AVAST Software) C:\Users\Vesa\Desktop\avast_free_antivirus_setup_online.exe
2016-01-07 12:14 - 2016-01-07 12:14 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2016-01-06 11:56 - 2016-01-06 11:56 - 00134363 _____ C:\Users\Vesa\Desktop\Lasku.pdf
2016-01-06 10:54 - 2016-01-06 10:54 - 00014543 _____ C:\Users\Vesa\Desktop\Boarding pass for VANHAELEWYN - ANNABELLE - 64R2B6.pdf
2016-01-06 10:48 - 2016-01-06 10:48 - 00000000 ____D C:\ProgramData\Brother
2016-01-06 10:47 - 2016-01-06 10:47 - 00350916 _____ C:\Users\Vesa\Desktop\tickets.pdf
2016-01-04 19:51 - 2016-01-04 19:51 - 00058519 _____ C:\Users\Vesa\Desktop\Huopalahti.pdf
2016-01-04 19:50 - 2016-01-04 19:50 - 00059067 _____ C:\Users\Vesa\Desktop\Hki-Kr_ma-pe,0.pdf
2016-01-04 19:49 - 2016-01-04 19:49 - 00059308 _____ C:\Users\Vesa\Desktop\Hki-Hpl-Len_ma-pe.pdf
2015-12-31 08:33 - 2015-12-31 15:41 - 00000000 ____D C:\Users\Vesa\AppData\Local\Spotify
2015-12-31 08:33 - 2015-12-31 08:33 - 00001847 _____ C:\Users\Vesa\Desktop\Spotify.lnk
2015-12-31 08:33 - 2015-12-31 08:33 - 00001833 _____ C:\Users\Vesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-12-31 08:33 - 2015-12-31 08:33 - 00000000 ____D C:\Users\Vesa\AppData\Local\CEF
2015-12-31 08:32 - 2015-12-31 15:41 - 00000000 ____D C:\Users\Vesa\AppData\Roaming\Spotify
2015-12-31 08:32 - 2015-12-31 08:32 - 00234712 _____ (Spotify Ltd) C:\Users\Vesa\Desktop\SpotifySetup.exe
2015-12-26 16:28 - 2015-12-26 16:28 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2015-12-26 13:43 - 2015-12-26 13:47 - 00000000 ____D C:\Users\Vesa\Documents\Freemake
2015-12-26 13:43 - 2015-12-26 13:47 - 00000000 ____D C:\ProgramData\Freemake
2015-12-26 13:43 - 2015-12-26 13:43 - 00001395 _____ C:\Users\Public\Desktop\Freemake Audio Converter.lnk
2015-12-26 13:43 - 2015-12-26 13:43 - 00000000 ____D C:\Users\Vesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2015-12-26 13:43 - 2015-12-26 13:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2015-12-26 13:42 - 2015-12-26 13:43 - 00000000 ____D C:\Program Files (x86)\Freemake
2015-12-26 12:29 - 2015-12-26 12:57 - 01267984 _____ (Ellora Assets Corporation ) C:\Users\Vesa\Desktop\FreemakeAudioConverterSetup.exe
2015-12-25 12:20 - 2015-12-25 12:20 - 00000000 ____D C:\Users\Vesa\AppData\Roaming\Macromedia
2015-12-22 16:46 - 2015-12-22 16:47 - 00000000 ____D C:\Users\Vesa\AppData\Roaming\.ACEStream
2015-12-22 16:46 - 2015-12-22 16:46 - 00002025 _____ C:\Users\Vesa\Desktop\Ace Player.lnk
2015-12-22 16:46 - 2015-12-22 16:46 - 00000000 ____D C:\Users\Vesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Stream Media
2015-12-22 16:45 - 2015-12-22 20:59 - 00000000 ____D C:\Users\Vesa\AppData\Roaming\ACEStream
2015-12-22 16:44 - 2015-12-22 16:44 - 00001062 _____ C:\Users\Vesa\Desktop\SopCast.lnk
2015-12-22 16:44 - 2015-12-22 16:44 - 00000000 ____D C:\Users\Vesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SopCast
2015-12-22 16:44 - 2015-12-22 16:44 - 00000000 ____D C:\Program Files (x86)\SopCast
2015-12-22 16:43 - 2015-12-22 16:43 - 00000000 ____D C:\Users\Vesa\Desktop\SopCast
2015-12-22 16:40 - 2015-12-22 16:40 - 00000000 ____D C:\Users\Vesa\AppData\Roaming\MyHeritage
2015-12-22 16:40 - 2015-12-22 16:40 - 00000000 ____D C:\ProgramData\MyHeritage
2015-12-22 16:39 - 2015-12-22 16:39 - 00001196 _____ C:\Users\Vesa\Desktop\MyHeritage Family Tree Builder.lnk
2015-12-22 16:39 - 2015-12-22 16:39 - 00000000 ____D C:\Users\Vesa\AppData\Roaming\The Complete Genealogy Reporter - FTB
2015-12-22 16:39 - 2015-12-22 16:39 - 00000000 ____D C:\Users\Vesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyHeritage.com
2015-12-22 16:39 - 2012-08-02 08:56 - 00606208 _____ (Lorenzi Davide) C:\WINDOWS\SysWOW64\HexUniRTFBox.ocx
2015-12-22 16:39 - 2010-06-17 19:49 - 02029056 _____ (Bytescout) C:\WINDOWS\SysWOW64\PDFDocScout.DLL
2015-12-22 16:39 - 2004-12-07 11:11 - 00258352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unicows.dll
2015-12-22 16:39 - 2003-07-06 14:07 - 00372736 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\ijl15.dll
2015-12-22 16:39 - 2002-03-07 01:19 - 00454656 _____ () C:\WINDOWS\SysWOW64\PaintX.dll
2015-12-22 16:39 - 2000-05-22 17:58 - 00608448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.ocx
2015-12-22 16:39 - 2000-03-14 00:00 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSSTDFMT.DLL
2015-12-22 16:39 - 1998-06-24 01:00 - 00137000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmapi32.ocx
2015-12-22 16:38 - 2015-12-22 16:39 - 00000000 ____D C:\Program Files (x86)\MyHeritage
2015-12-22 16:12 - 2015-12-22 16:12 - 00001276 _____ C:\Users\Public\Desktop\eLicenser Control Center.lnk
2015-12-22 16:12 - 2015-12-22 16:12 - 00000000 ____D C:\Users\Vesa\AppData\Local\eLicenser
2015-12-22 16:11 - 2015-12-22 16:11 - 34908920 _____ (Steinberg Media Technologies GmbH) C:\Users\Vesa\Downloads\eLicenserControlSetup.exe
2015-12-22 16:11 - 2015-12-22 16:11 - 00000000 ____D C:\Program Files\eLicenser
2015-12-22 15:45 - 2015-12-09 05:39 - 00301728 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-12-22 15:43 - 2015-12-22 15:44 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-12-22 15:43 - 2015-11-23 19:10 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-12-22 15:23 - 2015-12-22 15:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BOINC
2015-12-22 15:23 - 2015-12-22 15:23 - 00000000 ____D C:\Program Files\BOINC
2015-12-22 15:22 - 2015-12-22 15:22 - 00001151 _____ C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2015-12-22 15:22 - 2015-12-22 15:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2015-12-22 15:22 - 2015-12-22 15:22 - 00000000 ____D C:\Program Files\Oracle
2015-12-22 15:22 - 2014-05-16 14:04 - 00254240 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxDrv.sys
2015-12-22 15:22 - 2014-05-16 14:03 - 00128288 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxUSBMon.sys
2015-12-22 15:17 - 2015-12-22 15:21 - 95731376 _____ (Space Sciences Laboratory, U.C. Berkeley) C:\Users\Vesa\Downloads\boinc_7.6.9_windows_x86_64_vbox.exe
2015-12-22 15:02 - 2015-12-22 15:02 - 00000000 ____D C:\Users\Vesa\AppData\Roaming\NVIDIA
2015-12-22 15:02 - 2015-12-22 15:02 - 00000000 ____D C:\Users\Vesa\AppData\Roaming\BOINC
2015-12-22 15:01 - 2016-01-09 10:41 - 00000000 ____D C:\ProgramData\BOINC
2015-12-22 15:01 - 2015-12-22 15:22 - 00000000 ____D C:\WINDOWS\Downloaded Installations
2015-12-22 15:00 - 2015-12-22 15:00 - 00001034 _____ C:\Users\Public\Desktop\OpenOffice 4.1.0.lnk
2015-12-22 15:00 - 2015-12-22 15:00 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.0
2015-12-22 15:00 - 2015-12-22 15:00 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2015-12-22 14:47 - 2015-12-22 15:00 - 92394400 _____ (Space Sciences Laboratory, U.C. Berkeley) C:\Users\Vesa\Downloads\boinc_7.6.9_windows_intelx86_vbox.exe
2015-12-22 14:43 - 2015-12-22 14:46 - 136444607 _____ C:\Users\Vesa\Downloads\Apache_OpenOffice_4.1.0_Win_x86_install_fi.exe
2015-12-22 14:09 - 2015-12-22 14:09 - 00597304 _____ C:\Users\Vesa\Downloads\flux-setup.exe
2015-12-22 14:09 - 2015-12-22 14:09 - 00000000 ____D C:\Users\Vesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
2015-12-22 14:09 - 2015-12-22 14:09 - 00000000 ____D C:\Users\Vesa\AppData\Local\FluxSoftware
2015-12-22 13:51 - 2016-01-09 10:56 - 00001026 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-22 13:51 - 2016-01-09 09:08 - 00001022 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-22 13:51 - 2015-12-22 13:51 - 00004084 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-22 13:51 - 2015-12-22 13:51 - 00003852 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-22 13:51 - 2015-12-22 13:51 - 00002328 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-22 13:51 - 2015-12-22 13:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-22 13:50 - 2015-12-22 14:28 - 00000000 ____D C:\Users\Vesa\AppData\Local\Google
2015-12-22 13:50 - 2015-12-22 13:51 - 00000000 ____D C:\Program Files (x86)\Google
2015-12-22 13:50 - 2015-12-22 13:50 - 00927824 _____ (Google Inc.) C:\Users\Vesa\Downloads\ChromeSetup (1).exe
2015-12-22 13:45 - 2015-12-22 13:45 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUSB_01007.Wdf
2015-12-22 13:44 - 2015-12-22 13:49 - 00000000 ____D C:\Users\Vesa\AppData\Local\MicrosoftEdge
2015-12-22 13:41 - 2015-12-22 13:41 - 00000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-12-22 13:39 - 2015-12-22 13:39 - 00000000 __HDC C:\ProgramData\{E6BD42D3-E8A6-4469-B72F-B5256066F41F}
2015-12-22 13:39 - 2015-12-22 13:39 - 00000000 ____D C:\Users\Vesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lexicon
2015-12-22 13:39 - 2015-12-22 13:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexicon
2015-12-22 13:39 - 2015-12-22 13:39 - 00000000 ____D C:\Program Files\Lexicon
2015-12-22 13:39 - 2015-12-22 13:39 - 00000000 ____D C:\Program Files (x86)\Lexicon
2015-12-22 13:34 - 2015-12-22 13:34 - 00000000 ____D C:\ProgramData\Steinberg
2015-12-22 13:33 - 2015-12-22 13:33 - 00002246 _____ C:\Users\Vesa\Desktop\Cubase LE 5.lnk
2015-12-22 13:33 - 2015-12-22 13:33 - 00000000 ____D C:\Users\Vesa\AppData\Roaming\Steinberg
2015-12-22 13:33 - 2015-12-22 13:33 - 00000000 ____D C:\Users\Vesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steinberg Cubase LE 5
2015-12-22 13:33 - 2015-12-22 13:33 - 00000000 ____D C:\Program Files (x86)\Steinberg
2015-12-22 13:32 - 2015-12-22 13:32 - 00002892 _____ () C:\WINDOWS\SysWOW64\audcon.sys
2015-12-22 13:32 - 2015-12-22 13:32 - 00000000 ____D C:\ProgramData\Syncrosoft
2015-12-22 13:27 - 2015-12-22 16:11 - 00000049 _____ C:\WINDOWS\SysWOW64\SYNSOPOS.exe.cfg
2015-12-22 13:27 - 2015-12-22 16:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eLicenser
2015-12-22 13:27 - 2015-12-22 16:11 - 00000000 ____D C:\Program Files (x86)\eLicenser
2015-12-22 13:27 - 2015-12-22 13:32 - 00000000 ____D C:\ProgramData\eLicenser
2015-12-22 13:27 - 2015-12-22 13:27 - 00000000 ____D C:\Program Files (x86)\Syncrosoft
2015-12-22 13:27 - 2012-12-07 17:48 - 01714176 _____ (Steinberg Media Technologies GmbH) C:\WINDOWS\system32\SYNSOACC.dll
2015-12-22 13:27 - 2012-12-07 17:48 - 01277952 _____ (Steinberg Media Technologies GmbH) C:\WINDOWS\SysWOW64\SYNSOACC.dll
2015-12-22 13:27 - 2011-12-14 21:21 - 00086016 _____ C:\WINDOWS\SysWOW64\SYNSOPOS.exe
2015-12-22 13:27 - 2006-01-29 10:48 - 00147425 _____ C:\WINDOWS\SysWOW64\SYNSOACC-Aide.chm
2015-12-22 13:27 - 2006-01-29 10:48 - 00147425 _____ C:\WINDOWS\system32\SYNSOACC-Aide.chm
2015-12-22 13:27 - 2006-01-29 10:48 - 00120468 _____ C:\WINDOWS\SysWOW64\SYNSOACC-Hilfe.chm
2015-12-22 13:27 - 2006-01-29 10:48 - 00120468 _____ C:\WINDOWS\system32\SYNSOACC-Hilfe.chm
2015-12-22 13:27 - 2006-01-29 10:48 - 00114279 _____ C:\WINDOWS\SysWOW64\SYNSOACC-Help.chm
2015-12-22 13:27 - 2006-01-29 10:48 - 00114279 _____ C:\WINDOWS\system32\SYNSOACC-Help.chm
2015-12-22 13:18 - 2015-12-22 13:18 - 00002386 _____ C:\Users\Vesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-12-22 13:18 - 2015-12-22 13:18 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2015-12-22 13:17 - 2015-12-22 13:17 - 00000000 ____D C:\Users\Vesa\AppData\Local\Comms
2015-12-22 13:17 - 2015-12-22 13:17 - 00000000 ____D C:\Users\Vesa\AppData\Local\ActiveSync
2015-12-22 13:16 - 2015-12-22 13:16 - 00000000 ____D C:\Users\Vesa\AppData\Local\Publishers
2015-12-22 13:15 - 2015-12-22 13:51 - 00000000 ____D C:\Users\Vesa\AppData\Local\Packages
2015-12-22 13:15 - 2015-12-22 13:15 - 00000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-12-22 13:15 - 2015-12-22 13:15 - 00000020 ___SH C:\Users\Vesa\ntuser.ini
2015-12-22 13:15 - 2015-12-22 13:15 - 00000000 ____D C:\Users\Vesa\AppData\Roaming\Adobe
2015-12-22 13:15 - 2015-12-22 13:15 - 00000000 ____D C:\Users\Vesa\AppData\Local\VirtualStore
2015-12-22 13:15 - 2015-12-22 13:15 - 00000000 ____D C:\Users\Vesa\AppData\Local\TileDataLayer
2015-12-22 13:10 - 2016-01-08 14:47 - 01383594 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-22 13:10 - 2015-12-22 13:10 - 00000000 _SHDL C:\Users\Default\Verkkoympäristö
2015-12-22 13:10 - 2015-12-22 13:10 - 00000000 _SHDL C:\Users\Default\Tulostinympäristö
2015-12-22 13:10 - 2015-12-22 13:10 - 00000000 _SHDL C:\Users\Default\Omat tiedostot
2015-12-22 13:10 - 2015-12-22 13:10 - 00000000 _SHDL C:\Users\Default\Mallit
2015-12-22 13:10 - 2015-12-22 13:10 - 00000000 _SHDL C:\Users\Default\Käynnistä-valikko
2015-12-22 13:10 - 2015-12-22 13:10 - 00000000 _SHDL C:\Users\Default\Documents\Omat videotiedostot
2015-12-22 13:10 - 2015-12-22 13:10 - 00000000 _SHDL C:\Users\Default\Documents\Omat musiikkitiedostot
2015-12-22 13:10 - 2015-12-22 13:10 - 00000000 _SHDL C:\Users\Default\Documents\Omat kuvatiedostot
2015-12-22 13:10 - 2015-12-22 13:10 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Ohjelmat
2015-12-22 13:10 - 2015-12-22 13:10 - 00000000 _SHDL C:\Users\Default User\Documents\Omat videotiedostot
2015-12-22 13:10 - 2015-12-22 13:10 - 00000000 _SHDL C:\Users\Default User\Documents\Omat musiikkitiedostot
2015-12-22 13:10 - 2015-12-22 13:10 - 00000000 _SHDL C:\Users\Default User\Documents\Omat kuvatiedostot
2015-12-22 13:10 - 2015-12-22 13:10 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Ohjelmat
2015-12-22 13:10 - 2015-12-22 13:10 - 00000000 _SHDL C:\Users\Default User
2015-12-22 13:10 - 2015-12-22 13:10 - 00000000 _SHDL C:\Users\All Users
2015-12-22 13:10 - 2015-12-22 13:10 - 00000000 _SHDL C:\ProgramData\Työpöytä
2015-12-22 13:10 - 2015-12-22 13:10 - 00000000 _SHDL C:\ProgramData\Tiedostot
2015-12-22 13:10 - 2015-12-22 13:10 - 00000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\Ohjelmat
2015-12-22 13:10 - 2015-12-22 13:10 - 00000000 _SHDL C:\ProgramData\Mallit
2015-12-22 13:10 - 2015-12-22 13:10 - 00000000 _SHDL C:\ProgramData\Käynnistä-valikko
2015-12-22 13:10 - 2015-12-22 13:10 - 00000000 _SHDL C:\Program Files\Common Files\Järjestelmä
2015-12-22 13:07 - 2015-12-22 13:15 - 00000000 ____D C:\Users\Vesa
2015-12-22 13:07 - 2015-12-22 13:08 - 00000000 ____D C:\Users\UpdatusUser
2015-12-22 13:07 - 2015-12-22 13:07 - 00000000 _SHDL C:\Users\Vesa\Verkkoympäristö
2015-12-22 13:07 - 2015-12-22 13:07 - 00000000 _SHDL C:\Users\Vesa\Tulostinympäristö
2015-12-22 13:07 - 2015-12-22 13:07 - 00000000 _SHDL C:\Users\Vesa\Omat tiedostot
2015-12-22 13:07 - 2015-12-22 13:07 - 00000000 _SHDL C:\Users\Vesa\Mallit
2015-12-22 13:07 - 2015-12-22 13:07 - 00000000 _SHDL C:\Users\Vesa\Käynnistä-valikko
2015-12-22 13:07 - 2015-12-22 13:07 - 00000000 _SHDL C:\Users\Vesa\Documents\Omat videotiedostot
2015-12-22 13:07 - 2015-12-22 13:07 - 00000000 _SHDL C:\Users\Vesa\Documents\Omat musiikkitiedostot
2015-12-22 13:07 - 2015-12-22 13:07 - 00000000 _SHDL C:\Users\Vesa\Documents\Omat kuvatiedostot
2015-12-22 13:07 - 2015-12-22 13:07 - 00000000 _SHDL C:\Users\Vesa\AppData\Roaming\Microsoft\Windows\Start Menu\Ohjelmat
2015-12-22 13:07 - 2015-12-22 13:07 - 00000000 _SHDL C:\Users\UpdatusUser\Verkkoympäristö
2015-12-22 13:07 - 2015-12-22 13:07 - 00000000 _SHDL C:\Users\UpdatusUser\Tulostinympäristö
2015-12-22 13:07 - 2015-12-22 13:07 - 00000000 _SHDL C:\Users\UpdatusUser\Omat tiedostot
2015-12-22 13:07 - 2015-12-22 13:07 - 00000000 _SHDL C:\Users\UpdatusUser\Mallit
2015-12-22 13:07 - 2015-12-22 13:07 - 00000000 _SHDL C:\Users\UpdatusUser\Käynnistä-valikko
2015-12-22 13:07 - 2015-12-22 13:07 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Omat videotiedostot
2015-12-22 13:07 - 2015-12-22 13:07 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Omat musiikkitiedostot
2015-12-22 13:07 - 2015-12-22 13:07 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Omat kuvatiedostot
2015-12-22 13:07 - 2015-12-22 13:07 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Ohjelmat
2015-12-22 13:00 - 2015-12-22 13:00 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_ETD_01009.Wdf
2015-12-22 13:00 - 2015-12-22 13:00 - 00000000 ____D C:\WINDOWS\SysWOW64\NV
2015-12-22 13:00 - 2015-12-22 13:00 - 00000000 ____D C:\WINDOWS\system32\NV
2015-12-22 13:00 - 2015-12-22 13:00 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-12-22 13:00 - 2015-12-22 13:00 - 00000000 ____D C:\ProgramData\NVIDIA
2015-12-22 13:00 - 2015-07-13 19:37 - 06873744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-12-22 13:00 - 2015-07-13 19:37 - 03493008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-12-22 13:00 - 2015-07-13 19:37 - 02558792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-12-22 13:00 - 2015-07-13 19:37 - 01059984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2015-12-22 13:00 - 2015-07-13 19:37 - 00937616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-12-22 13:00 - 2015-07-13 19:37 - 00385168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-12-22 13:00 - 2015-07-13 19:37 - 00075080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2015-12-22 13:00 - 2015-07-13 19:37 - 00062792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-12-22 13:00 - 2015-07-13 18:28 - 05096627 _____ C:\WINDOWS\system32\nvcoproc.bin
2015-12-22 12:59 - 2015-12-22 13:00 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-12-22 12:59 - 2015-12-22 12:59 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
2015-12-22 12:59 - 2015-12-22 12:59 - 00000000 ____D C:\ProgramData\USOShared
2015-12-22 12:59 - 2015-12-22 12:59 - 00000000 ____D C:\Program Files\VIA
2015-12-22 12:59 - 2015-12-22 12:59 - 00000000 ____D C:\Program Files\Intel
2015-12-22 12:59 - 2015-12-22 12:59 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-12-22 12:59 - 2015-10-14 12:20 - 00072704 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2015-12-22 12:59 - 2015-10-14 12:20 - 00069120 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2015-12-22 12:56 - 2015-10-30 09:17 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2015-12-22 12:54 - 2016-01-08 11:23 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-22 12:53 - 2015-12-22 16:25 - 00215232 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-22 12:53 - 2015-12-22 12:53 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2015-12-22 12:51 - 2015-12-25 10:58 - 00000000 ____D C:\Windows.old
2015-12-22 12:51 - 2015-12-22 13:10 - 00000000 ___DC C:\WINDOWS\Panther
2015-12-22 12:51 - 2015-12-22 12:51 - 00000000 ____D C:\WINDOWS\InfusedApps
2015-12-22 12:47 - 2015-12-22 12:47 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2015-12-22 12:46 - 2015-12-22 12:46 - 00000000 ____D C:\Program Files\Elantech
2015-12-22 12:45 - 2015-12-22 12:45 - 00000000 ____D C:\WINDOWS\Setup
2015-12-22 12:44 - 2016-01-08 14:47 - 00436440 _____ C:\WINDOWS\system32\perfh00B.dat
2015-12-22 12:44 - 2016-01-08 14:47 - 00081592 _____ C:\WINDOWS\system32\perfc00B.dat
2015-12-22 12:44 - 2015-12-22 12:44 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2015-12-22 12:44 - 2015-12-22 12:44 - 00000000 ____D C:\WINDOWS\OCR
2015-12-22 12:44 - 2015-12-22 12:44 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-12-22 12:44 - 2015-12-22 12:44 - 00000000 ____D C:\Program Files\MSBuild
2015-12-22 12:44 - 2015-12-22 12:44 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2015-12-22 12:44 - 2015-12-22 12:44 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-12-22 12:44 - 2015-12-22 12:43 - 00287002 _____ C:\WINDOWS\system32\perfi00B.dat
2015-12-22 12:44 - 2015-12-22 12:43 - 00040770 _____ C:\WINDOWS\system32\perfd00B.dat
2015-12-22 12:43 - 2015-12-22 12:43 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2015-12-22 12:43 - 2015-12-22 12:43 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2015-12-22 12:43 - 2015-12-22 12:43 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2015-12-22 12:43 - 2015-12-22 12:43 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2015-12-22 12:43 - 2015-12-22 12:43 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2015-12-22 12:43 - 2015-12-22 12:43 - 00000000 ____D C:\WINDOWS\SysWOW64\fi
2015-12-22 12:43 - 2015-12-22 12:43 - 00000000 ____D C:\WINDOWS\SysWOW64\0409
2015-12-22 12:43 - 2015-12-22 12:43 - 00000000 ____D C:\WINDOWS\system32\winrm
2015-12-22 12:43 - 2015-12-22 12:43 - 00000000 ____D C:\WINDOWS\system32\WCN
2015-12-22 12:43 - 2015-12-22 12:43 - 00000000 ____D C:\WINDOWS\system32\slmgr
2015-12-22 12:43 - 2015-12-22 12:43 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2015-12-22 12:43 - 2015-12-22 12:43 - 00000000 ____D C:\WINDOWS\system32\fi
2015-12-22 12:43 - 2015-12-22 12:43 - 00000000 ____D C:\WINDOWS\system32\0409
2015-12-22 12:43 - 2015-12-22 12:43 - 00000000 ____D C:\WINDOWS\DigitalLocker
2015-12-22 12:40 - 2016-01-03 03:40 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-12-22 12:40 - 2016-01-03 03:40 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-22 12:39 - 2016-01-09 11:10 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-22 12:39 - 2016-01-09 09:12 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-22 12:39 - 2015-12-27 11:19 - 00000000 ____D C:\WINDOWS\rescache
2015-12-22 12:39 - 2015-12-23 09:34 - 00000000 ____D C:\WINDOWS\appcompat
2015-12-22 12:39 - 2015-12-22 16:23 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2015-12-22 12:39 - 2015-12-22 16:23 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-12-22 12:39 - 2015-12-22 16:23 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-12-22 12:39 - 2015-12-22 16:23 - 00000000 ____D C:\WINDOWS\system32\Dism
2015-12-22 12:39 - 2015-12-22 16:23 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-12-22 12:39 - 2015-12-22 16:22 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2015-12-22 12:39 - 2015-12-22 16:22 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-12-22 12:39 - 2015-12-22 16:22 - 00000000 ____D C:\WINDOWS\Provisioning
2015-12-22 12:39 - 2015-12-22 16:22 - 00000000 ____D C:\WINDOWS\bcastdvr
2015-12-22 12:39 - 2015-12-22 14:46 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-12-22 12:39 - 2015-12-22 13:33 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2015-12-22 12:39 - 2015-12-22 13:15 - 00000000 ___RD C:\WINDOWS\PrintDialog
2015-12-22 12:39 - 2015-12-22 13:15 - 00000000 ___RD C:\WINDOWS\MiracastView
2015-12-22 12:39 - 2015-12-22 13:10 - 00000000 ____D C:\Program Files\Windows NT
2015-12-22 12:39 - 2015-12-22 13:09 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2015-12-22 12:39 - 2015-12-22 13:08 - 00000000 __RHD C:\Users\Public\Libraries
2015-12-22 12:39 - 2015-12-22 13:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-12-22 12:39 - 2015-12-22 13:04 - 00000000 ____D C:\WINDOWS\system32\spool
2015-12-22 12:39 - 2015-12-22 13:04 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2015-12-22 12:39 - 2015-12-22 13:00 - 00000000 ____D C:\WINDOWS\Help
2015-12-22 12:39 - 2015-12-22 12:51 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2015-12-22 12:39 - 2015-12-22 12:44 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2015-12-22 12:39 - 2015-12-22 12:44 - 00000000 ____D C:\WINDOWS\system32\MUI
2015-12-22 12:39 - 2015-12-22 12:43 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2015-12-22 12:39 - 2015-12-22 12:43 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2015-12-22 12:39 - 2015-12-22 12:43 - 00000000 ___SD C:\WINDOWS\system32\F12
2015-12-22 12:39 - 2015-12-22 12:43 - 00000000 ___SD C:\WINDOWS\system32\dsc
2015-12-22 12:39 - 2015-12-22 12:43 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2015-12-22 12:39 - 2015-12-22 12:43 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2015-12-22 12:39 - 2015-12-22 12:43 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2015-12-22 12:39 - 2015-12-22 12:43 - 00000000 ____D C:\WINDOWS\SysWOW64\Com
2015-12-22 12:39 - 2015-12-22 12:43 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-12-22 12:39 - 2015-12-22 12:43 - 00000000 ____D C:\WINDOWS\system32\setup
2015-12-22 12:39 - 2015-12-22 12:43 - 00000000 ____D C:\WINDOWS\system32\migwiz
2015-12-22 12:39 - 2015-12-22 12:43 - 00000000 ____D C:\WINDOWS\system32\Com
2015-12-22 12:39 - 2015-12-22 12:43 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-12-22 12:39 - 2015-12-22 12:43 - 00000000 ____D C:\WINDOWS\IME
2015-12-22 12:39 - 2015-12-22 12:43 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2015-12-22 12:39 - 2015-12-22 12:43 - 00000000 ____D C:\Program Files\Windows Journal
2015-12-22 12:39 - 2015-12-22 12:43 - 00000000 ____D C:\Program Files\Windows Defender
2015-12-22 12:39 - 2015-12-22 12:43 - 00000000 ____D C:\Program Files\Common Files\System
2015-12-22 12:39 - 2015-12-22 12:43 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2015-12-22 12:39 - 2015-12-22 12:43 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 __SHD C:\Program Files\Windows Sidebar
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 __RSD C:\WINDOWS\Media
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ___SD C:\WINDOWS\SysWOW64\Nui
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ___SD C:\WINDOWS\system32\Nui
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ___SD C:\WINDOWS\system32\Configuration
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ___RD C:\WINDOWS\Offline Web Pages
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ___RD C:\WINDOWS\DesktopTileResources
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\Vss
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\Web
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\tracing
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\TAPI
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\SysWOW64\SMI
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\SysWOW64\ras
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\SysWOW64\NDF
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\SysWOW64\MsDtc
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\SysWOW64\icsxml
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\SysWOW64\downlevel
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\SystemResources
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\SystemApps
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\system32\WinMetadata
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\system32\winevt
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\system32\ras
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\system32\ProximityToast
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\system32\PointOfService
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\system32\MsDtc
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\system32\Macromed
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\system32\Ipmi
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\system32\IME
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\system32\icsxml
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\system32\ias
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\system32\GroupPolicyUsers
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\system32\downlevel
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\system32\config\Journal
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\system32\Bthprops
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\system32\AppLocker
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\System
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\SKB
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\ShellNew
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\security
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\schemas
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\SchCache
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\Resources
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\Registration
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\PLA
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\Performance
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\ModemLogs
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\L2Schemas
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\InputMethod
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\Globalization
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\Cursors
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\Branding
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\addins
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\ProgramData\USOPrivate
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\ProgramData\Comms
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\Program Files\Windows Portable Devices
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\Program Files\Common Files\Services
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\Program Files (x86)\Windows NT
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2015-12-22 12:39 - 2015-12-22 12:36 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2015-12-22 12:39 - 2015-12-22 12:36 - 00215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
2015-12-22 12:39 - 2015-12-22 12:36 - 00215943 _____ C:\WINDOWS\system32\dssec.dat
2015-12-22 12:39 - 2015-12-22 12:36 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2015-12-22 12:39 - 2015-12-22 12:36 - 00017463 _____ C:\WINDOWS\system32\Drivers\etc\services
2015-12-22 12:39 - 2015-12-22 12:36 - 00015462 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2015-12-22 12:39 - 2015-12-22 12:36 - 00008798 _____ C:\WINDOWS\SysWOW64\icrav03.rat
2015-12-22 12:39 - 2015-12-22 12:36 - 00008798 _____ C:\WINDOWS\system32\icrav03.rat
2015-12-22 12:39 - 2015-12-22 12:36 - 00003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
2015-12-22 12:39 - 2015-12-22 12:36 - 00001988 _____ C:\WINDOWS\SysWOW64\ticrf.rat
2015-12-22 12:39 - 2015-12-22 12:36 - 00001988 _____ C:\WINDOWS\system32\ticrf.rat
2015-12-22 12:39 - 2015-12-22 12:36 - 00001358 _____ C:\WINDOWS\system32\Drivers\etc\protocol
2015-12-22 12:39 - 2015-12-22 12:36 - 00000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2015-12-22 12:39 - 2015-12-22 12:36 - 00000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
2015-12-22 12:39 - 2015-12-22 12:36 - 00000741 _____ C:\WINDOWS\system32\NOISE.DAT
2015-12-22 12:39 - 2015-12-22 12:36 - 00000407 _____ C:\WINDOWS\system32\Drivers\etc\networks
2015-12-22 12:39 - 2015-12-22 12:36 - 00000389 _____ C:\WINDOWS\system32\AutoWorkplace.exe.config
2015-12-22 12:39 - 2015-12-22 12:36 - 00000219 _____ C:\WINDOWS\system.ini
2015-12-22 12:39 - 2015-12-22 12:36 - 00000092 _____ C:\WINDOWS\win.ini
2015-12-22 12:37 - 2016-01-09 11:07 - 00000000 ____D C:\WINDOWS\INF
2015-12-22 12:31 - 2016-01-05 21:39 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-12-22 12:25 - 2015-10-30 08:33 - 00000164 _____ C:\WINDOWS\system32\config\FP
2015-12-22 12:24 - 2016-01-08 11:22 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-12-22 12:24 - 2015-12-22 12:59 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-12-22 12:24 - 2015-12-22 12:43 - 00000000 ____D C:\WINDOWS\servicing
2015-12-22 12:24 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\system32\SMI
2015-12-21 17:35 - 2015-12-07 06:07 - 16984064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-12-21 17:35 - 2015-12-07 05:58 - 24601600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-21 17:35 - 2015-12-07 05:53 - 19339264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-12-21 17:35 - 2015-11-24 09:35 - 22393856 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-12-21 17:35 - 2015-11-24 09:23 - 13381120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-12-21 17:35 - 2015-11-24 09:11 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-12-21 17:35 - 2015-11-24 09:08 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-12-21 17:35 - 2015-11-22 11:27 - 03993600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2015-12-21 17:34 - 2015-12-07 06:57 - 00973664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-12-21 17:34 - 2015-12-07 06:55 - 01281376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-12-21 17:34 - 2015-12-07 06:49 - 00412512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2015-12-21 17:34 - 2015-12-07 06:48 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-12-21 17:34 - 2015-12-07 06:48 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-12-21 17:34 - 2015-12-07 06:48 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2015-12-21 17:34 - 2015-12-07 06:48 - 01155944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2015-12-21 17:34 - 2015-12-07 06:48 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2015-12-21 17:34 - 2015-12-07 06:48 - 01092456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-12-21 17:34 - 2015-12-07 06:48 - 01065080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-12-21 17:34 - 2015-12-07 06:48 - 01020096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2015-12-21 17:34 - 2015-12-07 06:48 - 00983464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2015-12-21 17:34 - 2015-12-07 06:48 - 00884256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2015-12-21 17:34 - 2015-12-07 06:48 - 00823264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2015-12-21 17:34 - 2015-12-07 06:48 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2015-12-21 17:34 - 2015-12-07 06:48 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2015-12-21 17:34 - 2015-12-07 06:48 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2015-12-21 17:34 - 2015-12-07 06:48 - 00526856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2015-12-21 17:34 - 2015-12-07 06:48 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2015-12-21 17:34 - 2015-12-07 06:48 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2015-12-21 17:34 - 2015-12-07 06:48 - 00462760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2015-12-21 17:34 - 2015-12-07 06:48 - 00450904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2015-12-21 17:34 - 2015-12-07 06:48 - 00337840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2015-12-21 17:34 - 2015-12-07 06:48 - 00289248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2015-12-21 17:34 - 2015-12-07 06:48 - 00245848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2015-12-21 17:34 - 2015-12-07 06:48 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2015-12-21 17:34 - 2015-12-07 06:48 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2015-12-21 17:34 - 2015-12-07 06:47 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-12-21 17:34 - 2015-12-07 06:47 - 00898184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2015-12-21 17:34 - 2015-12-07 06:47 - 00716928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2015-12-21 17:34 - 2015-12-07 06:47 - 00116720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2015-12-21 17:34 - 2015-12-07 06:46 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-21 17:34 - 2015-12-07 06:46 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-12-21 17:34 - 2015-12-07 06:45 - 00264544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2015-12-21 17:34 - 2015-12-07 06:15 - 01035776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2015-12-21 17:34 - 2015-12-07 06:15 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.XboxLive.ProxyStub.dll
2015-12-21 17:34 - 2015-12-07 06:10 - 00824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2015-12-21 17:34 - 2015-12-07 06:09 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2015-12-21 17:34 - 2015-12-07 06:09 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2015-12-21 17:34 - 2015-12-07 06:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2015-12-21 17:34 - 2015-12-07 06:07 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2015-12-21 17:34 - 2015-12-07 06:07 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2015-12-21 17:34 - 2015-12-07 06:06 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2015-12-21 17:34 - 2015-12-07 06:06 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2015-12-21 17:34 - 2015-12-07 06:06 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-12-21 17:34 - 2015-12-07 06:05 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-12-21 17:34 - 2015-12-07 06:05 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\BackgroundTransferHost.exe
2015-12-21 17:34 - 2015-12-07 06:04 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2015-12-21 17:34 - 2015-12-07 06:04 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2015-12-21 17:34 - 2015-12-07 06:03 - 13017600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-12-21 17:34 - 2015-12-07 06:02 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2015-12-21 17:34 - 2015-12-07 06:02 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2015-12-21 17:34 - 2015-12-07 06:01 - 00543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-12-21 17:34 - 2015-12-07 06:01 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe
2015-12-21 17:34 - 2015-12-07 06:00 - 00618496 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2015-12-21 17:34 - 2015-12-07 06:00 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2015-12-21 17:34 - 2015-12-07 06:00 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-12-21 17:34 - 2015-12-07 06:00 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2015-12-21 17:34 - 2015-12-07 05:59 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-12-21 17:34 - 2015-12-07 05:59 - 00292352 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-12-21 17:34 - 2015-12-07 05:59 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2015-12-21 17:34 - 2015-12-07 05:59 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2015-12-21 17:34 - 2015-12-07 05:58 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-12-21 17:34 - 2015-12-07 05:57 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2015-12-21 17:34 - 2015-12-07 05:57 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2015-12-21 17:34 - 2015-12-07 05:57 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2015-12-21 17:34 - 2015-12-07 05:56 - 00607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-12-21 17:34 - 2015-12-07 05:56 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2015-12-21 17:34 - 2015-12-07 05:55 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2015-12-21 17:34 - 2015-12-07 05:55 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2015-12-21 17:34 - 2015-12-07 05:54 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2015-12-21 17:34 - 2015-12-07 05:54 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2015-12-21 17:34 - 2015-12-07 05:53 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2015-12-21 17:34 - 2015-12-07 05:51 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-12-21 17:34 - 2015-12-07 05:51 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2015-12-21 17:34 - 2015-12-07 05:50 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2015-12-21 17:34 - 2015-12-07 05:49 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2015-12-21 17:34 - 2015-12-07 05:48 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2015-12-21 17:34 - 2015-12-07 05:47 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-12-21 17:34 - 2015-12-07 05:45 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-12-21 17:34 - 2015-12-07 05:45 - 00900608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2015-12-21 17:34 - 2015-12-07 05:45 - 00683008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2015-12-21 17:34 - 2015-12-07 05:44 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-12-21 17:34 - 2015-12-07 05:43 - 02598400 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-12-21 17:34 - 2015-12-07 05:43 - 00931328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL
2015-12-21 17:34 - 2015-12-07 05:41 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-12-21 17:34 - 2015-12-07 05:40 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-12-21 17:34 - 2015-12-07 05:40 - 01995776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2015-12-21 17:34 - 2015-12-07 05:40 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2015-12-21 17:34 - 2015-12-07 05:39 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-12-21 17:34 - 2015-12-07 05:38 - 00871936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
2015-12-21 17:34 - 2015-12-07 05:33 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2015-12-21 17:34 - 2015-12-07 05:32 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
2015-12-21 17:34 - 2015-12-01 09:12 - 02152800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2015-12-21 17:34 - 2015-11-24 14:07 - 01817160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-12-21 17:34 - 2015-11-24 13:06 - 01540768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-12-21 17:34 - 2015-11-24 12:26 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-12-21 17:34 - 2015-11-24 12:01 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2015-12-21 17:34 - 2015-11-24 11:54 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\readingviewresources.dll
2015-12-21 17:34 - 2015-11-24 11:53 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-12-21 17:34 - 2015-11-24 11:45 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshrm.dll
2015-12-21 17:34 - 2015-11-24 11:37 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2015-12-21 17:34 - 2015-11-24 11:26 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2015-12-21 17:34 - 2015-11-24 11:19 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2015-12-21 17:34 - 2015-11-24 11:12 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2015-12-21 17:34 - 2015-11-24 10:58 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-12-21 17:34 - 2015-11-24 10:55 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-12-21 17:34 - 2015-11-24 10:54 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2015-12-21 17:34 - 2015-11-24 10:52 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2015-12-21 17:34 - 2015-11-24 10:49 - 01648640 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2015-12-21 17:34 - 2015-11-24 10:14 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2015-12-21 17:34 - 2015-11-24 10:03 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-12-21 17:34 - 2015-11-24 09:59 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2015-12-21 17:34 - 2015-11-24 09:57 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2015-12-21 17:34 - 2015-11-24 09:29 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-12-21 17:34 - 2015-11-24 09:04 - 02155008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-12-21 17:34 - 2015-11-22 12:47 - 07476576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-12-21 17:34 - 2015-11-22 12:47 - 02653816 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-21 17:34 - 2015-11-22 12:41 - 01859448 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-12-21 17:34 - 2015-11-22 12:41 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-12-21 17:34 - 2015-11-22 12:35 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2015-12-21 17:34 - 2015-11-22 12:34 - 00080600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwapi.dll
2015-12-21 17:34 - 2015-11-22 12:33 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2015-12-21 17:34 - 2015-11-22 12:33 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2015-12-21 17:34 - 2015-11-22 12:33 - 00051680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsUtilsV2.dll
2015-12-21 17:34 - 2015-11-22 12:30 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-12-21 17:34 - 2015-11-22 12:30 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-12-21 17:34 - 2015-11-22 12:26 - 00431232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2015-12-21 17:34 - 2015-11-22 12:25 - 00063528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wwapi.dll
2015-12-21 17:34 - 2015-11-22 12:24 - 02772584 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2015-12-21 17:34 - 2015-11-22 12:20 - 00795840 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-12-21 17:34 - 2015-11-22 12:19 - 00440160 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-12-21 17:34 - 2015-11-22 12:14 - 02185840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2015-12-21 17:34 - 2015-11-22 12:00 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2015-12-21 17:34 - 2015-11-22 12:00 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosResource.dll
2015-12-21 17:34 - 2015-11-22 11:57 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MapControls.dll
2015-12-21 17:34 - 2015-11-22 11:57 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCoreRes.dll
2015-12-21 17:34 - 2015-11-22 11:57 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosTrace.dll
2015-12-21 17:34 - 2015-11-22 11:57 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosHost.dll
2015-12-21 17:34 - 2015-11-22 11:56 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2015-12-21 17:34 - 2015-11-22 11:56 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2015-12-21 17:34 - 2015-11-22 11:56 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ihvrilproxy.dll
2015-12-21 17:34 - 2015-11-22 11:56 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\rilproxy.dll
2015-12-21 17:34 - 2015-11-22 11:55 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManagerProxy.dll
2015-12-21 17:34 - 2015-11-22 11:55 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll
2015-12-21 17:34 - 2015-11-22 11:54 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ETWCoreUIComponentsResources.dll
2015-12-21 17:34 - 2015-11-22 11:54 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\capimg.sys
2015-12-21 17:34 - 2015-11-22 11:54 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2015-12-21 17:34 - 2015-11-22 11:54 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2015-12-21 17:34 - 2015-11-22 11:54 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsplib.dll
2015-12-21 17:34 - 2015-11-22 11:54 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-12-21 17:34 - 2015-11-22 11:54 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2015-12-21 17:34 - 2015-11-22 11:54 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll
2015-12-21 17:34 - 2015-11-22 11:54 - 00003072 ____N (Microsoft Corporation) C:\WINDOWS\system32\MapControlStringsRes.dll
2015-12-21 17:34 - 2015-11-22 11:52 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2015-12-21 17:34 - 2015-11-22 11:52 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
2015-12-21 17:34 - 2015-11-22 11:52 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2015-12-21 17:34 - 2015-11-22 11:52 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2015-12-21 17:34 - 2015-11-22 11:51 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2015-12-21 17:34 - 2015-11-22 11:51 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2015-12-21 17:34 - 2015-11-22 11:51 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2015-12-21 17:34 - 2015-11-22 11:51 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll
2015-12-21 17:34 - 2015-11-22 11:51 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2015-12-21 17:34 - 2015-11-22 11:50 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssign32.dll
2015-12-21 17:34 - 2015-11-22 11:49 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2015-12-21 17:34 - 2015-11-22 11:49 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2015-12-21 17:34 - 2015-11-22 11:49 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wwanpref.dll
2015-12-21 17:34 - 2015-11-22 11:48 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosResource.dll
2015-12-21 17:34 - 2015-11-22 11:46 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2015-12-21 17:34 - 2015-11-22 11:45 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2015-12-21 17:34 - 2015-11-22 11:45 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-12-21 17:34 - 2015-11-22 11:45 - 00264192 _____ (Nokia) C:\WINDOWS\system32\NmaDirect.dll
2015-12-21 17:34 - 2015-11-22 11:45 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-12-21 17:34 - 2015-11-22 11:45 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MapControls.dll
2015-12-21 17:34 - 2015-11-22 11:45 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll
2015-12-21 17:34 - 2015-11-22 11:45 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCoreRes.dll
2015-12-21 17:34 - 2015-11-22 11:45 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosTrace.dll
2015-12-21 17:34 - 2015-11-22 11:45 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosHost.dll
2015-12-21 17:34 - 2015-11-22 11:44 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2015-12-21 17:34 - 2015-11-22 11:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2015-12-21 17:34 - 2015-11-22 11:43 - 00704000 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
2015-12-21 17:34 - 2015-11-22 11:43 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-12-21 17:34 - 2015-11-22 11:43 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2015-12-21 17:34 - 2015-11-22 11:43 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthManagerProxy.dll
2015-12-21 17:34 - 2015-11-22 11:42 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-12-21 17:34 - 2015-11-22 11:42 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2015-12-21 17:34 - 2015-11-22 11:42 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ETWCoreUIComponentsResources.dll
2015-12-21 17:34 - 2015-11-22 11:42 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2015-12-21 17:34 - 2015-11-22 11:42 - 00003072 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlStringsRes.dll
2015-12-21 17:34 - 2015-11-22 11:41 - 01814528 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2015-12-21 17:34 - 2015-11-22 11:41 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2015-12-21 17:34 - 2015-11-22 11:40 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2015-12-21 17:34 - 2015-11-22 11:40 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2015-12-21 17:34 - 2015-11-22 11:40 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2015-12-21 17:34 - 2015-11-22 11:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
2015-12-21 17:34 - 2015-11-22 11:39 - 02126848 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-12-21 17:34 - 2015-11-22 11:39 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2015-12-21 17:34 - 2015-11-22 11:39 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2015-12-21 17:34 - 2015-11-22 11:39 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-12-21 17:34 - 2015-11-22 11:39 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2015-12-21 17:34 - 2015-11-22 11:39 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-12-21 17:34 - 2015-11-22 11:39 - 00783360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-12-21 17:34 - 2015-11-22 11:39 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2015-12-21 17:34 - 2015-11-22 11:39 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2015-12-21 17:34 - 2015-11-22 11:39 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2015-12-21 17:34 - 2015-11-22 11:39 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2015-12-21 17:34 - 2015-11-22 11:38 - 01223168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-12-21 17:34 - 2015-11-22 11:38 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-12-21 17:34 - 2015-11-22 11:38 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-12-21 17:34 - 2015-11-22 11:38 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2015-12-21 17:34 - 2015-11-22 11:38 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssign32.dll
2015-12-21 17:34 - 2015-11-22 11:37 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2015-12-21 17:34 - 2015-11-22 11:37 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-12-21 17:34 - 2015-11-22 11:37 - 00515584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2015-12-21 17:34 - 2015-11-22 11:36 - 01042432 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2015-12-21 17:34 - 2015-11-22 11:34 - 02843136 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2015-12-21 17:34 - 2015-11-22 11:34 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2015-12-21 17:34 - 2015-11-22 11:34 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2015-12-21 17:34 - 2015-11-22 11:34 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2015-12-21 17:34 - 2015-11-22 11:34 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2015-12-21 17:34 - 2015-11-22 11:34 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2015-12-21 17:34 - 2015-11-22 11:33 - 00205824 _____ (Nokia) C:\WINDOWS\SysWOW64\NmaDirect.dll
2015-12-21 17:34 - 2015-11-22 11:32 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2015-12-21 17:34 - 2015-11-22 11:32 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-12-21 17:34 - 2015-11-22 11:31 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2015-12-21 17:34 - 2015-11-22 11:31 - 00470528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-12-21 17:34 - 2015-11-22 11:31 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2015-12-21 17:34 - 2015-11-22 11:29 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2015-12-21 17:34 - 2015-11-22 11:28 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-12-21 17:34 - 2015-11-22 11:28 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2015-12-21 17:34 - 2015-11-22 11:28 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-12-21 17:34 - 2015-11-22 11:28 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2015-12-21 17:34 - 2015-11-22 11:28 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2015-12-21 17:34 - 2015-11-22 11:28 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-12-21 17:34 - 2015-11-22 11:28 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2015-12-21 17:34 - 2015-11-22 11:28 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-12-21 17:34 - 2015-11-22 11:28 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2015-12-21 17:34 - 2015-11-22 11:27 - 02049024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-12-21 17:34 - 2015-11-22 11:27 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2015-12-21 17:34 - 2015-11-22 11:27 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2015-12-21 17:34 - 2015-11-22 11:27 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2015-12-21 17:34 - 2015-11-22 11:27 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2015-12-21 17:34 - 2015-11-22 11:26 - 03355136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-12-21 17:34 - 2015-11-22 11:26 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-12-21 17:34 - 2015-11-22 11:26 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2015-12-21 17:34 - 2015-11-22 11:26 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2015-12-21 17:34 - 2015-11-22 11:25 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-12-21 17:34 - 2015-11-22 11:25 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2015-12-21 17:34 - 2015-11-22 11:24 - 02647552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-12-21 17:34 - 2015-11-22 11:24 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2015-12-21 17:34 - 2015-11-22 11:24 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2015-12-21 17:34 - 2015-11-22 11:24 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2015-12-21 17:34 - 2015-11-22 11:23 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2015-12-21 17:34 - 2015-11-22 11:20 - 01860096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2015-12-21 17:34 - 2015-11-22 11:18 - 01505280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-12-21 17:34 - 2015-11-22 11:18 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2015-12-21 17:34 - 2015-11-22 11:18 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2015-12-21 17:34 - 2015-11-22 11:17 - 02680320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-12-21 17:34 - 2015-11-22 11:17 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-12-21 17:34 - 2015-11-22 11:11 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2015-12-21 17:34 - 2015-11-21 08:21 - 00809312 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2015-12-21 17:34 - 2015-11-21 08:02 - 00704352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2015-12-21 17:34 - 2015-11-21 07:44 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-AppModelExecEvents.dll
2015-12-21 17:34 - 2015-11-21 07:29 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2015-12-21 17:34 - 2015-11-21 07:07 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 22572632 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 21125408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 02001408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00969728 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00911648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00803840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00791552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00698208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00675064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-12-21 13:09 - 2015-12-21 13:09 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00586208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00586080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00578912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-12-21 13:09 - 2015-12-21 13:09 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-12-21 13:09 - 2015-12-21 13:09 - 00536768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00523616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2015-12-21 13:09 - 2015-12-21 13:09 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2015-12-21 13:09 - 2015-12-21 13:09 - 00516544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00511320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00454056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2015-12-21 13:09 - 2015-12-21 13:09 - 00408128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00405048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2015-12-21 13:09 - 2015-12-21 13:09 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-12-21 13:09 - 2015-12-21 13:09 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2015-12-21 13:09 - 2015-12-21 13:09 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-12-21 13:09 - 2015-12-21 13:09 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00110032 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00088392 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00073360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.proxy.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2015-12-21 13:09 - 2015-12-21 13:09 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00035680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wimmount.sys
2015-12-21 13:09 - 2015-12-21 13:09 - 00035656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
2015-12-21 13:09 - 2015-12-21 13:09 - 00032040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfpmp.exe
2015-12-21 13:09 - 2015-12-21 13:09 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringconfigsp.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2015-12-21 13:09 - 2015-12-21 13:09 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.proxy.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\IcsEntitlementHost.exe
2015-12-21 13:09 - 2015-12-21 13:09 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00003072 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00003072 ____N (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2015-12-21 13:04 - 2015-10-23 17:47 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-12-21 13:04 - 2015-10-23 17:47 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-12-21 13:04 - 2015-10-23 17:47 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-12-21 13:04 - 2015-10-23 17:46 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-12-21 13:04 - 2015-10-23 17:46 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-12-21 13:04 - 2015-10-23 17:45 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-09 09:08 - 2015-10-14 12:18 - 00000000 __SHD C:\Users\Vesa\IntelGraphicsProfiles
2016-01-09 09:08 - 2015-07-14 08:30 - 00000000 ___RD C:\Users\Vesa\OneDrive
2016-01-05 10:28 - 2015-11-28 15:55 - 00000000 ____D C:\Users\Vesa\Documents\MyHeritage
2015-12-22 16:28 - 2015-07-06 13:21 - 00000000 __RHD C:\Users\Public\AccountPictures
2015-12-22 13:23 - 2015-08-02 23:44 - 00000000 ___HD C:\$SysReset
2015-12-22 12:17 - 2015-11-26 16:11 - 00000000 ____D C:\Users\Vesa\.VirtualBox

Some files in TEMP:
====================
C:\Users\Vesa\AppData\Local\Temp\FreemakeAudioConverterFull.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-08 16:30

==================== End of FRST.txt ============================
User avatar
Firefly
Regular Member
 
Posts: 949
Joined: March 5th, 2014, 4:33 pm

Re: Malware after ending Avast license

Unread postby Firefly » January 9th, 2016, 10:21 am

ADDITION.TXT LOG FOR VIEWING


Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-01-2015
Ran by Vesa (2016-01-09 11:11:54)
Running from C:\Users\Vesa\Desktop
Windows 10 Home (X64) (2015-12-22 11:10:33)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

DefaultAccount (S-1-5-21-3322993352-708763500-3136390609-503 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3322993352-708763500-3136390609-1006 - Limited - Enabled)
Järjestelmänvalvoja (S-1-5-21-3322993352-708763500-3136390609-500 - Administrator - Disabled)
UpdatusUser (S-1-5-21-3322993352-708763500-3136390609-1001 - Limited - Enabled) => C:\Users\UpdatusUser
Vesa (S-1-5-21-3322993352-708763500-3136390609-1002 - Administrator - Enabled) => C:\Users\Vesa
Vieras (S-1-5-21-3322993352-708763500-3136390609-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Ace Stream Media 3.0.12 (HKU\S-1-5-21-3322993352-708763500-3136390609-1002\...\AceStream) (Version: 3.0.12 - Ace Stream Media) <==== ATTENTION
Avast Premier (HKLM-x32\...\Avast) (Version: 11.1.2245 - AVAST Software)
BOINC (HKLM\...\{085CC3D7-09D0-4488-BAD2-A57E909EE1EC}) (Version: 7.6.9 - Space Sciences Laboratory, U.C. Berkeley)
ELAN Touchpad 15.8.4.3_X64_WHQL (HKLM\...\Elantech) (Version: 15.8.4.3 - ELAN Microelectronic Corp.)
eLicenser Control (HKLM-x32\...\eLicenser Control) (Version: 6.9.2.1182 - Steinberg Media Technologies GmbH)
f.lux (HKU\S-1-5-21-3322993352-708763500-3136390609-1002\...\Flux) (Version: - )
Freemake Audio Converter version 1.1.7 (HKLM-x32\...\Freemake Audio Converter_is1) (Version: 1.1.7 - Ellora Assets Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Lexicon Alpha Driver (HKLM-x32\...\Lexicon Alpha Driver) (Version: - Lexicon)
Lexicon Alpha Driver (Version: 2.6 - Lexicon) Hidden
Lexicon Pantheon VST Plug-in (remove only) (HKLM-x32\...\LexiconStudio) (Version: - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MyHeritage Family Tree Builder (HKLM-x32\...\Family Tree Builder) (Version: 7.0.0.7143 - MyHeritage.com)
OpenOffice 4.1.0 (HKLM-x32\...\{0F524843-3FEE-4FF7-BBE1-D718319D92F4}) (Version: 4.10.9764 - Apache Software Foundation)
Oracle VM VirtualBox 4.3.12 (HKLM\...\{B5121457-0126-4E62-BCBF-6DC7C73D9E4A}) (Version: 4.3.12 - Oracle Corporation)
Popcorn Time (HKU\S-1-5-21-3322993352-708763500-3136390609-1002\...\Popcorn Time) (Version: - Popcorn Official)
SafeZone Stable 1.46.1990.139 (x32 Version: 1.46.1990.139 - Avast Software) Hidden
SopCast 3.9.6 (HKLM-x32\...\SopCast) (Version: 3.9.6 - www.sopcast.com)
Spotify (HKU\S-1-5-21-3322993352-708763500-3136390609-1002\...\Spotify) (Version: 1.0.20.94.g8f8543b3 - Spotify AB)
Steinberg Cubase LE 5 (HKLM-x32\...\{50C78780-1A54-4A5C-B3A7-FF828C62C5C2}) (Version: 5.1.2 - Steinberg Media Technologies GmbH)
Steinberg HALionOne (HKLM-x32\...\{E70E7159-93B1-470D-9FBD-D8E9EF34B538}) (Version: 1.1.0.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Essential Set (HKLM-x32\...\{C04D5974-F528-4347-A494-EAF56124CC1A}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3322993352-708763500-3136390609-1002_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Vesa\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3322993352-708763500-3136390609-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {71203B43-8870-4080-A768-51020F91BE66} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-22] (Google Inc.)
Task: {75AAD5AD-3B56-4C28-A8AA-9667BD4B32FA} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {97C6B3E3-83C1-4A55-917F-52308B947B43} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-22] (Google Inc.)
Task: {AA8A5A78-2FF3-4BFD-AB84-81DF523721E7} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-01-08] (AVAST Software)
Task: {D2A6536C-EA25-46EA-A585-DACD69DF1CC8} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-11-23] (Microsoft Corporation)
Task: {D2E6DE16-3302-4CC5-9FA3-7C21DF924348} - System32\Tasks\SafeZone scheduled Autoupdate 1452330455 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2015-12-01] (Avast Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-07-13 19:45 - 2015-07-13 19:45 - 00011920 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2015-12-22 13:00 - 2015-07-13 19:37 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-12-21 17:34 - 2015-11-22 12:47 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-21 17:34 - 2015-11-22 12:47 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-12-21 17:34 - 2015-12-07 06:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-21 17:34 - 2015-12-07 06:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-21 17:35 - 2015-12-07 05:37 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-21 17:34 - 2015-12-07 05:33 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-21 17:34 - 2015-12-07 05:34 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-12-21 17:34 - 2015-12-07 05:36 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2014-10-01 18:37 - 2015-12-18 16:07 - 00027000 _____ () C:\Users\Vesa\AppData\Roaming\ACEStream\updater\ace_update.exe
2015-12-26 13:43 - 2015-12-23 15:22 - 00073216 _____ () C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
2013-10-15 13:31 - 2013-10-15 13:31 - 00106496 _____ () C:\Program Files\BOINC\zlib1.dll
2015-12-23 09:44 - 2015-12-23 09:44 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-12-22 15:14 - 2015-12-22 15:14 - 01690624 _____ () C:\ProgramData\BOINC\projects\milkyway.cs.rpi.edu_milkyway\milkyway_nbody_1.54_windows_x86_64__mt.exe
2016-01-08 20:57 - 2016-01-08 20:57 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-01-08 20:57 - 2016-01-08 20:57 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-01-08 20:58 - 2016-01-08 20:58 - 02990080 _____ () C:\Program Files\AVAST Software\Avast\defs\15110499\algo.dll
2016-01-08 20:57 - 2016-01-08 20:57 - 00469008 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-01-08 20:57 - 2016-01-08 20:57 - 00241896 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
2016-01-09 01:01 - 2016-01-09 01:01 - 02821120 _____ () C:\Program Files\AVAST Software\Avast\defs\16010801\algo.dll
2015-12-22 13:51 - 2015-12-11 05:54 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libglesv2.dll
2015-12-22 13:51 - 2015-12-11 05:54 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libegl.dll
2015-07-13 19:45 - 2015-07-13 19:45 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2011-06-12 15:09 - 2011-06-12 15:09 - 00038400 _____ () C:\Users\Vesa\AppData\Roaming\ACEStream\updater\lib\_socket.pyd
2011-06-12 15:09 - 2011-06-12 15:09 - 00720896 _____ () C:\Users\Vesa\AppData\Roaming\ACEStream\updater\lib\_ssl.pyd
2011-07-15 21:37 - 2011-07-15 21:37 - 00981504 _____ () C:\Users\Vesa\AppData\Roaming\ACEStream\updater\lib\wx._core_.pyd
2011-07-15 21:38 - 2011-07-15 21:38 - 00746496 _____ () C:\Users\Vesa\AppData\Roaming\ACEStream\updater\lib\wx._gdi_.pyd
2011-07-15 21:38 - 2011-07-15 21:38 - 00670720 _____ () C:\Users\Vesa\AppData\Roaming\ACEStream\updater\lib\wx._windows_.pyd
2011-07-15 21:38 - 2011-07-15 21:38 - 00966144 _____ () C:\Users\Vesa\AppData\Roaming\ACEStream\updater\lib\wx._controls_.pyd
2011-07-15 21:38 - 2011-07-15 21:38 - 00674816 _____ () C:\Users\Vesa\AppData\Roaming\ACEStream\updater\lib\wx._misc_.pyd
2011-06-12 15:06 - 2011-06-12 15:06 - 00287232 _____ () C:\Users\Vesa\AppData\Roaming\ACEStream\updater\lib\_hashlib.pyd
2011-01-18 23:56 - 2011-01-18 23:56 - 00334336 _____ () C:\Users\Vesa\AppData\Roaming\ACEStream\updater\lib\M2Crypto.__m2crypto.pyd
2011-06-12 15:06 - 2011-06-12 15:06 - 00011776 _____ () C:\Users\Vesa\AppData\Roaming\ACEStream\updater\lib\select.pyd
2011-06-12 15:06 - 2011-06-12 15:06 - 00152576 _____ () C:\Users\Vesa\AppData\Roaming\ACEStream\updater\lib\pyexpat.pyd
2012-02-07 18:37 - 2012-02-07 18:37 - 00098816 _____ () C:\Users\Vesa\AppData\Roaming\ACEStream\updater\lib\win32api.pyd
2012-02-07 18:35 - 2012-02-07 18:35 - 00110080 _____ () C:\Users\Vesa\AppData\Roaming\ACEStream\updater\lib\pywintypes27.dll
2012-02-07 18:38 - 2012-02-07 18:38 - 00358912 _____ () C:\Users\Vesa\AppData\Roaming\ACEStream\updater\lib\pythoncom27.dll
2012-02-07 18:36 - 2012-02-07 18:36 - 00111616 _____ () C:\Users\Vesa\AppData\Roaming\ACEStream\updater\lib\win32file.pyd
2012-02-07 18:36 - 2012-02-07 18:36 - 00024064 _____ () C:\Users\Vesa\AppData\Roaming\ACEStream\updater\lib\win32pdh.pyd
2016-01-08 20:57 - 2016-01-08 20:57 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-12-23 09:44 - 2015-12-23 09:44 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2015-12-23 09:44 - 2015-12-23 09:44 - 21845504 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2015-12-25 21:51 - 2015-12-24 07:46 - 16792256 _____ () C:\Users\Vesa\AppData\Local\Google\Chrome\User Data\PepperFlash\20.0.0.267\pepflashplayer.dll
2016-01-08 20:57 - 2016-01-08 20:57 - 00984576 _____ () C:\Program Files\AVAST Software\Avast\ffmpegsumo.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-12-22 12:39 - 2015-12-22 12:36 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3322993352-708763500-3136390609-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Vesa\Desktop\thaimed.jpg
DNS Servers: 192.168.8.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{58050EBE-DF07-4F6F-A104-7B5D23DB8A07}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{0CF960BA-14C1-450F-B5CC-33D6AB9F04EE}C:\users\vesa\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\vesa\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [UDP Query User{244CE049-C63E-41DB-8894-AADED711CCAA}C:\users\vesa\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\vesa\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [{287D243F-8D93-4FE3-BFCF-3C5422811390}] => (Block) C:\users\vesa\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [{A4E3FC11-10F4-4CE1-81C7-8BD50BF122E8}] => (Block) C:\users\vesa\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [TCP Query User{04D26DAA-DD52-4130-AB9B-F3C9CC37814C}C:\users\vesa\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\vesa\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{49982E40-BB0A-4305-BC11-4D58A1F3426F}C:\users\vesa\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\vesa\appdata\roaming\spotify\spotify.exe
FirewallRules: [{6B2DD1C5-A23F-41D4-A9A3-2522FC73B0C3}] => (Block) C:\users\vesa\appdata\roaming\spotify\spotify.exe
FirewallRules: [{05C13E01-D53F-4435-82A2-D3E725BE9702}] => (Block) C:\users\vesa\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{927A9F3D-B1EB-42E1-B6CD-72164E823D22}C:\users\vesa\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\vesa\appdata\local\popcorn time\nw.exe
FirewallRules: [UDP Query User{C160BF1D-D105-44D5-AE45-E3E36A8F13CA}C:\users\vesa\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\vesa\appdata\local\popcorn time\nw.exe
FirewallRules: [{BD49A0A1-B308-4E4A-BA57-EB10EB8111E2}] => (Block) C:\users\vesa\appdata\local\popcorn time\nw.exe
FirewallRules: [{68B6F90F-661B-4E26-9D97-E610CDC40A09}] => (Block) C:\users\vesa\appdata\local\popcorn time\nw.exe

==================== Restore Points =========================

22-12-2015 13:32:16 Installed Steinberg Cubase LE 5
29-12-2015 18:09:35 Windowsin moduulien asennusohjelma
05-01-2016 21:39:06 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/08/2016 04:32:04 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (01/07/2016 10:06:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: VESKUNKONE)
Description: Sovelluksen Microsoft.Windows.Photos_8wekyb3d8bbwe!App aktivointi epäonnistui, virhe: -2147023170. Lisätietoja on Microsoft-Windows-TWinUI/Toiminnassa-lokissa.

Error: (01/06/2016 10:24:40 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: VESKUNKONE)
Description: Sovelluksen Microsoft.Windows.Photos_8wekyb3d8bbwe!App aktivointi epäonnistui, virhe: -2147023170. Lisätietoja on Microsoft-Windows-TWinUI/Toiminnassa-lokissa.

Error: (01/06/2016 10:24:40 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: VESKUNKONE)
Description: Sovelluksen Microsoft.Windows.Photos_8wekyb3d8bbwe!App aktivointi epäonnistui, virhe: -2147023170. Lisätietoja on Microsoft-Windows-TWinUI/Toiminnassa-lokissa.

Error: (01/05/2016 09:39:15 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Salauspalvelut eivät voineet käsitellä OnIdentity()-kutsua järjestelmän kirjoitusobjektissa.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoftin linkkikerroksen etsintäprotokolla.

System Error:
Käyttö estetty.
.

Error: (01/05/2016 10:28:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Viallisen sovelluksen nimi: ShellExperienceHost.exe, versio: 10.0.10586.35, aikaleima: 0x566505bc
Viallisen moduulin nimi: QuickActions.dll, versio: 0.0.0.0, aikaleima: 0x56650458
Poikkeuskoodi: 0xc0000005
Virhepoikkeama: 0x0000000000001931
Viallisen prosessin tunnus: 0xc1c
Viallisen sovelluksen käynnistysaika: 0xShellExperienceHost.exe0
Viallisen sovelluksen polku: ShellExperienceHost.exe1
Viallisen moduulin polku: ShellExperienceHost.exe2
Raportin tunnus: ShellExperienceHost.exe3
Viallisen paketin koko nimi: ShellExperienceHost.exe4
Viallisen paketin suhteellinen sovellustunnus: ShellExperienceHost.exe5

Error: (01/04/2016 02:44:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Viallisen sovelluksen nimi: winsat.exe, versio: 10.0.10586.0, aikaleima: 0x5632d4bb
Viallisen moduulin nimi: igdumdim64.dll_unloaded, versio: 10.18.10.4276, aikaleima: 0x55d1ff23
Poikkeuskoodi: 0xc0000005
Virhepoikkeama: 0x0000000000021260
Viallisen prosessin tunnus: 0x574
Viallisen sovelluksen käynnistysaika: 0xwinsat.exe0
Viallisen sovelluksen polku: winsat.exe1
Viallisen moduulin polku: winsat.exe2
Raportin tunnus: winsat.exe3
Viallisen paketin koko nimi: winsat.exe4
Viallisen paketin suhteellinen sovellustunnus: winsat.exe5

Error: (01/04/2016 02:36:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: VESKUNKONE)
Description: Sovelluksen Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI aktivointi epäonnistui, virhe: -2144927141. Lisätietoja on Microsoft-Windows-TWinUI/Toiminnassa-lokissa.

Error: (01/04/2016 02:36:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: VESKUNKONE)
Description: Sovelluksen Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI aktivointi epäonnistui, virhe: -2144927141. Lisätietoja on Microsoft-Windows-TWinUI/Toiminnassa-lokissa.

Error: (01/04/2016 10:08:03 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: VESKUNKONE)
Description: Sovelluksen Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI aktivointi epäonnistui, virhe: -2144927141. Lisätietoja on Microsoft-Windows-TWinUI/Toiminnassa-lokissa.


System errors:
=============
Error: (01/09/2016 11:07:43 AM) (Source: DCOM) (EventID: 10016) (User: VESKUNKONE)
Description: tietokoneen oletusarvoPaikallinenAktivointi{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}VeskunkoneVesaS-1-5-21-3322993352-708763500-3136390609-1002LocalHost (LRPC käytössä)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (01/09/2016 11:07:43 AM) (Source: DCOM) (EventID: 10016) (User: VESKUNKONE)
Description: tietokoneen oletusarvoPaikallinenAktivointi{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}VeskunkoneVesaS-1-5-21-3322993352-708763500-3136390609-1002LocalHost (LRPC käytössä)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (01/09/2016 10:05:45 AM) (Source: DCOM) (EventID: 10016) (User: NT-hallinta)
Description: sovelluskohtainenPaikallinenAktivointi{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-hallintaSYSTEMS-1-5-18LocalHost (LRPC käytössä)Ei käytettävissäEi käytettävissä

Error: (01/09/2016 01:33:40 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Palvelu Käyttäjätietojen käyttöoikeudet_1f8f4e on päättynyt odottamatta. Tämä on tapahtunut 1 kertaa. 10000 millisekunnin kuluttua suoritetaan seuraava korjaustoimi: Käynnistä palvelu uudelleen.

Error: (01/09/2016 01:33:40 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Palvelu Käyttäjätietosäilö_1f8f4e on päättynyt odottamatta. Tämä on tapahtunut 1 kertaa. 10000 millisekunnin kuluttua suoritetaan seuraava korjaustoimi: Käynnistä palvelu uudelleen.

Error: (01/09/2016 01:33:40 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Palvelu Yhteystiedot_1f8f4e on päättynyt odottamatta. Tämä on tapahtunut 1 kertaa. 10000 millisekunnin kuluttua suoritetaan seuraava korjaustoimi: Käynnistä palvelu uudelleen.

Error: (01/09/2016 01:33:40 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Palvelu Synkronoi isäntä_1f8f4e on päättynyt odottamatta. Tämä on tapahtunut 1 kertaa. 10000 millisekunnin kuluttua suoritetaan seuraava korjaustoimi: Käynnistä palvelu uudelleen.

Error: (01/09/2016 01:33:40 AM) (Source: DCOM) (EventID: 10016) (User: NT-hallinta)
Description: sovelluskohtainenPaikallinenAktivointi{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-hallintaSYSTEMS-1-5-18LocalHost (LRPC käytössä)Ei käytettävissäEi käytettävissä

Error: (01/09/2016 01:33:12 AM) (Source: DCOM) (EventID: 10016) (User: VESKUNKONE)
Description: tietokoneen oletusarvoPaikallinenAktivointi{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}VeskunkoneVesaS-1-5-21-3322993352-708763500-3136390609-1002LocalHost (LRPC käytössä)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (01/08/2016 08:02:30 PM) (Source: DCOM) (EventID: 10016) (User: NT-hallinta)
Description: sovelluskohtainenPaikallinenAktivointi{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-hallintaSYSTEMS-1-5-18LocalHost (LRPC käytössä)Ei käytettävissäEi käytettävissä


CodeIntegrity:
===================================
Date: 2016-01-06 21:14:24.035
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-06 10:27:52.411
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-31 08:00:30.577
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-29 18:14:00.227
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-23 09:34:49.703
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-22 16:26:59.430
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-22 15:45:29.772
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-22 15:22:40.777
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-22 13:33:04.270
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-22 12:58:02.319
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 34%
Total physical RAM: 8077.57 MB
Available physical RAM: 5265.43 MB
Total Virtual: 9357.57 MB
Available Virtual: 6360.31 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:185.86 GB) (Free:147.35 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Data) (Fixed) (Total:258.44 GB) (Free:210.9 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 253E1A55)

Partition: GPT.

==================== End of Addition.txt ============================
User avatar
Firefly
Regular Member
 
Posts: 949
Joined: March 5th, 2014, 4:33 pm

Re: Malware after ending Avast license

Unread postby humanerror » January 9th, 2016, 10:51 am

Ok, thanks. I have made backups, a restore point and downloaded the backup program and run it.
humanerror
Regular Member
 
Posts: 54
Joined: October 14th, 2008, 8:36 am

Re: Malware after ending Avast license

Unread postby Firefly » January 10th, 2016, 12:36 pm

Humanerror -

Step 1 - Unwanted Programs & Peer to Peer

IMPORTANT There are signs of one or more P2P (Peer to Peer) File Sharing Programs installed on your computer. You are currently using some streaming software which uses a Peer to Peer protocol to stream content. This protocol is an open invitation to infect your computer. In addition, Popcorn Time is actually illegal at this time.


Ace Stream Media 3.0.12
Popcorn Time


As long as you have the P2P program(s) installed, per Forum Policy, I can offer you no further assitance.
If you choose NOT to remove the program(s)...indicate that in your next reply and this topic will be closed.


Otherwise, please perform the following steps to remove the P2P program as well as some other unneeded or unwanted programs:

Remove P2P and other Program(s)
1. Close all open programs
2. In the Cortana box, please type in "programs", and then select "remove programs".
3. Locate the following programs:
Ace Stream Media 3.0.12
Popcorn Time

4. Click on the Uninstall button located next to uninstall each program.
Repeat for each program listed.
5. When the program(s) have been uninstalled... Close Programs and Features. Close Control Panel.


By using any form of P2P networking to download files you can anticipate infestations of malware to occur. The P2P program itself, may be safe but the files may not... use P2P at your own risk! Keep in mind that this practice may be the source of your current malware infestation.

Reference... siting risk factors, using P2P programs: How to Prevent the Online Invasion of Spyware and Adware


Step 2 - AdwCleaner

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Right click on adwcleaner.exe and select " Run as administrator " to run it.
  • Click on Scan.
  • When the scan has finished click on Report.
  • A logfile will automatically open after the scan has finished.
  • Close the adwCleaner window.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well (it could be another number besides [R1] such as [R0]).

AT THIS POINT, DO NOT ATTEMPT TO CLEAN ANYTHING THAT MAY BE FOUND


Next Steps

1. Confirm the removal of the above-listed programs
2. Post the adwCleaner log.
User avatar
Firefly
Regular Member
 
Posts: 949
Joined: March 5th, 2014, 4:33 pm

Re: Malware after ending Avast license

Unread postby humanerror » January 10th, 2016, 2:22 pm

the listed programs removed.


# AdwCleaner v5.028 - Logfile created 10/01/2016 at 20:13:27
# Updated 04/01/2016 by Xplode
# Database : 2016-01-04.2 [Server]
# Operating system : Windows 10 Home (x64)
# Username : Vesa - VESKUNKONE
# Running from : C:\Users\Vesa\Desktop\adwcleaner_5.028.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\_acestream_cache_
[-] Folder Deleted : C:\Users\Vesa\AppData\LocalLow\.acestream
[-] Folder Deleted : C:\Users\Vesa\AppData\Roaming\acestream
[-] Folder Deleted : C:\Users\Vesa\AppData\Roaming\.acestream

***** [ Files ] *****

[-] File Deleted : C:\Users\Vesa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage
[-] File Deleted : C:\Users\Vesa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage-journal
[-] File Deleted : C:\Users\Vesa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage
[-] File Deleted : C:\Users\Vesa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage-journal
[-] File Deleted : C:\Users\Vesa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
[-] File Deleted : C:\Users\Vesa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
[-] File Deleted : C:\Users\Vesa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markit00.re-markit.co_0.localstorage
[-] File Deleted : C:\Users\Vesa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markit00.re-markit.co_0.localstorage-journal

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\S
[-] Key Deleted : HKCU\SOFTWARE\Classes\.acestream
[-] Key Deleted : HKCU\SOFTWARE\Classes\acestream
[-] Key Deleted : HKCU\SOFTWARE\Classes\MIME\Database\Content Type\application/x-acestream-plugin
[-] Key Deleted : HKCU\Software\Classes\CLSID\{79690976-ED6E-403C-BBBA-F8928B5EDE17}

***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2380 bytes] ##########
humanerror
Regular Member
 
Posts: 54
Joined: October 14th, 2008, 8:36 am

Re: Malware after ending Avast license

Unread postby humanerror » January 10th, 2016, 2:42 pm

I didn't see "report" after scan. Unfortunately I missed your order notto attempt cleaning, so I clicked clean, rebooted and got the above log.
humanerror
Regular Member
 
Posts: 54
Joined: October 14th, 2008, 8:36 am

Re: Malware after ending Avast license

Unread postby humanerror » January 10th, 2016, 5:02 pm

After scan I saw "waiting for action. Please unchecked elements you want to keep. "
There was no log visible. This is when I clicked clean.
humanerror
Regular Member
 
Posts: 54
Joined: October 14th, 2008, 8:36 am

Re: Malware after ending Avast license

Unread postby Firefly » January 11th, 2016, 9:52 am

Humanerror -

Yes, I can see you chose the clean option. Luckily nothing was included that should not have been. Please ask me if you dont see a particular option. Next...


Step 1 - FRST fix

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy and Paste the following script into Notepad, Do not include the words Code: select all
    • (Click the select all button next to code to select the entire script).
    Code: Select all
    Createbackup:
    () C:\Users\Vesa\AppData\Roaming\ACEStream\updater\ace_update.exe
    HKU\S-1-5-21-3322993352-708763500-3136390609-1002\...\Run: [AceUpdater] => C:\Users\Vesa\AppData\Roaming\ACEStream\updater\ace_update.exe [27000 2015-12-18] ()
    FF Plugin HKU\S-1-5-21-3322993352-708763500-3136390609-1002: @acestream.net/acestreamplugin,version=3.0.12 -> C:\Users\Vesa\AppData\Roaming\ACEStream\player\npace_plugin.dll [2015-09-24] (Innovative Digital Technologies)
    FF HKU\S-1-5-21-3322993352-708763500-3136390609-1002\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\Vesa\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi
    FF Extension: Ace Stream Web Extension - C:\Users\Vesa\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi [2015-12-18]
    CHR HomePage: Default -> hxxps://easywallet.org/w/U9S4G2iotEMLG4XQhAT6ny 
    CHR NewTab: Default -> "chrome-extension://nbfhhpdigbbhgijjhhnmionhamjpggio/newtab/newtab-hp.html"
    CHR Extension: (My Weather) - C:\Users\Vesa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbfhhpdigbbhgijjhhnmionhamjpggio [2016-01-07]
    CHR HKU\S-1-5-21-3322993352-708763500-3136390609-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
    C:\Users\Vesa\AppData\Local\Popcorn-Time
    C:\Users\Vesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time
    C:\Users\Vesa\AppData\Roaming\.ACEStream
    C:\Users\Vesa\Desktop\Ace Player.lnk
    C:\Users\Vesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Stream Media
    C:\Users\Vesa\AppData\Roaming\ACEStream
    2014-10-01 18:37 - 2015-12-18 16:07 - 00027000 _____ () C:\Users\Vesa\AppData\Roaming\ACEStream\updater\ace_update.exe
    2011-06-12 15:09 - 2011-06-12 15:09 - 00038400 _____ () C:\Users\Vesa\AppData\Roaming\ACEStream\updater\lib\_socket.pyd
    2011-06-12 15:09 - 2011-06-12 15:09 - 00720896 _____ () C:\Users\Vesa\AppData\Roaming\ACEStream\updater\lib\_ssl.pyd
    2011-07-15 21:37 - 2011-07-15 21:37 - 00981504 _____ () C:\Users\Vesa\AppData\Roaming\ACEStream\updater\lib\wx._core_.pyd
    2011-07-15 21:38 - 2011-07-15 21:38 - 00746496 _____ () C:\Users\Vesa\AppData\Roaming\ACEStream\updater\lib\wx._gdi_.pyd
    2011-07-15 21:38 - 2011-07-15 21:38 - 00670720 _____ () C:\Users\Vesa\AppData\Roaming\ACEStream\updater\lib\wx._windows_.pyd
    2011-07-15 21:38 - 2011-07-15 21:38 - 00966144 _____ () C:\Users\Vesa\AppData\Roaming\ACEStream\updater\lib\wx._controls_.pyd
    2011-07-15 21:38 - 2011-07-15 21:38 - 00674816 _____ () C:\Users\Vesa\AppData\Roaming\ACEStream\updater\lib\wx._misc_.pyd
    2011-06-12 15:06 - 2011-06-12 15:06 - 00287232 _____ () C:\Users\Vesa\AppData\Roaming\ACEStream\updater\lib\_hashlib.pyd
    2011-01-18 23:56 - 2011-01-18 23:56 - 00334336 _____ () C:\Users\Vesa\AppData\Roaming\ACEStream\updater\lib\M2Crypto.__m2crypto.pyd
    2011-06-12 15:06 - 2011-06-12 15:06 - 00011776 _____ () C:\Users\Vesa\AppData\Roaming\ACEStream\updater\lib\select.pyd
    2011-06-12 15:06 - 2011-06-12 15:06 - 00152576 _____ () C:\Users\Vesa\AppData\Roaming\ACEStream\updater\lib\pyexpat.pyd
    2012-02-07 18:37 - 2012-02-07 18:37 - 00098816 _____ () C:\Users\Vesa\AppData\Roaming\ACEStream\updater\lib\win32api.pyd
    2012-02-07 18:35 - 2012-02-07 18:35 - 00110080 _____ () C:\Users\Vesa\AppData\Roaming\ACEStream\updater\lib\pywintypes27.dll
    2012-02-07 18:38 - 2012-02-07 18:38 - 00358912 _____ () C:\Users\Vesa\AppData\Roaming\ACEStream\updater\lib\pythoncom27.dll
    2012-02-07 18:36 - 2012-02-07 18:36 - 00111616 _____ () C:\Users\Vesa\AppData\Roaming\ACEStream\updater\lib\win32file.pyd
    2012-02-07 18:36 - 2012-02-07 18:36 - 00024064 _____ () C:\Users\Vesa\AppData\Roaming\ACEStream\updater\lib\win32pdh.pyd
    FirewallRules: [TCP Query User{0CF960BA-14C1-450F-B5CC-33D6AB9F04EE}C:\users\vesa\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\vesa\appdata\roaming\acestream\engine\ace_engine.exe
    FirewallRules: [UDP Query User{244CE049-C63E-41DB-8894-AADED711CCAA}C:\users\vesa\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\vesa\appdata\roaming\acestream\engine\ace_engine.exe
    FirewallRules: [{287D243F-8D93-4FE3-BFCF-3C5422811390}] => (Block) C:\users\vesa\appdata\roaming\acestream\engine\ace_engine.exe
    FirewallRules: [{A4E3FC11-10F4-4CE1-81C7-8BD50BF122E8}] => (Block) C:\users\vesa\appdata\roaming\acestream\engine\ace_engine.exe
    FirewallRules: [TCP Query User{927A9F3D-B1EB-42E1-B6CD-72164E823D22}C:\users\vesa\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\vesa\appdata\local\popcorn time\nw.exe
    FirewallRules: [UDP Query User{C160BF1D-D105-44D5-AE45-E3E36A8F13CA}C:\users\vesa\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\vesa\appdata\local\popcorn time\nw.exe
    FirewallRules: [{BD49A0A1-B308-4E4A-BA57-EB10EB8111E2}] => (Block) C:\users\vesa\appdata\local\popcorn time\nw.exe
    FirewallRules: [{68B6F90F-661B-4E26-9D97-E610CDC40A09}] => (Block) C:\users\vesa\appdata\local\popcorn time\nw.exe
    Hosts:
    EmptyTemp:
    CMD: ipconfig /flushdns
    
  • Save it next to FRST.exe as filename fixlist.txt
  • NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are saved in the same location or the fix will not work.
  • Right-click FRST.exe and select " Run as administrator " to run it.
  • Press the Fix button just once. Then wait.
  • When finished, it will create a Fixlog.txt log on your Desktop.
  • Please post the content of the Fixlog.txt in your next reply.


Step 2 - Revised FRST Scan

The computer should have rebooted after the previous step. If it did not, please reboot. Next, please locate the program FRST64 we downloaded earlier.

  • Right-click FRST.exe and select " Run as administrator " to run it.
  • If needed, FRST will update itself with newer definitions.
  • When the tool opens click Yes to the disclaimer.
  • In addition to what is already checked, please place a check mark in the lower right hand box labeled “Addition.txt”
  • Press Scan button. ... When finished a log will be created, FRST.txt.
  • Please post the content of the FRST.txt in your next reply.
  • Please post the content of the Addition.txt in your next reply.


Step 3 - Show Hidden Files

Please enable the Show Hidden Files and Folders option, like this:
  1. Open File Explorer, and navigate to the "C:\" folder view.
  2. Select the View menu at the top, and then click Options on the right of the ribbon bar. A pop-up window with Folder Options will appear.
  3. Select the View Tab. Under the Hidden files and folders heading select ... "Show hidden files and folders".
  4. Uncheck the Hide extensions for known file types. option.
  5. Uncheck the Hide protected operating system files (recommended) option.
  6. Click Apply to set. Click OK.


Step 4 - File Scans

There are some files that I have not been able to find any information on in your logs. Therefore, I need to have the uploaded to be analyzed. We will use an online multi-antivirus scanner. Please go to Virus Total and upload -only one file per scan- the following file(s) for scanning:

C:\ProgramData\BOINC\projects\milkyway.cs.rpi.edu_milkyway\milkyway_nbody_1.54_windows_x86_64__mt.exe

Using Virus Total
  1. Once on the website in your browser, press the Browse button and navigate to -one- of the files in the list.
  2. Double click the located file name... The file name should now appear in the online scanner's text entry box.
  3. Click on Send File...button.
  4. The file will be queued, uploaded and scanned by various antivirus scanners..this may take a few minutes.
      If you receive the message: File has already been analysed:
      Please press the Reanalyse file now button, so your file will be scanned.
  5. When each scan is completed... the results page is displayed
  6. Please highlight and copy the page web address link from your browser window.
    Example of web address :
    Image
  7. Paste the Web address link(s) for the scan results in your next reply.


Next Steps

1. Post fixlog.txt
2. Post FRST.txt
3. Post Addition.txt
4. Post the weblink address for the file scan done in step 3.

** If these exceed the posting limits, please simply break up the message.

How is the computer behaving now? Are you still getting the pop-ups?
User avatar
Firefly
Regular Member
 
Posts: 949
Joined: March 5th, 2014, 4:33 pm

Re: Malware after ending Avast license

Unread postby humanerror » January 11th, 2016, 12:43 pm

Hi!

I don't see problems now in browsing with Chrome.


Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-01-2015
Ran by Vesa (2016-01-11 18:20:34)
Running from C:\Users\Vesa\Desktop
Windows 10 Home (X64) (2015-12-22 11:10:33)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

DefaultAccount (S-1-5-21-3322993352-708763500-3136390609-503 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3322993352-708763500-3136390609-1006 - Limited - Enabled)
Järjestelmänvalvoja (S-1-5-21-3322993352-708763500-3136390609-500 - Administrator - Disabled)
UpdatusUser (S-1-5-21-3322993352-708763500-3136390609-1001 - Limited - Enabled) => C:\Users\UpdatusUser
Vesa (S-1-5-21-3322993352-708763500-3136390609-1002 - Administrator - Enabled) => C:\Users\Vesa
Vieras (S-1-5-21-3322993352-708763500-3136390609-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Avast Premier (HKLM-x32\...\Avast) (Version: 11.1.2245 - AVAST Software)
BOINC (HKLM\...\{085CC3D7-09D0-4488-BAD2-A57E909EE1EC}) (Version: 7.6.9 - Space Sciences Laboratory, U.C. Berkeley)
ELAN Touchpad 15.8.4.3_X64_WHQL (HKLM\...\Elantech) (Version: 15.8.4.3 - ELAN Microelectronic Corp.)
eLicenser Control (HKLM-x32\...\eLicenser Control) (Version: 6.9.2.1182 - Steinberg Media Technologies GmbH)
f.lux (HKU\S-1-5-21-3322993352-708763500-3136390609-1002\...\Flux) (Version: - )
Freemake Audio Converter version 1.1.7 (HKLM-x32\...\Freemake Audio Converter_is1) (Version: 1.1.7 - Ellora Assets Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Lexicon Alpha Driver (HKLM-x32\...\Lexicon Alpha Driver) (Version: - Lexicon)
Lexicon Alpha Driver (Version: 2.6 - Lexicon) Hidden
Lexicon Pantheon VST Plug-in (remove only) (HKLM-x32\...\LexiconStudio) (Version: - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MyHeritage Family Tree Builder (HKLM-x32\...\Family Tree Builder) (Version: 7.0.0.7143 - MyHeritage.com)
OpenOffice 4.1.0 (HKLM-x32\...\{0F524843-3FEE-4FF7-BBE1-D718319D92F4}) (Version: 4.10.9764 - Apache Software Foundation)
Oracle VM VirtualBox 4.3.12 (HKLM\...\{B5121457-0126-4E62-BCBF-6DC7C73D9E4A}) (Version: 4.3.12 - Oracle Corporation)
SafeZone Stable 1.46.1990.139 (x32 Version: 1.46.1990.139 - Avast Software) Hidden
SopCast 3.9.6 (HKLM-x32\...\SopCast) (Version: 3.9.6 - www.sopcast.com)
Spotify (HKU\S-1-5-21-3322993352-708763500-3136390609-1002\...\Spotify) (Version: 1.0.20.94.g8f8543b3 - Spotify AB)
Steinberg Cubase LE 5 (HKLM-x32\...\{50C78780-1A54-4A5C-B3A7-FF828C62C5C2}) (Version: 5.1.2 - Steinberg Media Technologies GmbH)
Steinberg HALionOne (HKLM-x32\...\{E70E7159-93B1-470D-9FBD-D8E9EF34B538}) (Version: 1.1.0.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Essential Set (HKLM-x32\...\{C04D5974-F528-4347-A494-EAF56124CC1A}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.3.1 - Tweaking.com)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3322993352-708763500-3136390609-1002_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Vesa\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3322993352-708763500-3136390609-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {71203B43-8870-4080-A768-51020F91BE66} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-22] (Google Inc.)
Task: {75AAD5AD-3B56-4C28-A8AA-9667BD4B32FA} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {97C6B3E3-83C1-4A55-917F-52308B947B43} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-22] (Google Inc.)
Task: {AA8A5A78-2FF3-4BFD-AB84-81DF523721E7} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-01-08] (AVAST Software)
Task: {D016211A-5A24-44D7-9664-866F71FF4ADA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-11-23] (Microsoft Corporation)
Task: {D2E6DE16-3302-4CC5-9FA3-7C21DF924348} - System32\Tasks\SafeZone scheduled Autoupdate 1452330455 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2015-12-01] (Avast Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-07-13 19:45 - 2015-07-13 19:45 - 00011920 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2015-12-22 13:00 - 2015-07-13 19:37 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-12-21 17:34 - 2015-11-22 12:47 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-21 17:34 - 2015-11-22 12:47 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-12-23 09:44 - 2015-12-23 09:44 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-12-21 17:34 - 2015-12-07 06:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-21 17:34 - 2015-12-07 06:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-21 17:35 - 2015-12-07 05:37 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-21 17:34 - 2015-12-07 05:33 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-21 17:34 - 2015-12-07 05:34 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-12-21 17:34 - 2015-12-07 05:36 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-12-26 13:43 - 2015-12-23 15:22 - 00073216 _____ () C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
2013-10-15 13:31 - 2013-10-15 13:31 - 00106496 _____ () C:\Program Files\BOINC\zlib1.dll
2015-12-22 21:41 - 2015-12-22 21:41 - 00601600 _____ () C:\ProgramData\BOINC\projects\milkyway.cs.rpi.edu_milkyway\milkyway_separation_1.00_windows_x86_64.exe
2015-12-22 15:04 - 2015-12-22 15:04 - 00314880 _____ () C:\ProgramData\BOINC\projects\asteroidsathome.net_boinc\period_search_10210_windows_x86_64__sse2.exe
2016-01-08 20:57 - 2016-01-08 20:57 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-01-08 20:57 - 2016-01-08 20:57 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-01-11 17:17 - 2016-01-11 17:17 - 02821120 _____ () C:\Program Files\AVAST Software\Avast\defs\16011100\algo.dll
2016-01-08 20:57 - 2016-01-08 20:57 - 00469008 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2015-12-23 09:44 - 2015-12-23 09:44 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2015-07-13 19:45 - 2015-07-13 19:45 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2016-01-08 20:57 - 2016-01-08 20:57 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-01-05 22:04 - 2016-01-05 22:04 - 03673600 _____ () C:\ProgramData\BOINC\projects\boinc.fzk.de_poem\poemcl_2.21_windows_intelx86__opencl_nvidia_101
2015-07-13 19:45 - 2015-07-13 19:45 - 42730128 _____ () C:\WINDOWS\system32\nvcompiler.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-12-22 12:39 - 2016-01-11 18:12 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3322993352-708763500-3136390609-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Vesa\Desktop\thaimed.jpg
DNS Servers: 192.168.8.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{58050EBE-DF07-4F6F-A104-7B5D23DB8A07}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{04D26DAA-DD52-4130-AB9B-F3C9CC37814C}C:\users\vesa\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\vesa\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{49982E40-BB0A-4305-BC11-4D58A1F3426F}C:\users\vesa\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\vesa\appdata\roaming\spotify\spotify.exe
FirewallRules: [{6B2DD1C5-A23F-41D4-A9A3-2522FC73B0C3}] => (Block) C:\users\vesa\appdata\roaming\spotify\spotify.exe
FirewallRules: [{05C13E01-D53F-4435-82A2-D3E725BE9702}] => (Block) C:\users\vesa\appdata\roaming\spotify\spotify.exe

==================== Restore Points =========================

22-12-2015 13:32:16 Installed Steinberg Cubase LE 5
29-12-2015 18:09:35 Windowsin moduulien asennusohjelma
05-01-2016 21:39:06 Windows Update
09-01-2016 16:36:03 malawar

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/11/2016 03:48:10 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: VESKUNKONE)
Description: Sovelluksen Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI aktivointi epäonnistui, virhe: -2144927141. Lisätietoja on Microsoft-Windows-TWinUI/Toiminnassa-lokissa.

Error: (01/10/2016 06:43:31 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (01/09/2016 04:36:10 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Salauspalvelut eivät voineet käsitellä OnIdentity()-kutsua järjestelmän kirjoitusobjektissa.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoftin linkkikerroksen etsintäprotokolla.

System Error:
Käyttö estetty.
.

Error: (01/08/2016 04:32:04 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (01/07/2016 10:06:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: VESKUNKONE)
Description: Sovelluksen Microsoft.Windows.Photos_8wekyb3d8bbwe!App aktivointi epäonnistui, virhe: -2147023170. Lisätietoja on Microsoft-Windows-TWinUI/Toiminnassa-lokissa.

Error: (01/06/2016 10:24:40 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: VESKUNKONE)
Description: Sovelluksen Microsoft.Windows.Photos_8wekyb3d8bbwe!App aktivointi epäonnistui, virhe: -2147023170. Lisätietoja on Microsoft-Windows-TWinUI/Toiminnassa-lokissa.

Error: (01/06/2016 10:24:40 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: VESKUNKONE)
Description: Sovelluksen Microsoft.Windows.Photos_8wekyb3d8bbwe!App aktivointi epäonnistui, virhe: -2147023170. Lisätietoja on Microsoft-Windows-TWinUI/Toiminnassa-lokissa.

Error: (01/05/2016 09:39:15 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Salauspalvelut eivät voineet käsitellä OnIdentity()-kutsua järjestelmän kirjoitusobjektissa.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoftin linkkikerroksen etsintäprotokolla.

System Error:
Käyttö estetty.
.

Error: (01/05/2016 10:28:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Viallisen sovelluksen nimi: ShellExperienceHost.exe, versio: 10.0.10586.35, aikaleima: 0x566505bc
Viallisen moduulin nimi: QuickActions.dll, versio: 0.0.0.0, aikaleima: 0x56650458
Poikkeuskoodi: 0xc0000005
Virhepoikkeama: 0x0000000000001931
Viallisen prosessin tunnus: 0xc1c
Viallisen sovelluksen käynnistysaika: 0xShellExperienceHost.exe0
Viallisen sovelluksen polku: ShellExperienceHost.exe1
Viallisen moduulin polku: ShellExperienceHost.exe2
Raportin tunnus: ShellExperienceHost.exe3
Viallisen paketin koko nimi: ShellExperienceHost.exe4
Viallisen paketin suhteellinen sovellustunnus: ShellExperienceHost.exe5

Error: (01/04/2016 02:44:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Viallisen sovelluksen nimi: winsat.exe, versio: 10.0.10586.0, aikaleima: 0x5632d4bb
Viallisen moduulin nimi: igdumdim64.dll_unloaded, versio: 10.18.10.4276, aikaleima: 0x55d1ff23
Poikkeuskoodi: 0xc0000005
Virhepoikkeama: 0x0000000000021260
Viallisen prosessin tunnus: 0x574
Viallisen sovelluksen käynnistysaika: 0xwinsat.exe0
Viallisen sovelluksen polku: winsat.exe1
Viallisen moduulin polku: winsat.exe2
Raportin tunnus: winsat.exe3
Viallisen paketin koko nimi: winsat.exe4
Viallisen paketin suhteellinen sovellustunnus: winsat.exe5


System errors:
=============
Error: (01/11/2016 06:13:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Palvelu Käyttäjätietojen käyttöoikeudet_5436e1 on päättynyt odottamatta. Tämä on tapahtunut 1 kertaa. 10000 millisekunnin kuluttua suoritetaan seuraava korjaustoimi: Käynnistä palvelu uudelleen.

Error: (01/11/2016 06:13:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Palvelu Käyttäjätietosäilö_5436e1 on päättynyt odottamatta. Tämä on tapahtunut 1 kertaa. 10000 millisekunnin kuluttua suoritetaan seuraava korjaustoimi: Käynnistä palvelu uudelleen.

Error: (01/11/2016 06:13:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Palvelu Yhteystiedot_5436e1 on päättynyt odottamatta. Tämä on tapahtunut 1 kertaa. 10000 millisekunnin kuluttua suoritetaan seuraava korjaustoimi: Käynnistä palvelu uudelleen.

Error: (01/11/2016 06:13:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Palvelu Synkronoi isäntä_5436e1 on päättynyt odottamatta. Tämä on tapahtunut 1 kertaa. 10000 millisekunnin kuluttua suoritetaan seuraava korjaustoimi: Käynnistä palvelu uudelleen.

Error: (01/11/2016 06:13:18 PM) (Source: DCOM) (EventID: 10016) (User: NT-hallinta)
Description: sovelluskohtainenPaikallinenAktivointi{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-hallintaSYSTEMS-1-5-18LocalHost (LRPC käytössä)Ei käytettävissäEi käytettävissä

Error: (01/11/2016 03:48:10 PM) (Source: DCOM) (EventID: 10010) (User: VESKUNKONE)
Description: CortanaUI.AppXtpp90jhw9p0njjb85kvhxpppgrqfp117.mca

Error: (01/10/2016 11:02:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Palvelu Käyttäjätietojen käyttöoikeudet_3a5b2 on päättynyt odottamatta. Tämä on tapahtunut 1 kertaa. 10000 millisekunnin kuluttua suoritetaan seuraava korjaustoimi: Käynnistä palvelu uudelleen.

Error: (01/10/2016 11:02:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Palvelu Käyttäjätietosäilö_3a5b2 on päättynyt odottamatta. Tämä on tapahtunut 1 kertaa. 10000 millisekunnin kuluttua suoritetaan seuraava korjaustoimi: Käynnistä palvelu uudelleen.

Error: (01/10/2016 11:02:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Palvelu Yhteystiedot_3a5b2 on päättynyt odottamatta. Tämä on tapahtunut 1 kertaa. 10000 millisekunnin kuluttua suoritetaan seuraava korjaustoimi: Käynnistä palvelu uudelleen.

Error: (01/10/2016 11:02:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Palvelu Synkronoi isäntä_3a5b2 on päättynyt odottamatta. Tämä on tapahtunut 1 kertaa. 10000 millisekunnin kuluttua suoritetaan seuraava korjaustoimi: Käynnistä palvelu uudelleen.


CodeIntegrity:
===================================
Date: 2016-01-06 21:14:24.035
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-06 10:27:52.411
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-31 08:00:30.577
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-29 18:14:00.227
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-23 09:34:49.703
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-22 16:26:59.430
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-22 15:45:29.772
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-22 15:22:40.777
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-22 13:33:04.270
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-22 12:58:02.319
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 18%
Total physical RAM: 8077.57 MB
Available physical RAM: 6564.8 MB
Total Virtual: 9357.57 MB
Available Virtual: 7796.75 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:185.86 GB) (Free:149.22 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Data) (Fixed) (Total:258.44 GB) (Free:210.9 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 253E1A55)

Partition: GPT.

==================== End of Addition.txt ============================


https://www.virustotal.com/fi/file/b5a3 ... 452529931/
humanerror
Regular Member
 
Posts: 54
Joined: October 14th, 2008, 8:36 am

Re: Malware after ending Avast license

Unread postby humanerror » January 11th, 2016, 12:44 pm

Fix result of Farbar Recovery Scan Tool (x64) Version:07-01-2015
Ran by Vesa (2016-01-11 18:12:27) Run:1
Running from C:\Users\Vesa\Desktop
Loaded Profiles: Vesa (Available Profiles: UpdatusUser & Vesa)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Createbackup:
() C:\Users\Vesa\AppData\Roaming\ACEStream\updater\ace_update.exe
HKU\S-1-5-21-3322993352-708763500-3136390609-1002\...\Run: [AceUpdater] => C:\Users\Vesa\AppData\Roaming\ACEStream\updater\ace_update.exe [27000 2015-12-18] ()
FF Plugin HKU\S-1-5-21-3322993352-708763500-3136390609-1002: @acestream.net/acestreamplugin,version=3.0.12 -> C:\Users\Vesa\AppData\Roaming\ACEStream\player\npace_plugin.dll [2015-09-24] (Innovative Digital Technologies)
FF HKU\S-1-5-21-3322993352-708763500-3136390609-1002\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\Vesa\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi
FF Extension: Ace Stream Web Extension - C:\Users\Vesa\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi [2015-12-18]
CHR HomePage: Default -> hxxps://easywallet.org/w/U9S4G2iotEMLG4XQhAT6ny
CHR NewTab: Default -> "chrome-extension://nbfhhpdigbbhgijjhhnmionhamjpggio/newtab/newtab-hp.html"
CHR Extension: (My Weather) - C:\Users\Vesa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbfhhpdigbbhgijjhhnmionhamjpggio [2016-01-07]
CHR HKU\S-1-5-21-3322993352-708763500-3136390609-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
C:\Users\Vesa\AppData\Local\Popcorn-Time
C:\Users\Vesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time
C:\Users\Vesa\AppData\Roaming\.ACEStream
C:\Users\Vesa\Desktop\Ace Player.lnk
C:\Users\Vesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Stream Media
C:\Users\Vesa\AppData\Roaming\ACEStream
2014-10-01 18:37 - 2015-12-18 16:07 - 00027000 _____ () C:\Users\Vesa\AppData\Roaming\ACEStream\updater\ace_update.exe
2011-06-12 15:09 - 2011-06-12 15:09 - 00038400 _____ () C:\Users\Vesa\AppData\Roaming\ACEStream\updater\lib\_socket.pyd
2011-06-12 15:09 - 2011-06-12 15:09 - 00720896 _____ () C:\Users\Vesa\AppData\Roaming\ACEStream\updater\lib\_ssl.pyd
2011-07-15 21:37 - 2011-07-15 21:37 - 00981504 _____ () C:\Users\Vesa\AppData\Roaming\ACEStream\updater\lib\wx._core_.pyd
2011-07-15 21:38 - 2011-07-15 21:38 - 00746496 _____ () C:\Users\Vesa\AppData\Roaming\ACEStream\updater\lib\wx._gdi_.pyd
2011-07-15 21:38 - 2011-07-15 21:38 - 00670720 _____ () C:\Users\Vesa\AppData\Roaming\ACEStream\updater\lib\wx._windows_.pyd
2011-07-15 21:38 - 2011-07-15 21:38 - 00966144 _____ () C:\Users\Vesa\AppData\Roaming\ACEStream\updater\lib\wx._controls_.pyd
2011-07-15 21:38 - 2011-07-15 21:38 - 00674816 _____ () C:\Users\Vesa\AppData\Roaming\ACEStream\updater\lib\wx._misc_.pyd
2011-06-12 15:06 - 2011-06-12 15:06 - 00287232 _____ () C:\Users\Vesa\AppData\Roaming\ACEStream\updater\lib\_hashlib.pyd
2011-01-18 23:56 - 2011-01-18 23:56 - 00334336 _____ () C:\Users\Vesa\AppData\Roaming\ACEStream\updater\lib\M2Crypto.__m2crypto.pyd
2011-06-12 15:06 - 2011-06-12 15:06 - 00011776 _____ () C:\Users\Vesa\AppData\Roaming\ACEStream\updater\lib\select.pyd
2011-06-12 15:06 - 2011-06-12 15:06 - 00152576 _____ () C:\Users\Vesa\AppData\Roaming\ACEStream\updater\lib\pyexpat.pyd
2012-02-07 18:37 - 2012-02-07 18:37 - 00098816 _____ () C:\Users\Vesa\AppData\Roaming\ACEStream\updater\lib\win32api.pyd
2012-02-07 18:35 - 2012-02-07 18:35 - 00110080 _____ () C:\Users\Vesa\AppData\Roaming\ACEStream\updater\lib\pywintypes27.dll
2012-02-07 18:38 - 2012-02-07 18:38 - 00358912 _____ () C:\Users\Vesa\AppData\Roaming\ACEStream\updater\lib\pythoncom27.dll
2012-02-07 18:36 - 2012-02-07 18:36 - 00111616 _____ () C:\Users\Vesa\AppData\Roaming\ACEStream\updater\lib\win32file.pyd
2012-02-07 18:36 - 2012-02-07 18:36 - 00024064 _____ () C:\Users\Vesa\AppData\Roaming\ACEStream\updater\lib\win32pdh.pyd
FirewallRules: [TCP Query User{0CF960BA-14C1-450F-B5CC-33D6AB9F04EE}C:\users\vesa\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\vesa\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [UDP Query User{244CE049-C63E-41DB-8894-AADED711CCAA}C:\users\vesa\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\vesa\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [{287D243F-8D93-4FE3-BFCF-3C5422811390}] => (Block) C:\users\vesa\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [{A4E3FC11-10F4-4CE1-81C7-8BD50BF122E8}] => (Block) C:\users\vesa\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [TCP Query User{927A9F3D-B1EB-42E1-B6CD-72164E823D22}C:\users\vesa\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\vesa\appdata\local\popcorn time\nw.exe
FirewallRules: [UDP Query User{C160BF1D-D105-44D5-AE45-E3E36A8F13CA}C:\users\vesa\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\vesa\appdata\local\popcorn time\nw.exe
FirewallRules: [{BD49A0A1-B308-4E4A-BA57-EB10EB8111E2}] => (Block) C:\users\vesa\appdata\local\popcorn time\nw.exe
FirewallRules: [{68B6F90F-661B-4E26-9D97-E610CDC40A09}] => (Block) C:\users\vesa\appdata\local\popcorn time\nw.exe
Hosts:
EmptyTemp:
CMD: ipconfig /flushdns
*****************

Createbackup: => Error: No automatic fix found for this entry.
C:\Users\Vesa\AppData\Roaming\ACEStream\updater\ace_update.exe => No running process found
HKU\S-1-5-21-3322993352-708763500-3136390609-1002\Software\Microsoft\Windows\CurrentVersion\Run\\AceUpdater => value not found.
HKU\S-1-5-21-3322993352-708763500-3136390609-1002\Software\MozillaPlugins\@acestream.net/acestreamplugin,version=3.0.12 => key not found.
C:\Users\Vesa\AppData\Roaming\ACEStream\player\npace_plugin.dll => not found.
HKU\S-1-5-21-3322993352-708763500-3136390609-1002\Software\Mozilla\Firefox\Extensions\\acewebextension_unlisted@acestream.org => value removed successfully
C:\Users\Vesa\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => not found.
FF Extension: Ace Stream Web Extension - C:\Users\Vesa\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi [2015-12-18] => not found
Chrome HomePage => removed successfully
Chrome NewTab => removed successfully
C:\Users\Vesa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbfhhpdigbbhgijjhhnmionhamjpggio => moved successfully
"HKU\S-1-5-21-3322993352-708763500-3136390609-1002\SOFTWARE\Google\Chrome\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo" => key removed successfully
"C:\Users\Vesa\AppData\Local\Popcorn-Time" => not found.
"C:\Users\Vesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time" => not found.
"C:\Users\Vesa\AppData\Roaming\.ACEStream" => not found.
"C:\Users\Vesa\Desktop\Ace Player.lnk" => not found.
"C:\Users\Vesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Stream Media" => not found.
"C:\Users\Vesa\AppData\Roaming\ACEStream" => not found.
"C:\Users\Vesa\AppData\Roaming\ACEStream\updater\ace_update.exe" => not found.
"C:\Users\Vesa\AppData\Roaming\ACEStream\updater\lib\_socket.pyd" => not found.
"C:\Users\Vesa\AppData\Roaming\ACEStream\updater\lib\_ssl.pyd" => not found.
"C:\Users\Vesa\AppData\Roaming\ACEStream\updater\lib\wx._core_.pyd" => not found.
"C:\Users\Vesa\AppData\Roaming\ACEStream\updater\lib\wx._gdi_.pyd" => not found.
"C:\Users\Vesa\AppData\Roaming\ACEStream\updater\lib\wx._windows_.pyd" => not found.
"C:\Users\Vesa\AppData\Roaming\ACEStream\updater\lib\wx._controls_.pyd" => not found.
"C:\Users\Vesa\AppData\Roaming\ACEStream\updater\lib\wx._misc_.pyd" => not found.
"C:\Users\Vesa\AppData\Roaming\ACEStream\updater\lib\_hashlib.pyd" => not found.
"C:\Users\Vesa\AppData\Roaming\ACEStream\updater\lib\M2Crypto.__m2crypto.pyd" => not found.
"C:\Users\Vesa\AppData\Roaming\ACEStream\updater\lib\select.pyd" => not found.
"C:\Users\Vesa\AppData\Roaming\ACEStream\updater\lib\pyexpat.pyd" => not found.
"C:\Users\Vesa\AppData\Roaming\ACEStream\updater\lib\win32api.pyd" => not found.
"C:\Users\Vesa\AppData\Roaming\ACEStream\updater\lib\pywintypes27.dll" => not found.
"C:\Users\Vesa\AppData\Roaming\ACEStream\updater\lib\pythoncom27.dll" => not found.
"C:\Users\Vesa\AppData\Roaming\ACEStream\updater\lib\win32file.pyd" => not found.
"C:\Users\Vesa\AppData\Roaming\ACEStream\updater\lib\win32pdh.pyd" => not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{0CF960BA-14C1-450F-B5CC-33D6AB9F04EE}C:\users\vesa\appdata\roaming\acestream\engine\ace_engine.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{244CE049-C63E-41DB-8894-AADED711CCAA}C:\users\vesa\appdata\roaming\acestream\engine\ace_engine.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{287D243F-8D93-4FE3-BFCF-3C5422811390} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A4E3FC11-10F4-4CE1-81C7-8BD50BF122E8} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{927A9F3D-B1EB-42E1-B6CD-72164E823D22}C:\users\vesa\appdata\local\popcorn time\nw.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C160BF1D-D105-44D5-AE45-E3E36A8F13CA}C:\users\vesa\appdata\local\popcorn time\nw.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BD49A0A1-B308-4E4A-BA57-EB10EB8111E2} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{68B6F90F-661B-4E26-9D97-E610CDC40A09} => value removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => 2.6 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 18:12:57 ====
humanerror
Regular Member
 
Posts: 54
Joined: October 14th, 2008, 8:36 am

Re: Malware after ending Avast license

Unread postby humanerror » January 11th, 2016, 12:44 pm

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-01-2015
Ran by Vesa (administrator) on VESKUNKONE (11-01-2016 18:17:43)
Running from C:\Users\Vesa\Desktop
Loaded Profiles: Vesa (Available Profiles: UpdatusUser & Vesa)
Platform: Windows 10 Home Version 1511 (X64) Language: suomi (Suomi)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\Windows\syswow64\IntelCpHeciSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Space Sciences Laboratory) C:\Program Files\BOINC\boinctray.exe
(Space Sciences Laboratory) C:\Program Files\BOINC\boincmgr.exe
(Flux Software LLC) C:\Users\Vesa\AppData\Local\FluxSoftware\Flux\flux.exe
(Spotify Ltd) C:\Users\Vesa\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(MyHeritage) C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe
() C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Space Sciences Laboratory) C:\Program Files\BOINC\boinc.exe
() C:\ProgramData\BOINC\projects\milkyway.cs.rpi.edu_milkyway\milkyway_separation_1.00_windows_x86_64.exe
() C:\ProgramData\BOINC\projects\asteroidsathome.net_boinc\period_search_10210_windows_x86_64__sse2.exe
() C:\ProgramData\BOINC\projects\asteroidsathome.net_boinc\period_search_10210_windows_x86_64__sse2.exe
() C:\ProgramData\BOINC\projects\asteroidsathome.net_boinc\period_search_10210_windows_x86_64__sse2.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\ielowutil.exe
(Microsoft Corporation) C:\Windows\System32\EasPoliciesBrokerHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6525.42271.0_x64__8wekyb3d8bbwe\HxTsr.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3350760 2015-07-14] (ELAN Microelectronics Corp.)
HKLM\...\Run: [boinctray] => C:\Program Files\BOINC\boinctray.exe [68928 2015-08-27] (Space Sciences Laboratory)
HKLM\...\Run: [boincmgr] => C:\Program Files\BOINC\boincmgr.exe [9016128 2015-08-27] (Space Sciences Laboratory)
HKLM-x32\...\Run: [Family Tree Builder Update] => C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe [2477056 2015-03-02] (MyHeritage)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [73216 2015-12-23] ()
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2016-01-08] (AVAST Software)
HKU\S-1-5-21-3322993352-708763500-3136390609-1002\...\Run: [f.lux] => C:\Users\Vesa\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-3322993352-708763500-3136390609-1002\...\Run: [Spotify Web Helper] => C:\Users\Vesa\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2346096 2015-12-31] (Spotify Ltd)
HKU\S-1-5-21-3322993352-708763500-3136390609-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\boinc.scr [1156928 2015-08-27] (Space Sciences Laboratory)
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [177088 2015-07-13] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [155280 2015-07-13] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-01-08] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{a5f37099-a8ef-4dc0-86b3-fafeed5c193d}: [DhcpNameServer] 192.168.8.1 192.168.8.1

Internet Explorer:
==================

FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-22] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-22] (Google Inc.)

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Vesa\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google-presentaatiot) - C:\Users\Vesa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-22]
CHR Extension: (Google-dokumentit) - C:\Users\Vesa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-22]
CHR Extension: (Google Drive) - C:\Users\Vesa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-22]
CHR Extension: (YouTube) - C:\Users\Vesa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-22]
CHR Extension: (Google-haku) - C:\Users\Vesa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-22]
CHR Extension: (Google-taulukot) - C:\Users\Vesa\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-22]
CHR Extension: (Google Docsin offline-tila) - C:\Users\Vesa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-22]
CHR Extension: (Padlet Mini) - C:\Users\Vesa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcljbbiddpoeaknnjaminoceoojdbikp [2015-12-22]
CHR Extension: (Chrome Web Storen maksut) - C:\Users\Vesa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-22]
CHR Extension: (Instagram for Chrome) - C:\Users\Vesa\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb [2016-01-02]
CHR Extension: (Gmail) - C:\Users\Vesa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-22]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2016-01-08] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109520 2016-01-09] (AVAST Software)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [147688 2015-07-14] (ELAN Microelectronics Corp.)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2015-12-23] (Freemake) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-10-14] (Intel Corporation)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [36504 2015-06-22] (VIA Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2016-01-08] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2016-01-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2016-01-08] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [466400 2016-01-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2016-01-08] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2016-01-08] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1055560 2016-01-08] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [451040 2016-01-08] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2016-01-08] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2016-01-08] (AVAST Software)
S3 ATP; C:\Windows\System32\drivers\AsusTP.sys [62848 2012-11-20] (ASUS Corporation)
R3 ETDSMBus; C:\Windows\System32\drivers\ETDSMBus.sys [31320 2015-07-14] (ELAN Microelectronic Corp.)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 netr28x; C:\Windows\system32\DRIVERS\netr28x.sys [2554528 2015-06-12] (MediaTek Inc.)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1219200 2015-06-03] (Ralink Technology, Corp.)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [115488 2014-05-16] (Oracle Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-11 18:17 - 2016-01-11 18:17 - 00000000 ___HD C:\OneDriveTemp
2016-01-11 18:12 - 2016-01-11 18:12 - 00010449 _____ C:\Users\Vesa\Desktop\Fixlog.txt
2016-01-10 19:45 - 2016-01-10 21:59 - 00000000 ____D C:\AdwCleaner
2016-01-10 19:45 - 2016-01-10 19:45 - 01749504 _____ C:\Users\Vesa\Desktop\adwcleaner_5.028.exe
2016-01-09 16:46 - 2016-01-09 16:46 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-VESKUNKONE-Windows-10-Home-(64-bit).dat
2016-01-09 16:46 - 2016-01-09 16:46 - 00000000 ____D C:\RegBackup
2016-01-09 16:45 - 2016-01-09 16:45 - 00016382 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
2016-01-09 16:45 - 2016-01-09 16:45 - 00002310 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2016-01-09 16:45 - 2016-01-09 16:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-01-09 16:45 - 2016-01-09 16:45 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2016-01-09 16:44 - 2016-01-09 16:45 - 04777232 _____ (Tweaking.com) C:\Users\Vesa\Desktop\tweaking.com_registry_backup_setup.exe
2016-01-09 11:11 - 2016-01-09 11:12 - 00027198 _____ C:\Users\Vesa\Desktop\Addition.txt
2016-01-09 11:10 - 2016-01-11 18:18 - 00010872 _____ C:\Users\Vesa\Desktop\FRST.txt
2016-01-09 11:09 - 2016-01-11 18:17 - 00000000 ____D C:\FRST
2016-01-09 11:09 - 2016-01-09 11:09 - 02370560 _____ (Farbar) C:\Users\Vesa\Desktop\FRST64.exe
2016-01-09 11:07 - 2016-01-09 11:07 - 00003182 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1452330455
2016-01-09 11:07 - 2016-01-09 11:07 - 00001981 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Premier.lnk
2016-01-09 11:07 - 2016-01-09 11:07 - 00001969 _____ C:\Users\Public\Desktop\Avast Premier.lnk
2016-01-09 11:07 - 2016-01-09 11:07 - 00001084 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-01-09 11:07 - 2016-01-09 11:07 - 00001084 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-01-09 11:06 - 2016-01-09 11:06 - 00466400 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNdisFlt.sys
2016-01-09 11:06 - 2016-01-09 11:06 - 00028144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2016-01-09 11:06 - 2016-01-08 20:57 - 00386096 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2016-01-08 20:58 - 2016-01-09 11:06 - 00004006 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-01-08 20:58 - 2016-01-08 20:58 - 00451040 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2016-01-08 20:58 - 2016-01-08 20:58 - 00097648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2016-01-08 20:58 - 2016-01-08 20:58 - 00000000 ____D C:\Users\Vesa\AppData\Roaming\AVAST Software
2016-01-08 20:58 - 2016-01-08 20:57 - 01055560 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2016-01-08 20:58 - 2016-01-08 20:57 - 00273784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2016-01-08 20:58 - 2016-01-08 20:57 - 00155304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2016-01-08 20:58 - 2016-01-08 20:57 - 00093528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2016-01-08 20:58 - 2016-01-08 20:57 - 00065224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2016-01-08 20:58 - 2016-01-08 20:57 - 00028656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2016-01-08 20:57 - 2016-01-08 20:57 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2016-01-08 20:56 - 2016-01-09 11:06 - 00000000 ____D C:\ProgramData\AVAST Software
2016-01-08 20:56 - 2016-01-09 11:06 - 00000000 ____D C:\Program Files\AVAST Software
2016-01-08 20:56 - 2016-01-08 20:56 - 05066096 _____ (AVAST Software) C:\Users\Vesa\Desktop\avast_free_antivirus_setup_online.exe
2016-01-07 12:14 - 2016-01-07 12:14 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2016-01-06 11:56 - 2016-01-06 11:56 - 00134363 _____ C:\Users\Vesa\Desktop\Lasku.pdf
2016-01-06 10:54 - 2016-01-06 10:54 - 00014543 _____ C:\Users\Vesa\Desktop\Boarding pass for VANHAELEWYN - ANNABELLE - 64R2B6.pdf
2016-01-06 10:48 - 2016-01-06 10:48 - 00000000 ____D C:\ProgramData\Brother
2016-01-06 10:47 - 2016-01-06 10:47 - 00350916 _____ C:\Users\Vesa\Desktop\tickets.pdf
2016-01-04 19:51 - 2016-01-04 19:51 - 00058519 _____ C:\Users\Vesa\Desktop\Huopalahti.pdf
2016-01-04 19:50 - 2016-01-04 19:50 - 00059067 _____ C:\Users\Vesa\Desktop\Hki-Kr_ma-pe,0.pdf
2016-01-04 19:49 - 2016-01-04 19:49 - 00059308 _____ C:\Users\Vesa\Desktop\Hki-Hpl-Len_ma-pe.pdf
2015-12-31 08:33 - 2015-12-31 15:41 - 00000000 ____D C:\Users\Vesa\AppData\Local\Spotify
2015-12-31 08:33 - 2015-12-31 08:33 - 00001847 _____ C:\Users\Vesa\Desktop\Spotify.lnk
2015-12-31 08:33 - 2015-12-31 08:33 - 00001833 _____ C:\Users\Vesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-12-31 08:33 - 2015-12-31 08:33 - 00000000 ____D C:\Users\Vesa\AppData\Local\CEF
2015-12-31 08:32 - 2015-12-31 15:41 - 00000000 ____D C:\Users\Vesa\AppData\Roaming\Spotify
2015-12-31 08:32 - 2015-12-31 08:32 - 00234712 _____ (Spotify Ltd) C:\Users\Vesa\Desktop\SpotifySetup.exe
2015-12-26 16:28 - 2015-12-26 16:28 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2015-12-26 13:43 - 2015-12-26 13:47 - 00000000 ____D C:\Users\Vesa\Documents\Freemake
2015-12-26 13:43 - 2015-12-26 13:47 - 00000000 ____D C:\ProgramData\Freemake
2015-12-26 13:43 - 2015-12-26 13:43 - 00001395 _____ C:\Users\Public\Desktop\Freemake Audio Converter.lnk
2015-12-26 13:43 - 2015-12-26 13:43 - 00000000 ____D C:\Users\Vesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2015-12-26 13:43 - 2015-12-26 13:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2015-12-26 13:42 - 2015-12-26 13:43 - 00000000 ____D C:\Program Files (x86)\Freemake
2015-12-26 12:29 - 2015-12-26 12:57 - 01267984 _____ (Ellora Assets Corporation ) C:\Users\Vesa\Desktop\FreemakeAudioConverterSetup.exe
2015-12-25 12:20 - 2015-12-25 12:20 - 00000000 ____D C:\Users\Vesa\AppData\Roaming\Macromedia
2015-12-22 16:44 - 2015-12-22 16:44 - 00001062 _____ C:\Users\Vesa\Desktop\SopCast.lnk
2015-12-22 16:44 - 2015-12-22 16:44 - 00000000 ____D C:\Users\Vesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SopCast
2015-12-22 16:44 - 2015-12-22 16:44 - 00000000 ____D C:\Program Files (x86)\SopCast
2015-12-22 16:43 - 2015-12-22 16:43 - 00000000 ____D C:\Users\Vesa\Desktop\SopCast
2015-12-22 16:40 - 2015-12-22 16:40 - 00000000 ____D C:\Users\Vesa\AppData\Roaming\MyHeritage
2015-12-22 16:40 - 2015-12-22 16:40 - 00000000 ____D C:\ProgramData\MyHeritage
2015-12-22 16:39 - 2015-12-22 16:39 - 00001196 _____ C:\Users\Vesa\Desktop\MyHeritage Family Tree Builder.lnk
2015-12-22 16:39 - 2015-12-22 16:39 - 00000000 ____D C:\Users\Vesa\AppData\Roaming\The Complete Genealogy Reporter - FTB
2015-12-22 16:39 - 2015-12-22 16:39 - 00000000 ____D C:\Users\Vesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyHeritage.com
2015-12-22 16:39 - 2012-08-02 08:56 - 00606208 _____ (Lorenzi Davide) C:\WINDOWS\SysWOW64\HexUniRTFBox.ocx
2015-12-22 16:39 - 2010-06-17 19:49 - 02029056 _____ (Bytescout) C:\WINDOWS\SysWOW64\PDFDocScout.DLL
2015-12-22 16:39 - 2004-12-07 11:11 - 00258352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unicows.dll
2015-12-22 16:39 - 2003-07-06 14:07 - 00372736 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\ijl15.dll
2015-12-22 16:39 - 2002-03-07 01:19 - 00454656 _____ () C:\WINDOWS\SysWOW64\PaintX.dll
2015-12-22 16:39 - 2000-05-22 17:58 - 00608448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.ocx
2015-12-22 16:39 - 2000-03-14 00:00 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSSTDFMT.DLL
2015-12-22 16:39 - 1998-06-24 01:00 - 00137000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmapi32.ocx
2015-12-22 16:38 - 2015-12-22 16:39 - 00000000 ____D C:\Program Files (x86)\MyHeritage
2015-12-22 16:12 - 2015-12-22 16:12 - 00001276 _____ C:\Users\Public\Desktop\eLicenser Control Center.lnk
2015-12-22 16:12 - 2015-12-22 16:12 - 00000000 ____D C:\Users\Vesa\AppData\Local\eLicenser
2015-12-22 16:11 - 2015-12-22 16:11 - 34908920 _____ (Steinberg Media Technologies GmbH) C:\Users\Vesa\Downloads\eLicenserControlSetup.exe
2015-12-22 16:11 - 2015-12-22 16:11 - 00000000 ____D C:\Program Files\eLicenser
2015-12-22 15:45 - 2015-12-09 05:39 - 00301728 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-12-22 15:43 - 2015-12-22 15:44 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-12-22 15:43 - 2015-11-23 19:10 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-12-22 15:23 - 2015-12-22 15:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BOINC
2015-12-22 15:23 - 2015-12-22 15:23 - 00000000 ____D C:\Program Files\BOINC
2015-12-22 15:22 - 2015-12-22 15:22 - 00001151 _____ C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2015-12-22 15:22 - 2015-12-22 15:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2015-12-22 15:22 - 2015-12-22 15:22 - 00000000 ____D C:\Program Files\Oracle
2015-12-22 15:22 - 2014-05-16 14:04 - 00254240 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxDrv.sys
2015-12-22 15:22 - 2014-05-16 14:03 - 00128288 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxUSBMon.sys
2015-12-22 15:17 - 2015-12-22 15:21 - 95731376 _____ (Space Sciences Laboratory, U.C. Berkeley) C:\Users\Vesa\Downloads\boinc_7.6.9_windows_x86_64_vbox.exe
2015-12-22 15:02 - 2015-12-22 15:02 - 00000000 ____D C:\Users\Vesa\AppData\Roaming\NVIDIA
2015-12-22 15:02 - 2015-12-22 15:02 - 00000000 ____D C:\Users\Vesa\AppData\Roaming\BOINC
2015-12-22 15:01 - 2016-01-11 18:18 - 00000000 ____D C:\ProgramData\BOINC
2015-12-22 15:01 - 2015-12-22 15:22 - 00000000 ____D C:\WINDOWS\Downloaded Installations
2015-12-22 15:00 - 2015-12-22 15:00 - 00001034 _____ C:\Users\Public\Desktop\OpenOffice 4.1.0.lnk
2015-12-22 15:00 - 2015-12-22 15:00 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.0
2015-12-22 15:00 - 2015-12-22 15:00 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2015-12-22 14:47 - 2015-12-22 15:00 - 92394400 _____ (Space Sciences Laboratory, U.C. Berkeley) C:\Users\Vesa\Downloads\boinc_7.6.9_windows_intelx86_vbox.exe
2015-12-22 14:43 - 2015-12-22 14:46 - 136444607 _____ C:\Users\Vesa\Downloads\Apache_OpenOffice_4.1.0_Win_x86_install_fi.exe
2015-12-22 14:09 - 2015-12-22 14:09 - 00597304 _____ C:\Users\Vesa\Downloads\flux-setup.exe
2015-12-22 14:09 - 2015-12-22 14:09 - 00000000 ____D C:\Users\Vesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
2015-12-22 14:09 - 2015-12-22 14:09 - 00000000 ____D C:\Users\Vesa\AppData\Local\FluxSoftware
2015-12-22 13:51 - 2016-01-11 18:16 - 00001022 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-22 13:51 - 2016-01-11 17:56 - 00001026 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-22 13:51 - 2015-12-22 13:51 - 00004084 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-22 13:51 - 2015-12-22 13:51 - 00003852 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-22 13:51 - 2015-12-22 13:51 - 00002328 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-22 13:51 - 2015-12-22 13:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-22 13:50 - 2015-12-22 14:28 - 00000000 ____D C:\Users\Vesa\AppData\Local\Google
2015-12-22 13:50 - 2015-12-22 13:51 - 00000000 ____D C:\Program Files (x86)\Google
2015-12-22 13:50 - 2015-12-22 13:50 - 00927824 _____ (Google Inc.) C:\Users\Vesa\Downloads\ChromeSetup (1).exe
2015-12-22 13:45 - 2015-12-22 13:45 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUSB_01007.Wdf
2015-12-22 13:44 - 2015-12-22 13:49 - 00000000 ____D C:\Users\Vesa\AppData\Local\MicrosoftEdge
2015-12-22 13:41 - 2015-12-22 13:41 - 00000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-12-22 13:39 - 2015-12-22 13:39 - 00000000 __HDC C:\ProgramData\{E6BD42D3-E8A6-4469-B72F-B5256066F41F}
2015-12-22 13:39 - 2015-12-22 13:39 - 00000000 ____D C:\Users\Vesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lexicon
2015-12-22 13:39 - 2015-12-22 13:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexicon
2015-12-22 13:39 - 2015-12-22 13:39 - 00000000 ____D C:\Program Files\Lexicon
2015-12-22 13:39 - 2015-12-22 13:39 - 00000000 ____D C:\Program Files (x86)\Lexicon
2015-12-22 13:34 - 2015-12-22 13:34 - 00000000 ____D C:\ProgramData\Steinberg
2015-12-22 13:33 - 2015-12-22 13:33 - 00002246 _____ C:\Users\Vesa\Desktop\Cubase LE 5.lnk
2015-12-22 13:33 - 2015-12-22 13:33 - 00000000 ____D C:\Users\Vesa\AppData\Roaming\Steinberg
2015-12-22 13:33 - 2015-12-22 13:33 - 00000000 ____D C:\Users\Vesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steinberg Cubase LE 5
2015-12-22 13:33 - 2015-12-22 13:33 - 00000000 ____D C:\Program Files (x86)\Steinberg
2015-12-22 13:32 - 2015-12-22 13:32 - 00002892 _____ () C:\WINDOWS\SysWOW64\audcon.sys
2015-12-22 13:32 - 2015-12-22 13:32 - 00000000 ____D C:\ProgramData\Syncrosoft
2015-12-22 13:27 - 2015-12-22 16:11 - 00000049 _____ C:\WINDOWS\SysWOW64\SYNSOPOS.exe.cfg
2015-12-22 13:27 - 2015-12-22 16:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eLicenser
2015-12-22 13:27 - 2015-12-22 16:11 - 00000000 ____D C:\Program Files (x86)\eLicenser
2015-12-22 13:27 - 2015-12-22 13:32 - 00000000 ____D C:\ProgramData\eLicenser
2015-12-22 13:27 - 2015-12-22 13:27 - 00000000 ____D C:\Program Files (x86)\Syncrosoft
2015-12-22 13:27 - 2012-12-07 17:48 - 01714176 _____ (Steinberg Media Technologies GmbH) C:\WINDOWS\system32\SYNSOACC.dll
2015-12-22 13:27 - 2012-12-07 17:48 - 01277952 _____ (Steinberg Media Technologies GmbH) C:\WINDOWS\SysWOW64\SYNSOACC.dll
2015-12-22 13:27 - 2011-12-14 21:21 - 00086016 _____ C:\WINDOWS\SysWOW64\SYNSOPOS.exe
2015-12-22 13:27 - 2006-01-29 10:48 - 00147425 _____ C:\WINDOWS\SysWOW64\SYNSOACC-Aide.chm
2015-12-22 13:27 - 2006-01-29 10:48 - 00147425 _____ C:\WINDOWS\system32\SYNSOACC-Aide.chm
2015-12-22 13:27 - 2006-01-29 10:48 - 00120468 _____ C:\WINDOWS\SysWOW64\SYNSOACC-Hilfe.chm
2015-12-22 13:27 - 2006-01-29 10:48 - 00120468 _____ C:\WINDOWS\system32\SYNSOACC-Hilfe.chm
2015-12-22 13:27 - 2006-01-29 10:48 - 00114279 _____ C:\WINDOWS\SysWOW64\SYNSOACC-Help.chm
2015-12-22 13:27 - 2006-01-29 10:48 - 00114279 _____ C:\WINDOWS\system32\SYNSOACC-Help.chm
2015-12-22 13:18 - 2015-12-22 13:18 - 00002386 _____ C:\Users\Vesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-12-22 13:18 - 2015-12-22 13:18 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2015-12-22 13:17 - 2015-12-22 13:17 - 00000000 ____D C:\Users\Vesa\AppData\Local\Comms
2015-12-22 13:17 - 2015-12-22 13:17 - 00000000 ____D C:\Users\Vesa\AppData\Local\ActiveSync
2015-12-22 13:16 - 2015-12-22 13:16 - 00000000 ____D C:\Users\Vesa\AppData\Local\Publishers
2015-12-22 13:15 - 2015-12-22 13:51 - 00000000 ____D C:\Users\Vesa\AppData\Local\Packages
2015-12-22 13:15 - 2015-12-22 13:15 - 00000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-12-22 13:15 - 2015-12-22 13:15 - 00000020 ___SH C:\Users\Vesa\ntuser.ini
2015-12-22 13:15 - 2015-12-22 13:15 - 00000000 ____D C:\Users\Vesa\AppData\Roaming\Adobe
2015-12-22 13:15 - 2015-12-22 13:15 - 00000000 ____D C:\Users\Vesa\AppData\Local\VirtualStore
2015-12-22 13:15 - 2015-12-22 13:15 - 00000000 ____D C:\Users\Vesa\AppData\Local\TileDataLayer
2015-12-22 13:10 - 2016-01-10 20:21 - 01383594 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-22 13:10 - 2015-12-22 13:10 - 00000000 _SHDL C:\Users\Default\Verkkoympäristö
2015-12-22 13:10 - 2015-12-22 13:10 - 00000000 _SHDL C:\Users\Default\Tulostinympäristö
2015-12-22 13:10 - 2015-12-22 13:10 - 00000000 _SHDL C:\Users\Default\Omat tiedostot
2015-12-22 13:10 - 2015-12-22 13:10 - 00000000 _SHDL C:\Users\Default\Mallit
2015-12-22 13:10 - 2015-12-22 13:10 - 00000000 _SHDL C:\Users\Default\Käynnistä-valikko
2015-12-22 13:10 - 2015-12-22 13:10 - 00000000 _SHDL C:\Users\Default\Documents\Omat videotiedostot
2015-12-22 13:10 - 2015-12-22 13:10 - 00000000 _SHDL C:\Users\Default\Documents\Omat musiikkitiedostot
2015-12-22 13:10 - 2015-12-22 13:10 - 00000000 _SHDL C:\Users\Default\Documents\Omat kuvatiedostot
2015-12-22 13:10 - 2015-12-22 13:10 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Ohjelmat
2015-12-22 13:10 - 2015-12-22 13:10 - 00000000 _SHDL C:\Users\Default User\Documents\Omat videotiedostot
2015-12-22 13:10 - 2015-12-22 13:10 - 00000000 _SHDL C:\Users\Default User\Documents\Omat musiikkitiedostot
2015-12-22 13:10 - 2015-12-22 13:10 - 00000000 _SHDL C:\Users\Default User\Documents\Omat kuvatiedostot
2015-12-22 13:10 - 2015-12-22 13:10 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Ohjelmat
2015-12-22 13:10 - 2015-12-22 13:10 - 00000000 _SHDL C:\Users\Default User
2015-12-22 13:10 - 2015-12-22 13:10 - 00000000 _SHDL C:\Users\All Users
2015-12-22 13:10 - 2015-12-22 13:10 - 00000000 _SHDL C:\ProgramData\Työpöytä
2015-12-22 13:10 - 2015-12-22 13:10 - 00000000 _SHDL C:\ProgramData\Tiedostot
2015-12-22 13:10 - 2015-12-22 13:10 - 00000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\Ohjelmat
2015-12-22 13:10 - 2015-12-22 13:10 - 00000000 _SHDL C:\ProgramData\Mallit
2015-12-22 13:10 - 2015-12-22 13:10 - 00000000 _SHDL C:\ProgramData\Käynnistä-valikko
2015-12-22 13:10 - 2015-12-22 13:10 - 00000000 _SHDL C:\Program Files\Common Files\Järjestelmä
2015-12-22 13:07 - 2015-12-22 13:15 - 00000000 ____D C:\Users\Vesa
2015-12-22 13:07 - 2015-12-22 13:08 - 00000000 ____D C:\Users\UpdatusUser
2015-12-22 13:07 - 2015-12-22 13:07 - 00000000 _SHDL C:\Users\Vesa\Verkkoympäristö
2015-12-22 13:07 - 2015-12-22 13:07 - 00000000 _SHDL C:\Users\Vesa\Tulostinympäristö
2015-12-22 13:07 - 2015-12-22 13:07 - 00000000 _SHDL C:\Users\Vesa\Omat tiedostot
2015-12-22 13:07 - 2015-12-22 13:07 - 00000000 _SHDL C:\Users\Vesa\Mallit
2015-12-22 13:07 - 2015-12-22 13:07 - 00000000 _SHDL C:\Users\Vesa\Käynnistä-valikko
2015-12-22 13:07 - 2015-12-22 13:07 - 00000000 _SHDL C:\Users\Vesa\Documents\Omat videotiedostot
2015-12-22 13:07 - 2015-12-22 13:07 - 00000000 _SHDL C:\Users\Vesa\Documents\Omat musiikkitiedostot
2015-12-22 13:07 - 2015-12-22 13:07 - 00000000 _SHDL C:\Users\Vesa\Documents\Omat kuvatiedostot
2015-12-22 13:07 - 2015-12-22 13:07 - 00000000 _SHDL C:\Users\Vesa\AppData\Roaming\Microsoft\Windows\Start Menu\Ohjelmat
2015-12-22 13:07 - 2015-12-22 13:07 - 00000000 _SHDL C:\Users\UpdatusUser\Verkkoympäristö
2015-12-22 13:07 - 2015-12-22 13:07 - 00000000 _SHDL C:\Users\UpdatusUser\Tulostinympäristö
2015-12-22 13:07 - 2015-12-22 13:07 - 00000000 _SHDL C:\Users\UpdatusUser\Omat tiedostot
2015-12-22 13:07 - 2015-12-22 13:07 - 00000000 _SHDL C:\Users\UpdatusUser\Mallit
2015-12-22 13:07 - 2015-12-22 13:07 - 00000000 _SHDL C:\Users\UpdatusUser\Käynnistä-valikko
2015-12-22 13:07 - 2015-12-22 13:07 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Omat videotiedostot
2015-12-22 13:07 - 2015-12-22 13:07 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Omat musiikkitiedostot
2015-12-22 13:07 - 2015-12-22 13:07 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Omat kuvatiedostot
2015-12-22 13:07 - 2015-12-22 13:07 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Ohjelmat
2015-12-22 13:00 - 2015-12-22 13:00 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_ETD_01009.Wdf
2015-12-22 13:00 - 2015-12-22 13:00 - 00000000 ____D C:\WINDOWS\SysWOW64\NV
2015-12-22 13:00 - 2015-12-22 13:00 - 00000000 ____D C:\WINDOWS\system32\NV
2015-12-22 13:00 - 2015-12-22 13:00 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-12-22 13:00 - 2015-12-22 13:00 - 00000000 ____D C:\ProgramData\NVIDIA
2015-12-22 13:00 - 2015-07-13 19:37 - 06873744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-12-22 13:00 - 2015-07-13 19:37 - 03493008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-12-22 13:00 - 2015-07-13 19:37 - 02558792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-12-22 13:00 - 2015-07-13 19:37 - 01059984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2015-12-22 13:00 - 2015-07-13 19:37 - 00937616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-12-22 13:00 - 2015-07-13 19:37 - 00385168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-12-22 13:00 - 2015-07-13 19:37 - 00075080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2015-12-22 13:00 - 2015-07-13 19:37 - 00062792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-12-22 13:00 - 2015-07-13 18:28 - 05096627 _____ C:\WINDOWS\system32\nvcoproc.bin
2015-12-22 12:59 - 2015-12-22 13:00 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-12-22 12:59 - 2015-12-22 12:59 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
2015-12-22 12:59 - 2015-12-22 12:59 - 00000000 ____D C:\ProgramData\USOShared
2015-12-22 12:59 - 2015-12-22 12:59 - 00000000 ____D C:\Program Files\VIA
2015-12-22 12:59 - 2015-12-22 12:59 - 00000000 ____D C:\Program Files\Intel
2015-12-22 12:59 - 2015-12-22 12:59 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-12-22 12:59 - 2015-10-14 12:20 - 00072704 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2015-12-22 12:59 - 2015-10-14 12:20 - 00069120 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2015-12-22 12:56 - 2015-10-30 09:17 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2015-12-22 12:54 - 2016-01-11 18:14 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-22 12:53 - 2015-12-22 16:25 - 00215232 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-22 12:53 - 2015-12-22 12:53 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2015-12-22 12:51 - 2016-01-09 13:47 - 00000000 ____D C:\Windows.old
2015-12-22 12:51 - 2015-12-22 13:10 - 00000000 ___DC C:\WINDOWS\Panther
2015-12-22 12:51 - 2015-12-22 12:51 - 00000000 ____D C:\WINDOWS\InfusedApps
2015-12-22 12:47 - 2015-12-22 12:47 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2015-12-22 12:46 - 2015-12-22 12:46 - 00000000 ____D C:\Program Files\Elantech
2015-12-22 12:45 - 2015-12-22 12:45 - 00000000 ____D C:\WINDOWS\Setup
2015-12-22 12:44 - 2016-01-10 20:21 - 00436440 _____ C:\WINDOWS\system32\perfh00B.dat
2015-12-22 12:44 - 2016-01-10 20:21 - 00081592 _____ C:\WINDOWS\system32\perfc00B.dat
2015-12-22 12:44 - 2015-12-22 12:44 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2015-12-22 12:44 - 2015-12-22 12:44 - 00000000 ____D C:\WINDOWS\OCR
2015-12-22 12:44 - 2015-12-22 12:44 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-12-22 12:44 - 2015-12-22 12:44 - 00000000 ____D C:\Program Files\MSBuild
2015-12-22 12:44 - 2015-12-22 12:44 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2015-12-22 12:44 - 2015-12-22 12:44 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-12-22 12:44 - 2015-12-22 12:43 - 00287002 _____ C:\WINDOWS\system32\perfi00B.dat
2015-12-22 12:44 - 2015-12-22 12:43 - 00040770 _____ C:\WINDOWS\system32\perfd00B.dat
2015-12-22 12:43 - 2015-12-22 12:43 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2015-12-22 12:43 - 2015-12-22 12:43 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2015-12-22 12:43 - 2015-12-22 12:43 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2015-12-22 12:43 - 2015-12-22 12:43 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2015-12-22 12:43 - 2015-12-22 12:43 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2015-12-22 12:43 - 2015-12-22 12:43 - 00000000 ____D C:\WINDOWS\SysWOW64\fi
2015-12-22 12:43 - 2015-12-22 12:43 - 00000000 ____D C:\WINDOWS\SysWOW64\0409
2015-12-22 12:43 - 2015-12-22 12:43 - 00000000 ____D C:\WINDOWS\system32\winrm
2015-12-22 12:43 - 2015-12-22 12:43 - 00000000 ____D C:\WINDOWS\system32\WCN
2015-12-22 12:43 - 2015-12-22 12:43 - 00000000 ____D C:\WINDOWS\system32\slmgr
2015-12-22 12:43 - 2015-12-22 12:43 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2015-12-22 12:43 - 2015-12-22 12:43 - 00000000 ____D C:\WINDOWS\system32\fi
2015-12-22 12:43 - 2015-12-22 12:43 - 00000000 ____D C:\WINDOWS\system32\0409
2015-12-22 12:43 - 2015-12-22 12:43 - 00000000 ____D C:\WINDOWS\DigitalLocker
2015-12-22 12:40 - 2016-01-03 03:40 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-12-22 12:40 - 2016-01-03 03:40 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-22 12:39 - 2016-01-10 10:18 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-22 12:39 - 2016-01-09 09:12 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-22 12:39 - 2015-12-27 11:19 - 00000000 ____D C:\WINDOWS\rescache
2015-12-22 12:39 - 2015-12-23 09:34 - 00000000 ____D C:\WINDOWS\appcompat
2015-12-22 12:39 - 2015-12-22 16:23 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2015-12-22 12:39 - 2015-12-22 16:23 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-12-22 12:39 - 2015-12-22 16:23 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-12-22 12:39 - 2015-12-22 16:23 - 00000000 ____D C:\WINDOWS\system32\Dism
2015-12-22 12:39 - 2015-12-22 16:23 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-12-22 12:39 - 2015-12-22 16:22 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2015-12-22 12:39 - 2015-12-22 16:22 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-12-22 12:39 - 2015-12-22 16:22 - 00000000 ____D C:\WINDOWS\Provisioning
2015-12-22 12:39 - 2015-12-22 16:22 - 00000000 ____D C:\WINDOWS\bcastdvr
2015-12-22 12:39 - 2015-12-22 14:46 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-12-22 12:39 - 2015-12-22 13:33 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2015-12-22 12:39 - 2015-12-22 13:15 - 00000000 ___RD C:\WINDOWS\PrintDialog
2015-12-22 12:39 - 2015-12-22 13:15 - 00000000 ___RD C:\WINDOWS\MiracastView
2015-12-22 12:39 - 2015-12-22 13:10 - 00000000 ____D C:\Program Files\Windows NT
2015-12-22 12:39 - 2015-12-22 13:09 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2015-12-22 12:39 - 2015-12-22 13:08 - 00000000 __RHD C:\Users\Public\Libraries
2015-12-22 12:39 - 2015-12-22 13:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-12-22 12:39 - 2015-12-22 13:04 - 00000000 ____D C:\WINDOWS\system32\spool
2015-12-22 12:39 - 2015-12-22 13:04 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2015-12-22 12:39 - 2015-12-22 13:00 - 00000000 ____D C:\WINDOWS\Help
2015-12-22 12:39 - 2015-12-22 12:59 - 00000000 ____D C:\ProgramData\USOPrivate
2015-12-22 12:39 - 2015-12-22 12:51 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2015-12-22 12:39 - 2015-12-22 12:44 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2015-12-22 12:39 - 2015-12-22 12:44 - 00000000 ____D C:\WINDOWS\system32\MUI
2015-12-22 12:39 - 2015-12-22 12:43 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2015-12-22 12:39 - 2015-12-22 12:43 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2015-12-22 12:39 - 2015-12-22 12:43 - 00000000 ___SD C:\WINDOWS\system32\F12
2015-12-22 12:39 - 2015-12-22 12:43 - 00000000 ___SD C:\WINDOWS\system32\dsc
2015-12-22 12:39 - 2015-12-22 12:43 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2015-12-22 12:39 - 2015-12-22 12:43 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2015-12-22 12:39 - 2015-12-22 12:43 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2015-12-22 12:39 - 2015-12-22 12:43 - 00000000 ____D C:\WINDOWS\SysWOW64\Com
2015-12-22 12:39 - 2015-12-22 12:43 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-12-22 12:39 - 2015-12-22 12:43 - 00000000 ____D C:\WINDOWS\system32\setup
2015-12-22 12:39 - 2015-12-22 12:43 - 00000000 ____D C:\WINDOWS\system32\migwiz
2015-12-22 12:39 - 2015-12-22 12:43 - 00000000 ____D C:\WINDOWS\system32\Com
2015-12-22 12:39 - 2015-12-22 12:43 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-12-22 12:39 - 2015-12-22 12:43 - 00000000 ____D C:\WINDOWS\IME
2015-12-22 12:39 - 2015-12-22 12:43 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2015-12-22 12:39 - 2015-12-22 12:43 - 00000000 ____D C:\Program Files\Windows Journal
2015-12-22 12:39 - 2015-12-22 12:43 - 00000000 ____D C:\Program Files\Windows Defender
2015-12-22 12:39 - 2015-12-22 12:43 - 00000000 ____D C:\Program Files\Common Files\System
2015-12-22 12:39 - 2015-12-22 12:43 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2015-12-22 12:39 - 2015-12-22 12:43 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 __SHD C:\Program Files\Windows Sidebar
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 __RSD C:\WINDOWS\Media
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ___SD C:\WINDOWS\SysWOW64\Nui
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ___SD C:\WINDOWS\system32\Nui
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ___SD C:\WINDOWS\system32\Configuration
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ___RD C:\WINDOWS\Offline Web Pages
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ___RD C:\WINDOWS\DesktopTileResources
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\Vss
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\Web
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\tracing
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\TAPI
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\SysWOW64\SMI
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\SysWOW64\ras
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\SysWOW64\NDF
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\SysWOW64\MsDtc
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\SysWOW64\icsxml
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\SysWOW64\downlevel
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\SystemResources
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\SystemApps
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\system32\WinMetadata
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\system32\winevt
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\system32\ras
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\system32\ProximityToast
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\system32\PointOfService
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\system32\MsDtc
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\system32\Macromed
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\system32\Ipmi
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\system32\IME
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\system32\icsxml
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\system32\ias
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\system32\GroupPolicyUsers
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\system32\downlevel
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\system32\config\Journal
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\system32\Bthprops
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\system32\AppLocker
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\System
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\SKB
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\ShellNew
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\security
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\schemas
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\SchCache
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\Resources
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\Registration
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\PLA
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\Performance
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\ModemLogs
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\L2Schemas
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\InputMethod
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\Globalization
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\Cursors
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\Branding
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\addins
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\ProgramData\Comms
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\Program Files\Windows Portable Devices
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\Program Files\Common Files\Services
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\Program Files (x86)\Windows NT
2015-12-22 12:39 - 2015-12-22 12:39 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2015-12-22 12:39 - 2015-12-22 12:36 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2015-12-22 12:39 - 2015-12-22 12:36 - 00215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
2015-12-22 12:39 - 2015-12-22 12:36 - 00215943 _____ C:\WINDOWS\system32\dssec.dat
2015-12-22 12:39 - 2015-12-22 12:36 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2015-12-22 12:39 - 2015-12-22 12:36 - 00017463 _____ C:\WINDOWS\system32\Drivers\etc\services
2015-12-22 12:39 - 2015-12-22 12:36 - 00015462 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2015-12-22 12:39 - 2015-12-22 12:36 - 00008798 _____ C:\WINDOWS\SysWOW64\icrav03.rat
2015-12-22 12:39 - 2015-12-22 12:36 - 00008798 _____ C:\WINDOWS\system32\icrav03.rat
2015-12-22 12:39 - 2015-12-22 12:36 - 00003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
2015-12-22 12:39 - 2015-12-22 12:36 - 00001988 _____ C:\WINDOWS\SysWOW64\ticrf.rat
2015-12-22 12:39 - 2015-12-22 12:36 - 00001988 _____ C:\WINDOWS\system32\ticrf.rat
2015-12-22 12:39 - 2015-12-22 12:36 - 00001358 _____ C:\WINDOWS\system32\Drivers\etc\protocol
2015-12-22 12:39 - 2015-12-22 12:36 - 00000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2015-12-22 12:39 - 2015-12-22 12:36 - 00000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
2015-12-22 12:39 - 2015-12-22 12:36 - 00000741 _____ C:\WINDOWS\system32\NOISE.DAT
2015-12-22 12:39 - 2015-12-22 12:36 - 00000407 _____ C:\WINDOWS\system32\Drivers\etc\networks
2015-12-22 12:39 - 2015-12-22 12:36 - 00000389 _____ C:\WINDOWS\system32\AutoWorkplace.exe.config
2015-12-22 12:39 - 2015-12-22 12:36 - 00000219 _____ C:\WINDOWS\system.ini
2015-12-22 12:39 - 2015-12-22 12:36 - 00000092 _____ C:\WINDOWS\win.ini
2015-12-22 12:37 - 2016-01-10 20:33 - 00000000 ____D C:\WINDOWS\INF
2015-12-22 12:31 - 2016-01-05 21:39 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-12-22 12:25 - 2015-10-30 08:33 - 00000164 _____ C:\WINDOWS\system32\config\FP
2015-12-22 12:24 - 2016-01-11 18:13 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-12-22 12:24 - 2015-12-22 12:59 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-12-22 12:24 - 2015-12-22 12:43 - 00000000 ____D C:\WINDOWS\servicing
2015-12-22 12:24 - 2015-12-22 12:39 - 00000000 ____D C:\WINDOWS\system32\SMI
2015-12-21 17:35 - 2015-12-07 06:07 - 16984064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-12-21 17:35 - 2015-12-07 05:58 - 24601600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-21 17:35 - 2015-12-07 05:53 - 19339264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-12-21 17:35 - 2015-11-24 09:35 - 22393856 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-12-21 17:35 - 2015-11-24 09:23 - 13381120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-12-21 17:35 - 2015-11-24 09:11 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-12-21 17:35 - 2015-11-24 09:08 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-12-21 17:35 - 2015-11-22 11:27 - 03993600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2015-12-21 17:34 - 2015-12-07 06:57 - 00973664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-12-21 17:34 - 2015-12-07 06:55 - 01281376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-12-21 17:34 - 2015-12-07 06:49 - 00412512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2015-12-21 17:34 - 2015-12-07 06:48 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-12-21 17:34 - 2015-12-07 06:48 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-12-21 17:34 - 2015-12-07 06:48 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2015-12-21 17:34 - 2015-12-07 06:48 - 01155944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2015-12-21 17:34 - 2015-12-07 06:48 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2015-12-21 17:34 - 2015-12-07 06:48 - 01092456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-12-21 17:34 - 2015-12-07 06:48 - 01065080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-12-21 17:34 - 2015-12-07 06:48 - 01020096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2015-12-21 17:34 - 2015-12-07 06:48 - 00983464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2015-12-21 17:34 - 2015-12-07 06:48 - 00884256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2015-12-21 17:34 - 2015-12-07 06:48 - 00823264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2015-12-21 17:34 - 2015-12-07 06:48 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2015-12-21 17:34 - 2015-12-07 06:48 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2015-12-21 17:34 - 2015-12-07 06:48 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2015-12-21 17:34 - 2015-12-07 06:48 - 00526856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2015-12-21 17:34 - 2015-12-07 06:48 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2015-12-21 17:34 - 2015-12-07 06:48 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2015-12-21 17:34 - 2015-12-07 06:48 - 00462760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2015-12-21 17:34 - 2015-12-07 06:48 - 00450904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2015-12-21 17:34 - 2015-12-07 06:48 - 00337840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2015-12-21 17:34 - 2015-12-07 06:48 - 00289248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2015-12-21 17:34 - 2015-12-07 06:48 - 00245848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2015-12-21 17:34 - 2015-12-07 06:48 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2015-12-21 17:34 - 2015-12-07 06:48 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2015-12-21 17:34 - 2015-12-07 06:47 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-12-21 17:34 - 2015-12-07 06:47 - 00898184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2015-12-21 17:34 - 2015-12-07 06:47 - 00716928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2015-12-21 17:34 - 2015-12-07 06:47 - 00116720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2015-12-21 17:34 - 2015-12-07 06:46 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-21 17:34 - 2015-12-07 06:46 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-12-21 17:34 - 2015-12-07 06:45 - 00264544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2015-12-21 17:34 - 2015-12-07 06:15 - 01035776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2015-12-21 17:34 - 2015-12-07 06:15 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.XboxLive.ProxyStub.dll
2015-12-21 17:34 - 2015-12-07 06:10 - 00824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2015-12-21 17:34 - 2015-12-07 06:09 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2015-12-21 17:34 - 2015-12-07 06:09 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2015-12-21 17:34 - 2015-12-07 06:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2015-12-21 17:34 - 2015-12-07 06:07 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2015-12-21 17:34 - 2015-12-07 06:07 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2015-12-21 17:34 - 2015-12-07 06:06 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2015-12-21 17:34 - 2015-12-07 06:06 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2015-12-21 17:34 - 2015-12-07 06:06 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-12-21 17:34 - 2015-12-07 06:05 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-12-21 17:34 - 2015-12-07 06:05 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\BackgroundTransferHost.exe
2015-12-21 17:34 - 2015-12-07 06:04 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2015-12-21 17:34 - 2015-12-07 06:04 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2015-12-21 17:34 - 2015-12-07 06:03 - 13017600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-12-21 17:34 - 2015-12-07 06:02 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2015-12-21 17:34 - 2015-12-07 06:02 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2015-12-21 17:34 - 2015-12-07 06:01 - 00543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-12-21 17:34 - 2015-12-07 06:01 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe
2015-12-21 17:34 - 2015-12-07 06:00 - 00618496 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2015-12-21 17:34 - 2015-12-07 06:00 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2015-12-21 17:34 - 2015-12-07 06:00 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-12-21 17:34 - 2015-12-07 06:00 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2015-12-21 17:34 - 2015-12-07 05:59 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-12-21 17:34 - 2015-12-07 05:59 - 00292352 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-12-21 17:34 - 2015-12-07 05:59 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2015-12-21 17:34 - 2015-12-07 05:59 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2015-12-21 17:34 - 2015-12-07 05:58 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-12-21 17:34 - 2015-12-07 05:57 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2015-12-21 17:34 - 2015-12-07 05:57 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2015-12-21 17:34 - 2015-12-07 05:57 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2015-12-21 17:34 - 2015-12-07 05:56 - 00607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-12-21 17:34 - 2015-12-07 05:56 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2015-12-21 17:34 - 2015-12-07 05:55 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2015-12-21 17:34 - 2015-12-07 05:55 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2015-12-21 17:34 - 2015-12-07 05:54 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2015-12-21 17:34 - 2015-12-07 05:54 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2015-12-21 17:34 - 2015-12-07 05:53 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2015-12-21 17:34 - 2015-12-07 05:51 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-12-21 17:34 - 2015-12-07 05:51 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2015-12-21 17:34 - 2015-12-07 05:50 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2015-12-21 17:34 - 2015-12-07 05:49 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2015-12-21 17:34 - 2015-12-07 05:48 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2015-12-21 17:34 - 2015-12-07 05:47 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-12-21 17:34 - 2015-12-07 05:45 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-12-21 17:34 - 2015-12-07 05:45 - 00900608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2015-12-21 17:34 - 2015-12-07 05:45 - 00683008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2015-12-21 17:34 - 2015-12-07 05:44 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-12-21 17:34 - 2015-12-07 05:43 - 02598400 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-12-21 17:34 - 2015-12-07 05:43 - 00931328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL
2015-12-21 17:34 - 2015-12-07 05:41 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-12-21 17:34 - 2015-12-07 05:40 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-12-21 17:34 - 2015-12-07 05:40 - 01995776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2015-12-21 17:34 - 2015-12-07 05:40 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2015-12-21 17:34 - 2015-12-07 05:39 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-12-21 17:34 - 2015-12-07 05:38 - 00871936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
2015-12-21 17:34 - 2015-12-07 05:33 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2015-12-21 17:34 - 2015-12-07 05:32 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
2015-12-21 17:34 - 2015-12-01 09:12 - 02152800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2015-12-21 17:34 - 2015-11-24 14:07 - 01817160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-12-21 17:34 - 2015-11-24 13:06 - 01540768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-12-21 17:34 - 2015-11-24 12:26 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-12-21 17:34 - 2015-11-24 12:01 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2015-12-21 17:34 - 2015-11-24 11:54 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\readingviewresources.dll
2015-12-21 17:34 - 2015-11-24 11:53 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-12-21 17:34 - 2015-11-24 11:45 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshrm.dll
2015-12-21 17:34 - 2015-11-24 11:37 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2015-12-21 17:34 - 2015-11-24 11:26 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2015-12-21 17:34 - 2015-11-24 11:19 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2015-12-21 17:34 - 2015-11-24 11:12 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2015-12-21 17:34 - 2015-11-24 10:58 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-12-21 17:34 - 2015-11-24 10:55 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-12-21 17:34 - 2015-11-24 10:54 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2015-12-21 17:34 - 2015-11-24 10:52 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2015-12-21 17:34 - 2015-11-24 10:49 - 01648640 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2015-12-21 17:34 - 2015-11-24 10:14 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2015-12-21 17:34 - 2015-11-24 10:03 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-12-21 17:34 - 2015-11-24 09:59 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2015-12-21 17:34 - 2015-11-24 09:57 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2015-12-21 17:34 - 2015-11-24 09:29 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-12-21 17:34 - 2015-11-24 09:04 - 02155008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-12-21 17:34 - 2015-11-22 12:47 - 07476576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-12-21 17:34 - 2015-11-22 12:47 - 02653816 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-21 17:34 - 2015-11-22 12:41 - 01859448 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-12-21 17:34 - 2015-11-22 12:41 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-12-21 17:34 - 2015-11-22 12:35 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2015-12-21 17:34 - 2015-11-22 12:34 - 00080600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwapi.dll
2015-12-21 17:34 - 2015-11-22 12:33 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2015-12-21 17:34 - 2015-11-22 12:33 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2015-12-21 17:34 - 2015-11-22 12:33 - 00051680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsUtilsV2.dll
2015-12-21 17:34 - 2015-11-22 12:30 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-12-21 17:34 - 2015-11-22 12:30 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-12-21 17:34 - 2015-11-22 12:26 - 00431232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2015-12-21 17:34 - 2015-11-22 12:25 - 00063528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wwapi.dll
2015-12-21 17:34 - 2015-11-22 12:24 - 02772584 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2015-12-21 17:34 - 2015-11-22 12:20 - 00795840 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-12-21 17:34 - 2015-11-22 12:19 - 00440160 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-12-21 17:34 - 2015-11-22 12:14 - 02185840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2015-12-21 17:34 - 2015-11-22 12:00 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2015-12-21 17:34 - 2015-11-22 12:00 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosResource.dll
2015-12-21 17:34 - 2015-11-22 11:57 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MapControls.dll
2015-12-21 17:34 - 2015-11-22 11:57 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCoreRes.dll
2015-12-21 17:34 - 2015-11-22 11:57 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosTrace.dll
2015-12-21 17:34 - 2015-11-22 11:57 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosHost.dll
2015-12-21 17:34 - 2015-11-22 11:56 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2015-12-21 17:34 - 2015-11-22 11:56 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2015-12-21 17:34 - 2015-11-22 11:56 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ihvrilproxy.dll
2015-12-21 17:34 - 2015-11-22 11:56 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\rilproxy.dll
2015-12-21 17:34 - 2015-11-22 11:55 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManagerProxy.dll
2015-12-21 17:34 - 2015-11-22 11:55 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll
2015-12-21 17:34 - 2015-11-22 11:54 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ETWCoreUIComponentsResources.dll
2015-12-21 17:34 - 2015-11-22 11:54 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\capimg.sys
2015-12-21 17:34 - 2015-11-22 11:54 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2015-12-21 17:34 - 2015-11-22 11:54 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2015-12-21 17:34 - 2015-11-22 11:54 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsplib.dll
2015-12-21 17:34 - 2015-11-22 11:54 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-12-21 17:34 - 2015-11-22 11:54 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2015-12-21 17:34 - 2015-11-22 11:54 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll
2015-12-21 17:34 - 2015-11-22 11:54 - 00003072 ____N (Microsoft Corporation) C:\WINDOWS\system32\MapControlStringsRes.dll
2015-12-21 17:34 - 2015-11-22 11:52 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2015-12-21 17:34 - 2015-11-22 11:52 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
2015-12-21 17:34 - 2015-11-22 11:52 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2015-12-21 17:34 - 2015-11-22 11:52 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2015-12-21 17:34 - 2015-11-22 11:51 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2015-12-21 17:34 - 2015-11-22 11:51 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2015-12-21 17:34 - 2015-11-22 11:51 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2015-12-21 17:34 - 2015-11-22 11:51 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll
2015-12-21 17:34 - 2015-11-22 11:51 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2015-12-21 17:34 - 2015-11-22 11:50 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssign32.dll
2015-12-21 17:34 - 2015-11-22 11:49 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2015-12-21 17:34 - 2015-11-22 11:49 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2015-12-21 17:34 - 2015-11-22 11:49 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wwanpref.dll
2015-12-21 17:34 - 2015-11-22 11:48 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosResource.dll
2015-12-21 17:34 - 2015-11-22 11:46 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2015-12-21 17:34 - 2015-11-22 11:45 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2015-12-21 17:34 - 2015-11-22 11:45 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-12-21 17:34 - 2015-11-22 11:45 - 00264192 _____ (Nokia) C:\WINDOWS\system32\NmaDirect.dll
2015-12-21 17:34 - 2015-11-22 11:45 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-12-21 17:34 - 2015-11-22 11:45 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MapControls.dll
2015-12-21 17:34 - 2015-11-22 11:45 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll
2015-12-21 17:34 - 2015-11-22 11:45 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCoreRes.dll
2015-12-21 17:34 - 2015-11-22 11:45 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosTrace.dll
2015-12-21 17:34 - 2015-11-22 11:45 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosHost.dll
2015-12-21 17:34 - 2015-11-22 11:44 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2015-12-21 17:34 - 2015-11-22 11:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2015-12-21 17:34 - 2015-11-22 11:43 - 00704000 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
2015-12-21 17:34 - 2015-11-22 11:43 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-12-21 17:34 - 2015-11-22 11:43 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2015-12-21 17:34 - 2015-11-22 11:43 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthManagerProxy.dll
2015-12-21 17:34 - 2015-11-22 11:42 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-12-21 17:34 - 2015-11-22 11:42 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2015-12-21 17:34 - 2015-11-22 11:42 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ETWCoreUIComponentsResources.dll
2015-12-21 17:34 - 2015-11-22 11:42 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2015-12-21 17:34 - 2015-11-22 11:42 - 00003072 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlStringsRes.dll
2015-12-21 17:34 - 2015-11-22 11:41 - 01814528 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2015-12-21 17:34 - 2015-11-22 11:41 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2015-12-21 17:34 - 2015-11-22 11:40 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2015-12-21 17:34 - 2015-11-22 11:40 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2015-12-21 17:34 - 2015-11-22 11:40 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2015-12-21 17:34 - 2015-11-22 11:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
2015-12-21 17:34 - 2015-11-22 11:39 - 02126848 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-12-21 17:34 - 2015-11-22 11:39 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2015-12-21 17:34 - 2015-11-22 11:39 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2015-12-21 17:34 - 2015-11-22 11:39 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-12-21 17:34 - 2015-11-22 11:39 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2015-12-21 17:34 - 2015-11-22 11:39 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-12-21 17:34 - 2015-11-22 11:39 - 00783360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-12-21 17:34 - 2015-11-22 11:39 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2015-12-21 17:34 - 2015-11-22 11:39 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2015-12-21 17:34 - 2015-11-22 11:39 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2015-12-21 17:34 - 2015-11-22 11:39 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2015-12-21 17:34 - 2015-11-22 11:38 - 01223168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-12-21 17:34 - 2015-11-22 11:38 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-12-21 17:34 - 2015-11-22 11:38 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-12-21 17:34 - 2015-11-22 11:38 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2015-12-21 17:34 - 2015-11-22 11:38 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssign32.dll
2015-12-21 17:34 - 2015-11-22 11:37 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2015-12-21 17:34 - 2015-11-22 11:37 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-12-21 17:34 - 2015-11-22 11:37 - 00515584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2015-12-21 17:34 - 2015-11-22 11:36 - 01042432 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2015-12-21 17:34 - 2015-11-22 11:34 - 02843136 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2015-12-21 17:34 - 2015-11-22 11:34 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2015-12-21 17:34 - 2015-11-22 11:34 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2015-12-21 17:34 - 2015-11-22 11:34 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2015-12-21 17:34 - 2015-11-22 11:34 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2015-12-21 17:34 - 2015-11-22 11:34 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2015-12-21 17:34 - 2015-11-22 11:33 - 00205824 _____ (Nokia) C:\WINDOWS\SysWOW64\NmaDirect.dll
2015-12-21 17:34 - 2015-11-22 11:32 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2015-12-21 17:34 - 2015-11-22 11:32 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-12-21 17:34 - 2015-11-22 11:31 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2015-12-21 17:34 - 2015-11-22 11:31 - 00470528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-12-21 17:34 - 2015-11-22 11:31 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2015-12-21 17:34 - 2015-11-22 11:29 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2015-12-21 17:34 - 2015-11-22 11:28 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-12-21 17:34 - 2015-11-22 11:28 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2015-12-21 17:34 - 2015-11-22 11:28 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-12-21 17:34 - 2015-11-22 11:28 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2015-12-21 17:34 - 2015-11-22 11:28 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2015-12-21 17:34 - 2015-11-22 11:28 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-12-21 17:34 - 2015-11-22 11:28 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2015-12-21 17:34 - 2015-11-22 11:28 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-12-21 17:34 - 2015-11-22 11:28 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2015-12-21 17:34 - 2015-11-22 11:27 - 02049024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-12-21 17:34 - 2015-11-22 11:27 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2015-12-21 17:34 - 2015-11-22 11:27 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2015-12-21 17:34 - 2015-11-22 11:27 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2015-12-21 17:34 - 2015-11-22 11:27 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2015-12-21 17:34 - 2015-11-22 11:26 - 03355136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-12-21 17:34 - 2015-11-22 11:26 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-12-21 17:34 - 2015-11-22 11:26 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2015-12-21 17:34 - 2015-11-22 11:26 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2015-12-21 17:34 - 2015-11-22 11:25 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-12-21 17:34 - 2015-11-22 11:25 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2015-12-21 17:34 - 2015-11-22 11:24 - 02647552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-12-21 17:34 - 2015-11-22 11:24 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2015-12-21 17:34 - 2015-11-22 11:24 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2015-12-21 17:34 - 2015-11-22 11:24 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2015-12-21 17:34 - 2015-11-22 11:23 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2015-12-21 17:34 - 2015-11-22 11:20 - 01860096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2015-12-21 17:34 - 2015-11-22 11:18 - 01505280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-12-21 17:34 - 2015-11-22 11:18 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2015-12-21 17:34 - 2015-11-22 11:18 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2015-12-21 17:34 - 2015-11-22 11:17 - 02680320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-12-21 17:34 - 2015-11-22 11:17 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-12-21 17:34 - 2015-11-22 11:11 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2015-12-21 17:34 - 2015-11-21 08:21 - 00809312 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2015-12-21 17:34 - 2015-11-21 08:02 - 00704352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2015-12-21 17:34 - 2015-11-21 07:44 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-AppModelExecEvents.dll
2015-12-21 17:34 - 2015-11-21 07:29 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2015-12-21 17:34 - 2015-11-21 07:07 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 22572632 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 21125408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 02001408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00969728 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00911648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00803840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00791552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00698208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00675064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-12-21 13:09 - 2015-12-21 13:09 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00586208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00586080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00578912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-12-21 13:09 - 2015-12-21 13:09 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-12-21 13:09 - 2015-12-21 13:09 - 00536768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00523616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2015-12-21 13:09 - 2015-12-21 13:09 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2015-12-21 13:09 - 2015-12-21 13:09 - 00516544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00511320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00454056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2015-12-21 13:09 - 2015-12-21 13:09 - 00408128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00405048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2015-12-21 13:09 - 2015-12-21 13:09 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-12-21 13:09 - 2015-12-21 13:09 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2015-12-21 13:09 - 2015-12-21 13:09 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-12-21 13:09 - 2015-12-21 13:09 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00110032 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00088392 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00073360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.proxy.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2015-12-21 13:09 - 2015-12-21 13:09 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00035680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wimmount.sys
2015-12-21 13:09 - 2015-12-21 13:09 - 00035656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
2015-12-21 13:09 - 2015-12-21 13:09 - 00032040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfpmp.exe
2015-12-21 13:09 - 2015-12-21 13:09 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringconfigsp.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2015-12-21 13:09 - 2015-12-21 13:09 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.proxy.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\IcsEntitlementHost.exe
2015-12-21 13:09 - 2015-12-21 13:09 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00003072 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2015-12-21 13:09 - 2015-12-21 13:09 - 00003072 ____N (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2015-12-21 13:04 - 2015-10-23 17:47 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-12-21 13:04 - 2015-10-23 17:47 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-12-21 13:04 - 2015-10-23 17:47 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-12-21 13:04 - 2015-10-23 17:46 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-12-21 13:04 - 2015-10-23 17:46 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-12-21 13:04 - 2015-10-23 17:45 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-11 18:17 - 2015-07-14 08:30 - 00000000 ___RD C:\Users\Vesa\OneDrive
2016-01-11 18:16 - 2015-10-14 12:18 - 00000000 __SHD C:\Users\Vesa\IntelGraphicsProfiles
2016-01-09 12:09 - 2015-11-28 15:55 - 00000000 ____D C:\Users\Vesa\Documents\MyHeritage
2015-12-22 16:28 - 2015-07-06 13:21 - 00000000 __RHD C:\Users\Public\AccountPictures
2015-12-22 13:23 - 2015-08-02 23:44 - 00000000 ___HD C:\$SysReset
2015-12-22 12:17 - 2015-11-26 16:11 - 00000000 ____D C:\Users\Vesa\.VirtualBox

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-08 16:30

==================== End of FRST.txt ============================
humanerror
Regular Member
 
Posts: 54
Joined: October 14th, 2008, 8:36 am

Re: Malware after ending Avast license

Unread postby Firefly » January 12th, 2016, 11:45 am

Any further pop-ups when using Edge?
User avatar
Firefly
Regular Member
 
Posts: 949
Joined: March 5th, 2014, 4:33 pm

Re: Malware after ending Avast license

Unread postby humanerror » January 12th, 2016, 3:48 pm

No pop-ups there either.
humanerror
Regular Member
 
Posts: 54
Joined: October 14th, 2008, 8:36 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 297 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware